Computer Support Forum

TDSS infection preventing updates to MalwareBytes/Internet connection

Question: TDSS infection preventing updates to MalwareBytes/Internet connection

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit causing the connection problem and 2.) How can it be removed?I've attached the DDS file, as well as GMER log. (Which looks a hot mess, honestly, in my non-professional opinion.) Both were created while the infected computer was running in Safe Mode with Networking.I apologize if I sound like I'm going in circles. I won't pretend I understand the specifics of what's going on with this silly thing, but I can at least follow your well-written directions to bring it to the experts. Also, first time posting on any sort of forum site like this. <b>DDS Log</b>.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.7600.16385Run by Joshua at 13:50:46 on 2012-01-08Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1460 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\windows\helppane.exeC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dllmURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "c:\users\joshua\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [<NO NAME>] mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HP CP1020 System Tray] "c:\program files\hp\hp laserjet professional cp1020 series\HPCP1020STRAY.EXE"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exemRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [ghxSJLETyoE.exe] c:\programdata\ghxSJLETyoE.exemRun: [flsmdOrhJk.exe] c:\programdata\flsmdOrhJk.exemRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\watson\mbam.exe" /runcleanupscriptmRunOnce: [GrpConv] grpconv -omRunOnce: [Malwarebytes' Anti-Malware] c:\program files\watson\mbamgui.exe /install /silentdRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounddRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_ActiveX.exe -update activexmPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)dPolicies-system: DisableTaskMgr = 1 (0x1)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D}\147425F63756D27457563747E45647 : DhcpNameServer = 66.94.70.210 66.94.70.218 66.94.70.202TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D}\2454454595F5E4564777F627B6 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D}\84F6D65602E4564777F627B6 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D}\D61647470216E6460256D60207C65737021303 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62TCP: Interfaces\{8F4FB4F3-3C7F-4F97-BB27-448A4EBF696D}\F4754475C414E4 : DhcpNameServer = 216.136.95.2 64.132.94.250TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\joshua\appdata\roaming\mozilla\firefox\profiles\7dbf6yek.default\FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dllFF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLLFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\joshua\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtnFF - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected] - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected]============= SERVICES / DRIVERS ===============.R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-22 167936]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-22 176128]S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-22 171520]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-22 51512]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400].=============== Created Last 30 ================.2012-01-07 01:04:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-01-07 01:04:47 -------- d-----w- c:\program files\Watson2012-01-01 23:31:10 -------- d-----w- c:\windows\system32\sda2011-12-15 06:58:53 534528 ----a-w- c:\windows\system32\EncDec.dll2011-12-15 06:58:47 38912 ----a-w- c:\windows\system32\csrsrv.dll2011-12-15 06:58:45 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-12-15 06:58:45 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe2011-12-10 08:00:05 -------- d-----w- c:\users\joshua\appdata\roaming\com.adobe.dmp.contentviewer.==================== Find3M ====================.2012-01-06 17:13:00 338944 ----a-w- c:\windows\system32\drivers\afd.sys2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-10-30 14:07:58 2219008 ----a-w- c:\windows\bsdsetup.dll.============= FINISH: 13:54:12.63 ===============

Relevance 100%
Preferred Solution: TDSS infection preventing updates to MalwareBytes/Internet connection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.It would also be wise to contact those same financial institutions to appraise them of your situation.I highly suggest you take a look at the two links provided below:1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?2. When should I re-format? How should I reinstall?We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.NEXT:Running TDSSKillerDownload the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorMirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtras.txt <-- Will be minimizedPlease let me know how the above scans go.Kindest Regards,ST

18 more replies
Relevance 85.28%

The laptop won't connect to the Internet (it connects to the notwork, but wont connect to the Internet). I did a malwarebytes scan and it had 21 infections, and I "fixed" them all with malwarebytes, but it still won't connect to the Internet.

I know it's not a network issue or anything on my end, because I have 4 other computers and my cellphone all hooked to the same Internet and none of them are having issues.

Here's my hijack this log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:30 PM, on 3/18/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 ... Read more

More replies
Relevance 74.21%

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

Answer:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 67.24%

Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks

Answer:Automatic updates now preventing access to internet

Quote:





Originally Posted by duncan hill


Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks




I have a similar problem. Bun not from automatic updates. I updated Adobe reader(it says "Install security update). Since then It appeared in system Tray an yellow triangle with an exclamtion mark on it. If I click on it, it disappears, but my network connection has stopped working. It connects normaly, but the computer works like it would not be connected to the Internet. I unistaled the update, but the problem reappeard after 2-3 days. Now it looks that it is all OK, but I do not know what am I suposed to do.

7 more replies
Relevance 66.83%

Hi, I recently had spyware on my computer. I've used Malware Bytes for awhile now so I ran a full scan of my computer overnight, and the next morning cleaned the infections. When I restarted my computer it got stuck in an infinite boot loop. I repaired windows and now my computer is fine, but my Firefox google search is hijacked to go to something like search.search-go.net.

Also, I am having trouble with programs connecting to the internet. My internet works fine, but is a little sluggish. For example, I use World of Warcraft and when I start the launcher, it won't connect to the news server, but the game runs fine. I also have a program called Curse that needs to connect to the internet but can't establish a connection. I have a few other programs that use updaters, but fail to connect to the internet.

I know its the spyware preventing these programs access. Help?
-Thanks

Answer:Ghost infection preventing programs from accessing the internet

Alrighty, so the virus finally revealed itself as Antivirus IS. The problem is, I can barely run any programs now. Malware Bytes won't run, even if i rename it. It just says its infected and asks if I want to run my antispyware

1 more replies
Relevance 66.42%

For some reason, whenever windows 8.1 updates, internet explorer stops working. Every time I try to get on the internet, I just keep getting a message that 'this page cannot be displayed'. Skype still works, so the problem seems to be internet explorer itself.

I have decided to switch to google chrome to fix the problem, but I can't do so without getting on the internet.

I would like to restore the computer to a point in which it worked, and I have one restore point which I'm certain will work, but the problem is, immediately after restoring, windows automatically updates, which kind of undermines the entire purpose of the restore. I have tried changing the update settings so it will restore without updating, but as soon as the system restores, my changes are undone and windows then proceeds with the stupid updates.

I just want to get on the internet somehow to install google chrome! (and no, I can't just copy and paste from the computer I'm currently on because this one has windows 7).

Any ideas?

Thanks,
smile puppy

Answer:Windows Updates Preventing Internet Explorer from Running!

Unplug your router, then do your system restore. You then have as much time as you need to configure Windows Update not to auto check.

2 more replies
Relevance 65.19%

I've tried everything I know how to do (which admittedly isn't much) and I'm hoping someone can help. I've run Spybot, Malwarebytes, and AVG. They all say they detected something called Astromedia and removed it, but now my computer is running worse than when I started. Every time I open my browser or a new tab it acts like it's not connected to the Internet until I reload multiple times. Can someone please help? My system info is below.
Thank you!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5609 Mb
Graphics Card: AMD Radeon HD 7660G, 512 Mb
Hard Drives: C: Total - 590202 MB, Free - 403986 MB; D: Total - 19972 MB, Free - 2166 MB;
Motherboard: Hewlett-Packard, 18A6
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled
 

More replies
Relevance 65.19%

Let me start by saying I already started in the "Am I infected" forum and they told me to start a new post in here. The link to my thread over there is: Internet access shuts down right after loginI sure would appreciate your help!Here is my DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21Run by Alan at 20:44:04 on 2011-09-23Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2251 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalSe... Read more

Answer:Malware preventing internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420238 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

30 more replies
Relevance 65.19%

Hi to al
I am having difficulties everytime I connect to the internet the pc generates an error message something to do with services.exe and then the computer hangs. The computer wont restart even into safe mode. Have tried running mcafee but to get dat updates needed an intrenet connection (no go). Have got to the desperate stage - surfed ur site on a laptop but couldn't really follow too much cos computer wouldn't restart.
Got desperate and reinstalled xp sp1 2002 and installed mcafee and ran scan - picked up some cookies and that was about it. Installed and ran adaware and picked up 10 registry problems. Deleted them and wanted to run hijack this to send in a report for you BUT here's the problem - I cant get a clean copy!!!!!! Mcafee keeps telling me its infected with w32/generic.worm!p2p virus...... so..... what gives??? Where do I go from here!? I'm all ears for any help I can get.
I'll post this and hope for a reply from anybody who could offer me some assistance.
Thanks in advance!
Toss
 

More replies
Relevance 65.19%

Dear Tech Support Forum,

A couple of months ago I got a virus on my laptop. I was aware of it when it first showed up, I suddenly had an icon on my desktop for something like "Windows Live Protection" and it had the same icon as the virus protection I was using which was BT Net Proction by McAfee. I tried to delete the program via the uninstall program in the control panel, this had mixed results so I scanned the laptop with the virus software. It recognised one threat and when I told the software to fix it the laptop went into a sort of "lock-down" where all ports of communication were closed i.e. internet/network connection was inactive, CD/DVDs were not regognised and USB connectors didn't come up.

Since this I have logged on in safe mode and run Malwarebytes which recognised one threat and removed it but this hasn't changed much. The the Windows live protection has gone but a sheild icon with yellow and blue squares has appreared on a few of the desktop icons, this wasn't there before. Now the desktop (not in safe mode) has a message in the corner saying "Windows 7, Build 7601, This copy of windows is not genuine" and I can't use the Malwarebytes, the messge that comes up says "the specified service does not exist as an installed service", though the BT Net Protect didn't recognise any threats. I tried to uninstall the BT when I got the Malwarebytes but it wouldn't let me giving the same message as trying to open the malwareb... Read more

Answer:Virus preventing internet connection

Please run the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In... Read more

19 more replies
Relevance 65.19%

I am running Windows XP SP3, with the latest version of Firefox. I am using Bellsouth Fastaccess DSL. My antivirus is Norton, and could not find any issues. My computer is connected to the wireless network, with excellent signal strength. I have tried repairing the connection and using IE, but neither have worked. My laptop and other computer can both connect to the Internet. Other things that I have noticed: SUPERAntispyware and Spybot Search and Destroy have both stopped working. I have also posted this on the Web Browsing forum. Thank you for your help!

Answer:Malware preventing connection to Internet?

Please just keep it to one forum for nowIf we can't fix you here then you can post thereSee if you can access Safe mode w/networkingorYou can burn to a CD or download to a thumb drive the tools I am going to have you useDouble-check that Spybot's Teatimer function is disabled----------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all th... Read more

11 more replies
Relevance 64.37%

joined the forum to see if anyone had a solution to a problem i have come across over the past couple of days. after having not used my laptop for a couple of days i turned it on and tried to access the internet as normal. however, although my laptop connects to the router, it says there is no internet access. other computers on the network have no problems accessing the internet so it is just mine. also, when i try to run a virus scan using mcafee, it states that an error has occured and stops before it even begins. this is why i believe it to be a virus. i downlooaded malware bytes however it cannot update and when i scan it says there is no malware detected. i was wondering would anyone be able to help with my problem?

Answer:virus preventing internet connection and scan

Run Hijack This & post the log.How do you know when a politician is lying? His mouth is moving.

7 more replies
Relevance 64.37%

Can anybody help me with services.exe virus that blocks internet connection?

Answer:services.exe virus preventing internet connection

services.exe - services - Process Information
services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of ...

Here is the link
www.liutilities.com/products/wintaskspro/processlibrary/services ?

Looking at your post sevices exe is part of the above does not come up as a virus

2 more replies
Relevance 64.37%

Hi.  I am helping a friend remove malware.  She is using Windows 10, 64 bit.  The symptoms were the inability to connect to the internet.  I booted into safe mode with networking and was still unable to connect to the internet.  I tried troubleshooting the connection using Windows built in troubleshooter.  The "unidentified Network" message persists.  I ran a program called "CleanUp!" to clear temp files, history, etc.  I ran Malwarebytes, Spybot, and Hitman Pro.  A slew of files and reg entries were found and removed.  There are some entries that keep returning when scanning with Spybot and rebooting.  I am now able to connect to the internet in Safe Mode with Networking.  Though, still unable to connect in normal mode.  I have ran FRST as directed.  I will include the following in the post: Spybot report, FRST.txt, and Addition.txt.  Thank you in advance for the assistance.
 
***Search results from Spybot - Search & Destroy***
 
1/20/2018 2:20:53 PM
Scan took 01:16:39.
7 items found.
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-612429805-3072876167-3422260051-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, noth... Read more

Answer:Unknown Malware preventing internet connection

Greetings davsnotn and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

8 more replies
Relevance 63.55%

Hello everyone, and thanks in advance for the assistance.

I was running AVG 9.0 (free version) when I got a warning message that a virus was detected. I think I clicked on a questionable link while searching for forum posts on college admission essays. It seemed AVG had taken care of it, but then I started to hear weird audio files play in the background and my webbrowser kept taking me to a anti-spyware site. I opened AVG again and all the options had been removed, i.e., the program opened but there was no option to run a scan or update. I then ran Adaware which came up clean. I was able to install Panda Cloud antivirus, but it wouldn't function properly.

I've since restarted my computer but now I have found that even though I detect a wireless connection, IE willnot open any pages. I downloaded Avira Antivirus and the latest update on a separate computer (the one I am using now) and saved it to a thumbdrive. I then tried opening the program on the infected computer. I was able to install it, but cannot open it. I see avcenter.exe running in my task manager, but no window comes up.

I also see iexplore.exe in my task manager but I don't have IE open. I also see GrooveMonitor.exe. Are both of these spyware?

Any suggestions on what I should do from here? I've downloaded Combofix but am waiting to run it until someone can give me some clear advise.

Thank you.

Answer:Virus preventing antivirus scans and internet connection

Hello I am moving this to Am I infected from Win 2000If you now have 2 AV's running you need to remove one.Now run RKill.... Then MBAM and AvirraPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished,... Read more

1 more replies
Relevance 63.55%

UPDATE: My browser is continually taken to spywareprotectionplus.com, which google tells me is associated with the zlob trojan. Any tips on how to remove this? Thank you for the help.
Hello everyone, and thanks in advance for the assistance.

I was running AVG 9.0 (free version) when I got a warning message that a virus was detected. I think I clicked on a questionable link while searching for forum posts on college admission essays. It seemed AVG had taken care of it, but then I started to hear weird audio files play in the background and my webbrowser kept taking me to a anti-spyware site. I opened AVG again and all the options had been removed, i.e., the program opened but there was no option to run a scan or update. I then ran Adaware which came up clean. I was able to install Panda Cloud antivirus, but it wouldn't function properly.

I've since restarted my computer but now I have found that even though I detect a wireless connection, IE willnot open any pages. I downloaded Avira Antivirus and the latest update on a separate computer (the one I am using now) and saved it to a thumbdrive. I then tried opening the program on the infected computer. I was able to install it, but cannot open it. I see avcenter.exe running in my task manager, but no window comes up.

I also see iexplore.exe in my task manager but I don't have IE open. I also see GrooveMonitor.exe. Are both of these spyware?

Any suggestions on what I should do from here? I've downloaded ... Read more

More replies
Relevance 63.55%

About a week ago, I became unable to use the internet at my current home. ISP is Time Warner.

The strange thing is, according to Windows, I am connected to the Internet with no problems. I am sometimes able to load half a page and on occasion, will load a page completely after a long wait. Typically though, I will be unable to connect.

Another interesting aspect to this problem is that it is only affecting me at my home. At friends houses and my University, I am able to use their internet with no issue.

I concluded it was likely on my end due to Avast flagging suspicious .tmp files around the time the problem first arose.

I have attached the files requested.

Thank you for the help.
 

Answer:Malware possibly preventing proper internet connection

Welcome to Major Geeks!





kbaar said:





Another interesting aspect to this problem is that it is only affecting me at my home. At friends houses and my University, I am able to use their internet with no issue.Click to expand...

Then the problems may not all be on your PC. If it was then it would happen everywhere you use it.

However there are something items we need to clean up.

First do you know if the below are legit on your PC? Hitman had an issue with them.

C:\Program Files (x86)\GOG.com\Rayman 2\Rayman2.exe
C:\Users\Jack\AppData\Roaming\.minecraft\WmiPrv\WmiPrvSE.exe

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
Java 7 Update 17

Now install the current version of Sun Java from:

Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.
Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not i... Read more

7 more replies
Relevance 62.73%

Hi !I seem to have a TDSS Rootkit infecting my Atapi.sys file. Tried the TDSSKiller from kaspersky, and it detects the rootkit, but while it says reboot to delete, its detected anyway after the reboot.In safe mode, as well as safe mode with command prompt, it does not detect any TDSS rootkit at all.The machine is a Toshiba Satellite laptop dualbooting Vista and Ubuntu Linux (9.10 Karmic)Currently I have AVG 9.0, Avira, SpyBot SD and MBAM installed. Windows Vista Firewall has always been on.I usually spend about 40% of my time in Windows, with 60% in Ubuntu, going online through both.My system is not exhibiting any of the more severe symptoms I read in the forums - redirected search results, blocked AV updates, etc. I only checked for rootkits because Chrome wouldnt do anything. Further on, though, I was getting warnings and errors from MBAM as well as Avira every some time, on various trojans, etc.However, since detecting this rootkit, and reading through your forums and guidelines, I turned off my laptop's WiFi switch when in Windows, going online only through my Ubuntu boot. I am assuming(correctly, I hope) that my Ubuntu system is safe, and immune to the rootkit, so I can use it to go online as well as do other work. With the WiFi turned off in Windows, I haven't got any warnings from MBAM or Avira.I put up this problem initially in the "Am I infected? What do I do?" forum, where I have been directed by boopme to send in my DDS and Gmer logs. DDS log below. Do you need th... Read more

Answer:TDSS Rootkit infection. TDSS Killer failed.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.GmerDownload GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning about rootkit activity and asks if you want to run scan...click on NOIn the right panel, you will see several boxes that have been checked. Uncheck the following ...IAT/EATDrives/Partition other than Systemdrive (typically C:&... Read more

3 more replies
Relevance 61.5%

Hey there, running Windows XP SP3. Managed to get Windows Recovery, which I've successfully removed. Along with it, however, came what I believe is TDSS. TDSS.killer is failing (I can't get it to run no matter what the name/location/download scheme). Booting into safe mode failed to grant any benefit. Advice would be greatly appreciated.

Note: This PC runs an installation of Micros, a POS system for restaurants and retail. In some of the reports below you'll see hijack flags for processes/IPs associated with this program. These are not malware, and are required.

GMEP also failed, partially. I received an error: uxrdypob.sys error 0xc000010E cannot create a stable subkey under a volatile parent key, and then opened GMEP to see only Services, Registry, Files, and ADS available -- the rest were grayed out. I ran the scan anyway, which came up negative.

Thanks in advance -- I really appreciate this.

DDS.TXT:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by administrator at 19:46:14 on 2011-10-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.450 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.69\GoogleCrashH... Read more

Answer:TDSS infection (TDSS.killer failed)

Hi,Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.jedi

2 more replies
Relevance 61.5%

I am able to access my internet through my web browser but i cannot get any other programs such as online games and AIM to access the internet.
 

Answer:I cannot access the internet after malware infection/malwarebytes removal

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 60.27%

Do you guys only help with windows? I have read the threads that solve this problem for windows operating systems but cannot find anything for OS X
 

More replies
Relevance 60.27%

Since using malwarebytes to remove malware my internet connection just wont work.
If I ping any sites it just wont give me a response.

I've attached a FRST scan log.
 

Answer:No internet connection after using malwarebytes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

2 more replies
Relevance 60.27%

ran malwarebytes chameleon from the safe mode because couldn't get any other way to run and it found 68 issues. quarantined them and deleted them. restarted computer and google chrome just hangs when trying to load. Cannot get any internet connection.
 

Answer:Ran Malwarebytes now no internet connection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

0 more replies
Relevance 59.86%

Hi,

One of my Pc's (Dads) has got a serious malware infection. ive used malwarebytes and quarentined several problems. they appear to keep on popping up again though. should i delete them from quarentine? (smss.exe, multiple svchost, win 32 problems etc)

also i obvously need to update malwarebytes but the internet connection, while connected is unresponsive.
is there a way to save the update to a memory stick?

ive dealt with many viruses etc in my time, but without an internet connection im stuck.

the internet connection, as it is a broadband connection requiring log in details wont connect in safe mode, unless im missing something.

Help would be sincearly appreciated! in the past i have been able to use other posts for my solutions, but this one has got me by the... well you know what.

Answer:How do i update malwarebytes without an internet connection?

ok, some new info, the malware has diabled my firewall.

also exactly the same versions of exactly the same problems keep re-appearing on the pc upon re-starting.

any help would be appreciated.

3 more replies
Relevance 59.86%

Hi, first time here. Unfortunately, I am having an issue finding my router and internet connect via Wi-Fi after I installed and ran Malwarebytes. It simply cannot find anything. I have been working on this for several days trying everything I can. My primary computer cannot access internet so I am using a secondary computer to work on my computer. I followed these steps listed here http://www.bleepingcomputer.com/forums/t/544374/cannot-connect-to-wifi-after-installing-malwarebytes-what-to-do-now/ but unfortunately, I was unable to successfully reconnect. I have a list of logs as mentioned by what was submitted on the other forum, and I can post these.
 
I have noticed that in the last log it says "RegSvr32.exe: winhttp.dll' Module loaded but entry-point DllRegisterServer was not found" and I am wondering if that may be the issue. I've tried to research this, and have tried to follow some instructions to adjust this via CMD, but I am having no luck.
 
Thank you so much for your help in advance and please let me know if I can add the logs. I tried it once already and it would not post the topic and simply timed out.

Answer:Installed malwarebytes and no internet connection - please help

I am using Windows 7 Ultimate

2 more replies
Relevance 59.86%

i All,
 
This is my first time here and I appreciate any help that anyone can provide. I followed the steps exactly on this thread
 
I show no connection to Wi-Fi or to any router. In my network and sharing, it simply does not show any networks. I am going to list all of my logs and hope that this is helpful to anyone who can assist. I did notice at the bottom of the very last log it says "RegSvr32.exe: winhttp.dll' Module loaded but entry-point DllRegisterServer was not found." Does anyone know if that would prevent my computer from finding the router?
 
Thank you in advance!
 
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Justin (administrator) on 13-10-2016 at 17:12:50
Running from "C:\Users\Justin\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: Latitude E6520 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
======... Read more

More replies
Relevance 59.86%

Please help! I can't connect to the internet in ant browser even though all my other devices work perfectly. I deleted a bunch of PUPs that I didn't even know if they were important. Why does Malwarebytes do this? Is it a matter of recovering the deleted files? Thanks in advance for the help.
 

Answer:No internet connection in browsers after using Malwarebytes

Sorry, I forgot uploading the Addition file
 

6 more replies
Relevance 59.86%

I done a malwarebytes scan today after i saw some ads showing up although i had ad block, after doing my scan and deleting the found issue i could no longer access applications which require internet although my internet is fully working. I tried doing a pc restore but nothing changed, so i converted it back to the original. Help will be highly appreciated.  

Answer:Ran malwarebytes and then i lost internet connection

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
Click
In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
 ... Read more

42 more replies
Relevance 59.86%

I ran Malwarebytes on my father-in-law's laptop this morning and quarantined 96 potential non-malware threats. Internet connection was lost after reboot following Malwarebytes scan and quarantine. I am also receiving constant pop up boxes indicating Bad Image for multiple .exe files related to the file path C:\Windows\system32\ColorMedia.dll. I have attached a screen shot of one of the pop up boxes plus the Malwarebytes scan log from this morning.
 

Answer:No Internet Connection After Running Malwarebytes

Hello,

You're missing FRST reports.
 

14 more replies
Relevance 59.86%

My internet connection stopped after running Malwarebytes for the second time. I followed your instructions and attached are the FRST.txt and Addition.tst files. Any help would be much appreciated. Thanks.
 

Answer:No Internet Connection After Running Malwarebytes

Hello,

Is this enterprise/business machine?
 

1 more replies
Relevance 59.04%

What do I do to reconnect to the Internet, then be sure that DNSUnlocker has been completely removed from my system?

P.s. I am aware that a friend used uTorrent on my system. I have since removed it. Could that have caused this problem?
 

Answer:Tried to Remove DNSUnlocker with Malwarebytes, Now No Internet Connection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Relevance 59.04%

Hi there guys, sorry for bringing up the same topic that has been remedied on here quite a few times in the past. Can't seem to solve it myself at the moment.

I will add the logs soon as I will have to re-download the software from another pic as the system restore removed them both.

Also I should add that I attempted to manually reset my internet registry files in order to recover the network connection, but this did not solve it.

Many thanks!
 

Answer:No internet connection after running adwcleaner and malwarebytes

Hello,

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

3 more replies
Relevance 58.63%

Hi
 
I have made the same post in the Am I infected? thread four days ago but haven't received any help..and I urgently need help.
 
Problems began over a week ago when the computer suddenly started running slowly, particularly during start-up and often prevented the use of applications or programs. I ran ScanDisk and Defrag but this only temporarily fixed the problem. Next, I ran Malwarebytes and it found approx 25 issues. It requested that I reboot to fix everything but after rebooting, BSOD appeared and windows wouldn't start up, even when start up repair was attempted. It only boots up  to the starting windows logo before BSOD appears.
 
The computer is running windows 7 64-bit, approx 2 years old and doesn't have a CD/DVD drive. 
 
Please help!
 
 
Thanks
 
 

Answer:BSOD preventing start up after running Malwarebytes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505008 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 58.63%

Hi all,

Been having some real trouble recently with alot of malware. It seems when I remove some of the harmful files my computer reverts to BSOD within 5 minutes of bootup.

The virus (es?) have hijacked my internet explorer and take me to webpages that arent at all related to what I wanted. It appears TDSSntlv.dll has something to do with this.

I now get messages saying that it is not designed for windows or needs reinstalling whenever I start up or try and open up programs. I try and run MALWAREBYTES anti-malware as an administrator and then the same error comes up saying TDSSntlv.dll has encountered an error. So I have no chance of running the scan.

Same with Norton I try and run the scan but BSOD occurs so it cant finish. I am in the library as I said so will not be able to post log files untill later but is this recoverable do you think?

Please help

Cheers Dom

Answer:TDSSntlv.dll preventing malwarebytes, google problems

Hi Dom, Let's try to run this first.Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

8 more replies
Relevance 58.63%

Okay so I think it started when I tried to download Itunes, and the exe was bundled with stuff(possibly viruses). I got infected with some kind of red.exe virus and some other one called file_to_run(and a bunch of numbers).exe. I had AVG antivirus but every time it said it cleaned it the viruses popped back up. So I unintsalled AVG and installed Avast and Comodo firewall. I use Super antispyrware, and it keeps getting adware, but doesn't find anything else. Finally Avast recommended a scan before Windows boots up and supposedly it got Red.exe and the file_to_run virus. But every since then, I cant run or update Malwarebytes. I booted in safemode and let Malwarebytes do its thing and it found 300 things(priv.dog) but I still can not get it to update. It closes and has it has stopped working. I tried to fixes myself awhile back using different trojan removers and stuff but nothing finds anything. I think something may still be infecting the computer and would appreciate any help as I have racked my brain on this and spent a lot of time trying to fix it.
 
Edit: forgot to mention I am using Windows 7
Avast! free(now)
Comodo Free Firewall
 
Thank you in advance

More replies
Relevance 58.63%

It appears as though a virus is preventing Malwarebytes from running, even in safemode.

I downloaded TDSSKiller.exe and there were 4 medium threats -- which are quarantined.

I also downloaded rKill.exe (see log below).

As a final attempt I downloaded combofix and the report is below, but I still can't run MBAM in safemode. Are there any experts that know how I can remove this virus...? Thanks.

------------------------------------------------------------

23:54:19.0399 5960 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:54:19.0664 5960 ============================================================
23:54:19.0664 5960 Current date / time: 2011/12/03 23:54:19.0664
23:54:19.0664 5960 SystemInfo:
23:54:19.0664 5960
23:54:19.0664 5960 OS Version: 6.1.7601 ServicePack: 1.0
23:54:19.0664 5960 Product type: Workstation
23:54:19.0664 5960 ComputerName: ERICANICOLE
23:54:19.0664 5960 UserName: Erica Nicole
23:54:19.0664 5960 Windows directory: C:\Windows
23:54:19.0664 5960 System windows directory: C:\Windows
23:54:19.0664 5960 Running under WOW64
23:54:19.0664 5960 Processor architecture: Intel x64
23:54:19.0664 5960 Number of processors: 8
23:54:19.0664 5960 Page size: 0x1000
23:54:19.0664 5960 Boot type: Normal boot
23:54:19.0664 5960 ============================================================
23:54:20.0959 5960 Initialize success
23:54:28.0415 3216 ============================================================
23:54:28.0415 3216 Scan started
23:54:28.0415... Read more

Answer:Virus is preventing Malwarebytes from running in safemode

I recently recognized that Firefox was hanging -- and the browser would not load a page? So I deleted Firefox and re-installed - the issue persisted.

So, I then attempted to run Malwarebytes -- and it runs for 1-2 seconds and then hangs -- saying "Not Responding."

I then have to restart my computer -- because it hangs my entire computer.

I tried running MBAM in safemode and the same error is occurring. Something is stopping MBAM from scanning and messed up my firefox browser?

Any suggestions? So confused...

3 more replies
Relevance 58.63%

Hi
 
Problems began a week ago when the computer suddenly started running slowly, particularly during start-up and often prevented the use of applications or programs. I ran ScanDisk and Defrag but this only temporarily fixed the problem. Next, I ran Malwarebytes and it found approx 25 issues. It requested that I reboot to fix everything but after rebooting, BSOD appeared and windows wouldn't start up, even when start up repair was attempted.
 
The computer is running windows 7 64-bit, approx 2 years old and doesn't have a CD/DVD drive. 
 
Please help! I don't know what to do next..
 
 
Thanks

Answer:BSOD preventing start up after running Malwarebytes

This topic reported and will be respond soon.
 
Thank you.

25 more replies
Relevance 58.63%

Please help me get my computer to connect to the Internet!
 

Answer:Internet Connection Won't Connect after removing Malware with Malwarebytes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 58.63%

I have recently system defaulted my computer and discovered that when i was on goggle and typed anything in it for ex. hotmail, it would redirect me... I searched the web a bit and found I had to use "Malwarebytes' anti-malware". after the scan I 'removed' the affected registries and things but.... now my internet connection is busted!!! I can't do anything!
With Internet Explorer it says there is a connection problem and with Mozilla Firefox it says that the problem is with the proxy connection... I am very new to this stuff and have no idea as to what to do.
I am going to attach the highjack this logs of before the Malwarebytes' anti-malware scan and cleaning, as well as the log created by Malwarebytes' anti-malware.
Please help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:31 PM, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.... Read more

More replies
Relevance 58.63%

Hi there,

I really hope you guys will be Abel to help me out.

After running Malwarebytes Anti-Malware scan,there were multiple malware's found. Right after they got quarantined and removed,I immediately lost my internet connection. All of the other devices connect to the internet normally over wi-fi,except for my PC that's connceted to the internet with a cable.

I've tried troubleshooting several times,but I always get a response that there are no detected problems. Tried resetting the rooter and that didn't help as well. Also I've attempted to use the winsockfix file but he also didn't help. It didn't respond to the first ping but it did to the second one, 8.8.8.8 ping.

I've ran out of ideas and to me it looks like I'm only left with a clean installation of the windows. I would like to avoid this if possible so any help you could provide would be most appreciated.

I've posted the FRST.tex and Additional.tex along with reports I got from Malwarebytes scan. I think I lost my connection after the first scan and clean,and then run an addition 2 scans after.

Looking forward to hearing from you,thanks in advance!
 

Answer:Lost internet connection after using Malwarebytes Anti-Malware

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 58.63%

Hello guys! I just had a problem with Malwarebytes Anti-Malware Premium 2.0. Every time I enable Malicious Website Protection in Malwarebytes Anti-Malware Premium 2.0, I am not able to connect to the internet or no internet connection results. I cannot even update Malwarebytes Anti-Malware Premium 2.0 or it doesn't update itself prompting that it cannot connect to the update server.I am already experiencing this for a long time now and I can no longer ignore this. I just disable Malicious Website Protection of Malwarebytes Anti-Malware Premium every time I am surfing the web which is really unlikely. Please help. By the way, my OS is Windows 8.1 64 bit and I'm using Bitdefender Internet Security with Malwarebytes Anti-Malware Premium.
 

Answer:No internet connection with Malwarebytes Anti-Malware Premium 2.0

Delete malwarebytes then.
 

9 more replies
Relevance 58.63%

Hi, ALL,
I have a desktop computer that had a suspicion of infection.

I tried to run "R&R...", but after running MalwareBytes fixing some problems and rebooting, the computer lost the network connectivity.

I am getting an APIPA IP address.

Any suggestion on how to bring it back?

Thank you.
 

Answer:Computer lost the Internet connection after running MalwareBytes

I see you have posted in the malware removal forum alot lately. Are these all your PC's that you are trying to fix, or are they for friends/customers?
 

3 more replies
Relevance 57.81%

okay. vista homeprem sp2 32bit, no OS disc, not armed to try to dig up the semi-hidden partition that's supposed to be a recovery disc.enjoying some downtime, playing an mmo, alttabbed out to check some chat stuff. someone linked some odd article at siliconera, and I made the mistake of clicking. moments later, the game's anti-hack thing had a conniption, as various crap popped along either wanting to happen or crashing.so I kill that page, kill the browser, break out MBAM. finds some stuff: the aforementioned rootkit.0access and trojan.phex.thagen6. kill those with it, and reboot as it wants... suddenly windows dragging on getting fully up and running. and then when avast's tray icon popped up it was red X time. so I check, and the avast service isn't running. so I click to start it. several times. and then I go to services.msc and go to start it. I get error 1068: the dependancy service or group failed to start. run ESET's online scanner. it finds "a sirefef variant". tell it to kill that. still no luck. go to run aswmbr, initialization error C0000001 - driver not loadedaccess is denied. try to run tdss killer, it tells me new version, I get that, find that tdsskiller can't load it's driver either. I just ran mbam again and got another rootkit.0access. wouldn't be suprised to see another sirefef if I were to rerun ESET.I opened up autoruns and found a whole (censored)load of stuff coming up "file not found" even though I c... Read more

Answer:HELP! malware hell has descended and is preventing avast things and TDSS killer from loading drivers/services!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

13 more replies
Relevance 57.81%

Hello, please assist me, I have tried what I know to do, but computers are not my thing beyond the basics. I'm using Windows 7 home basic.
My problems as far as I can see:
Internet connection is unsafe when I open firefox, google chrome or explorer.
Date and time are changed every time I restart laptop, so can't restore system to previous point.
I ran a rootkit remover which detects nothing.
Microsoft security essentials removed a worm, and now detects nothing.
Malwarebytes detected malware and removed, but now won't open (not responding.)
Windows update not functioning. Unknown error.
This began while I was researching bitcoin, ha ha, go figure.
I would really appreciate help from someone who has skill dealing with tech-UNsavvy people who need quite clear explanations of what to do next.
I tried to look at other threads for help but don't understand what I'm reading.
Thanks for your time and attention to my woes!

Answer:internet connection unsafe, malwarebytes won't run, user is a tech moron

 The first thing I'd do would be to boot to Safe Mode and see if I couldn't get Malwarebytes to run.  While in Safe Mode, I'd run MSE again too because some viruses can hide themselves in normal mode.  I'd also back up any data I didn't want to lose while you still can.  
  If Malwareybtes still doesn't run in Safe Mode, try running System Restore to get back to a date prior to the start of the problem.
 
 When you've gotten your system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard drives are about $60 these days and a really good FREE backup program is the Easeus Todo Backup Free.  That can save you a lot of time and frustration the next time something like this happens. Sooner or later it happens to all computers for one reason or another.
 
 Good luck.

1 more replies
Relevance 57.81%

Hi I have attached the scan report after performing a Scan and Clean using AdwCleaner.
Please advise on how I can return to normal internet connection from this point.
 

Answer:No Internet Connection After Running AdwCleaner & Malwarebytes Anti-Malware

Hello,

Please follow this topic and attach requested reports:

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

2 more replies
Relevance 57.81%

Hi.
Iam new here and a bit of a pc nob.

My question is: Can i download Rkill, Tdss killer and malwarebytes to some usp sticks, and use them from the usp sticks?

2. And how

Answer:Help with Rkill, Tdss and Malwarebytes

Boot the PC into safemode with networkinghttp://www.computerhope.com/issues/chsafe.htmMost of the rogue infections are inactive in this mode.You can copy these tools to the PC and run a scan.good luck

4 more replies
Relevance 57.4%

My browser(s) have started being redirected when I try to access antivirus/malware sites. I have advertisement audio that randomly plays over my speakers. Malware bytes & Spybot S&D show a clean scan when run. Any help you can give me will be greatly appreciated!Here is my DDS log file. I cannot run GMER since it crashes everytime.DDS (Ver_10-03-17.01) - NTFSx86 Run by Boutwell at 22:25:35.21 on Tue 04/06/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3069.1603 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:... Read more

Answer:tdss rootkit infection...."driver adapti infected by tdss rootkit"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

43 more replies
Relevance 56.58%

First up, i'm on a Toshiba satellite laptop, running XP Media Center edition 2002. My computer has been acting up lately, and i'm deployed outside the US so i cant bring it to the local computer guru's to fix so i'm trying to do it myself. Unfortunately, i dont know enough so i'm here. The last 2 days i would be working on the computer on Internet Explorer and it would freeze on me, locking up everything including the mouse. I was noticing also that i would be typing or browsing a window and all of a sudden that window i was in would no longer be highlighted/active, like i had clicked outside the window but my hands were not on the touch pad. I started looking at the task manager and had about 43-45 processes running, with multiple examples of iexplore.exe open but only one window of Internet Explorer. I thought this was suspicious so i googled it and did a little research of my own. I could close them, and usually 1 or 2 of them would open back up by themselves. I searched my files for iexplore.exe and found it in 3 places. One was suspect, in a Prefect folder and the file name IEXPLORE.EXE-27122324.pf. Tried deleting this several times as i read it was a virus. Running Symantec, even in safe mode, nothing was found. File would come back after deleting it.
What i ended up doing was downloading Malwarebytes. I tried running this and nothing would happen, so i researched that problem and found that by changing the file name i was able to run the program. I... Read more

Answer:Malwarebytes found Rootkit.TDSS file, how do i get rid of it?

Casey,

My daughter's computer was infected with a Browser hijacker (which sounds similar to your problem) plus other infections over the last 12 months (even with having a FIOS security suite installed). Malware Bytes has been a tremendous help. It sounds as if in your case it was a 50% solution. I am not an expert, but in talking to others and doing some research, you need to run both Malware Bytes and a registry repair tool. There are some good freeware ones available, RegCure comes to mind. Also, if and when you get your system back to working order, I also recommend downloading ERUNT and Crap Cleaner (great name, but it works). ERUNT is a utility that backs up your registry in the Windows folder. So, if you ever run into a registry problem that you cannot fix, then you should be able to restore to a good point. Secondly, Crap Cleaner is a registry repair and general clean up, which should also help your computer run fast. I suggest running each once per week, ERUNT first, then Crap Cleaner.

I hope this helps. I have learned the hard way and wish to help as many others as I can.

Lew

4 more replies
Relevance 56.58%

Ran a malwarebytes check on my Computer earlier since it had been a while. After rebooting, I ran another scan and got warning that I had 7 infected objects, all which are rootkit.TDSS. 6 are under the "file" category and one is under the "registry key" categoryHere is my DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Ken at 18:34:02.20 on Tue 02/09/2010Internet Explorer: 7.0.6001.18000SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndtuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndtmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndtmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndtuInternet Settings,ProxyOverride = *.localBHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java... Read more

Answer:Rootkit.TDSS found in malwarebytes results

Hello, rivers2tomlinson.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksWe need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NEXT:We need to run a GMER scanDownload GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other open programs as there is a slight chance your computer will crash.Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Leaving the settings at default, click Scan.When the scan is complete, click Save and save the log onto your desktop.In your next reply, please include the following:Log.txtinfo.txtgmer.txt

27 more replies
Relevance 56.58%

Hello, hopefully this isn’t something that’s already covered – but I’m pretty certain I have some rather persistent malware.
Fairly regularly, I get a 310 redirect message on certain websites (The Times for instance). Others just redirect me automatically – for
instance, BBC news will sometimes not open, sending me instead to the general BBC homepage whatever link I click on.
It seems to be temporarily cured by resynching the clock or restarting the browser, but it always comes back. I have run adaware, malwarebytes in safe mode and kaspersky’s tdss rootkit – all to no avail. It’s only a mild inconvenience, but it’s almost the more worrying for it – I wonder what it is it’s up to if it doesn’t even advertise its presence. Any ideas???!
Thank you in advance so, so much for the time you appear to put into helping muppets like me,
Tom

Answer:310 redirect, persistent but almost imperceptible - tried tdss, malwarebytes etc

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 

 
Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
 

DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
DDS.pif
DDS.COM

 

Double click on the DDS icon, allow it to run. 
A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 
Notepad will open with the results. 
Follow the instructions that pop up for posting the results. 

Please note:  You may have to disable any script protection running if the scan fails to run.
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===
Third party programs if not up to date can be an open door for an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please po... Read more

12 more replies
Relevance 56.17%

Hi,I am hoping someone can identify whether I have malware running on my PC or if there is another problem. A little background on what I have tried to date may help.Running Windows XP - all recent updates applied. McAfee was default Anti-virus. But also had MalwareBytes and SuperAntiSpyware running.PC Froze after startup and logging into account. Hadn't loaded any new software - but had virus on another PC in same network.Could even run Task Manager to see if processes were hanging.Restarted and ran anti-virus. SuperAntiSpy found couple of Trojans - Trojan.CWS/HWY. Removed these. But then MalwareBytes was refused internet connection to update (even though browser fine - rules about 4 days old) and then McAfee reported update failed and files corrupt. Was suspicous that could be due to virus .. ?? Modifed Startup Programs - only running basic stuff. Still PC froze.Started in Safe Mode (including limited startup) and ran following:SuperAntiSPyware run again (latest update) - but found nothing on quick and full scans.MalwayBytes found nothing - although definitions are little out of date.Ran ATF Cleaner (normally run XP Disk Cleanup once a week). Ran chkdsk (couldn't see log in Safe Mode - so not sure if there way any bad sectors).Ran Disk Defrag. (had run this only couple weeks ago - so should have been ok anyway).I tried the ddr.scr script (as posted above) but it wouldn't execute - just a flash of cmd tool - and that was it.Finally I ran hijackthis. Here is the log - hopefu... Read more

Answer:PC Freezes after 5 mins. Malwarebytes refused internet connection, McAfee reports corrupted files.

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, Navigate to your C:\Windows folder and search for the file regedit.exeRightclick it and select to rename the file. Rename it to reg3dit.exeThen launch the reg3dit.exe in order to open your Registry Editor.There, browse to the following key:HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32You'll see on the left that you can expand the keys (they will look like folders). So expand them until you get drivers32Rightclick the drivers32 key (folder) and select to export:Give it a name and export it as a txtfile on your desktop.Then copy and paste the contents of it in your next reply.If confused, please ask first. Extra note.. after you have used the renamed regedit.exe (reg3dit.exe), look in your Windows folder if Windows File Protection placed a new regedit.exe there again (it should). If not, then rename reg3dit.exe back to regedit.exe.Extra note regarding McAfee - it's not always Malware causing problems though, i... Read more

6 more replies
Relevance 55.76%

Malwarebytes keeps finding rootkit.tdss and says it removes it, but it keeps coming back. I have tried running malwarebytes, trend micro's housecall as well as CA antivirus. Need help please.

Running Windows XP service pack 3.

Answer:Rootkit.tdss Malwarebytes removes it but it keeps coming back

Hello and welcome. in order to remove this you will need to run HJT/DDS.Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

1 more replies
Relevance 55.35%

Hi! I'm brand new to the forums so I apologize for jumping in before reading everything, but if there is anyone around who can help me, I'm trying to devote this afternoon (Eastern time, USA) to helping a friend remove a scam popup from his Linux machine. I created a disc yesterday filled with malware removal tools, each of which said they were Linux compatible, but am not familiar enough with Linux-type OS yet to know how to run them, or if they can even BE run on this setup.

The distro is Zorin 10-RC, created with those converting from Windows to Linux in mind. (It's amazing, you'll have to check it out.) And even though I love it, I simply do not know enough about working with Linux architecture to know how to do this.

If there's anyone out there who is available and can help, I'll answer any questions you need answered.
I'm looking through my notes now and I do not believe this machine was set up with a dual boot system. I think it's purely Linux, so I was kind of shocked that it could contract this popup.

Thanks in advance for any help you can give. I'll be reading everything I can find until I hear from someone.
 

Answer:Linux compatible versions of RKill, TDSS Killer, Malwarebytes, etc.

If nobody helped you feel free to PM me and I will help you
 

1 more replies
Relevance 54.94%

In normal mode, my Internet Explorer does not work. I try to open it but the pages never come in although I am sure I am connected. I also tried Firefox and that is not work either, with the same error as IE. Windows Live email does work and I am able to pull down email, but none of the browsers work.

Also, when I try to update Spybot, Ad-Aware, Malwarebytes they fail, saying that updates cannot be downloaded. I was able to run and update in Safe mode with network to get the updates and run Spybot, Symantec Antivirus, Ad-Aware, Malwarebytes, and Windows: safety.live.com, but no issues were found and the when I reboot in Normal mode, the same problem exists.

Next, I ran SDfix in safe mode and have attached in this note, but also, the same problems exist (see attached: Report.txt)

Finally, I have now run dds.scr this and am posting the results. (see DDS.txt below and attached: Attach.txt)

Any help you could provide on this would be much appreciated.

Thanks in advance.

Rick G.

DDS.txt output:
DDS (Ver_09-03-16.01) - NTFSx86
Run by rickgoncalves at 18:49:28.51 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.888 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Integrity Client Firewall *enabled*
FW: Symantec Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\syst... Read more

Answer:Internet Explorer/Firefox not working, Spybot, Ad-Aware, Malwarebytes updates not working in Normal Mode

I have resolved my issue. Turns out it was a problem that has to do with my VPN and the firewall policy.

2 more replies
Relevance 54.53%

Is there a virus, trogan, worm,etc. that can cause limited or no connectivity to the internet? I have a Dell Dimensin 8250 computer on which I am running windows XP, all of a sudden I get a limited or no connectivity warning. It is not the internet connection or company, because I can access the internet using the my older computer and I have contacted the internet provider and had them check. It started with programs not shutting down properly when shutting down the computer. Then, windows defender was disabled and I can no longer even get into windows defender, from there it went to not internet. If it is a virus, trogan, worm etc. how do I get rid of it without accessing the internet. I have run hijack this and will post the log.Logfile of HijackThis v1.98.0Scan saved at 12:09:10 PM, on 1/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program File... Read more

Answer:Can Infection Cause No Connection To Internet?

You did not post the entire logOpen the log in notepadEDIT - SELECT ALLEDIT - COPYThen come to this message, and in the quick reply box click in the white space and then EDIT - PASTE=============================You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{5695FB9A-707F-4EB2-AF2A-1ACDDBEF458B}: NameServer = 85.255.116.148,85.255.112.10O17 - HKLM\System\CS1\Services\Tcpip\..\{5695FB9A-707F-4EB2-AF2A-1ACDDBEF458B}: NameServer = 85.255.116.148,85.255.112.10If you have connection problems after this* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .? Double-click the Network Connections icon? Right-click the Local Area Connection icon and select Prope... Read more

7 more replies
Relevance 54.53%

i use trend micro anti virus, just started using registryprot(i love it), and im reading up on spywareblaster right now (looks intresting)... what do you use? what do you suggest as the best & whats it the best at spyware, anti virus, preventing installation / spreading of infection / etc.
 

Answer:Preventing infection ... what do you use?

16 more replies
Relevance 54.12%

Hi Guys,

I hope I'm posting this in the correct category on the website (it's the only place I can see a button "post a thread").

I think I may have some kind of hidden malware or virus. I can't do a boot scan because my internet requires me to manually turn it on once widows starts, therefore no possibility for a safe mode with networking.

There is something in my computer that is playing with all my updates. I don't know what it is. I used all many of the tools recommended by Malwaretips. Is somebody who is experienced in this able to possibly help me? I have Kaspersky Internet Security 2014. When I manually update it goes up to 24% and then stops there and gives me the screen "Databases and Application are up to date". I have MalwareBytes and the Update button greys out and I cannot click on it. And with Windows Updates the red flag comes up in taskbar telling me I need to choose an update method (and automatic updates is shut off).

I've tried uninstalling and reinstalling several times. I'm afraid to go on the internet without a Sandboxie.
Can somebody please help?

Thank you.
 

Answer:Problem with Updates: Kaspersky, Malwarebytes and Windows Updates

Are these other threads related to the same issue you're having here?

http://malwaretips.com/threads/plea...-software-is-not-functioning-correctly.21858/
http://malwaretips.com/threads/my-kaspersky-internet-security-keeps-freezing.21861/
http://malwaretips.com/threads/i-think-something-is-messing-with-my-updates.21864/

If you believe, your PC is infected with Malware head over for Removal Assistance.
http://malwaretips.com/forums/malware-removal-assistance.10/
 

2 more replies
Relevance 54.12%

Hello,

I think my laptop is infected despite my antivirus (Kaspersky Internet Security) did not detect nothing.
I followed the Malware Removal Guide for windows XP.
I obtained six log files from Adware Cleaner, Malwarebytes Anti-Malware, Rogue Killer, TDSS Killer, Hitman Pro and MG Tools).
I attached five of them to this thread.
I did not attach the Adware Cleaner log file.

----> Please, could you analyse them and explain me how to remove/clean the infection and how to avoid a new infection ?
Would you need the Adware Cleaner log file ?

I fear my mobile WD drive is infected.

----> Should I follow some kind of Malware Removal/Cleaning Guide for mobile drive ?
If yes, what would be this guide ?

Yours sincerely,

John
 

Answer:Request For Log File Analysis (malwarebytes, Rogue, Tdss , Hitman Pro, Mg Tools And Adware)

I am not seeing any malware in your logs. However, we can clean up a few items.

Rerun RogueKiller and have it remove these items:

Files : 5
[Hidden.ADS][Stream] C:\WINDOWS\system32:7DC99477_Abn.gbp -> Found
[Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:GbpKmAp.lst -> Found
[Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:IncompleteBoot.cnt -> Found
[Tr.Generic][File] C:\Documents and Settings\FLOR\Dados de aplicativos\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found

Once done, reboot and rescan with RogueKiller and attach the new log.
 

20 more replies
Relevance 54.12%

My google keeps redirecting after dealing with the Security Alert virus (the one that blocks all .exe programs, was deleted after running in safe mode). But every time I run a scanning software to try and fix this, whether in safe mode or not, it gets to a certain point and then crashes. No error message, no nothing, it just vanishes. Then when I try to reopen it or delete it, it gives me this error message: I believe it has something to do with this process, which never appeared before now and refuses to close: EDIT: Possibly unrelated, but my computer can't seem to acquire a network address without me turning the Firewall off/on. It doesn't matter whether I turn it off or on during connection, it just seems to be the change in status that somehow makes it connect. All I was able to create was a dds log:.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Ellen at 14:41:10 on 2011-08-11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.339 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\90027531:4098466554.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exec:\Program Files\Dell&#... Read more

Answer:Google redirects: tdss killer, aswmbr, gmer, malwarebytes and esets not working

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

5 more replies
Relevance 54.12%

This may seem like a simple problem and it is annoying rather than being too serious but I wondered if it could be an indication of a more serious problem.

I have Vista and run McAfee Internet Security Suite as well as SUPERAntiSpyware. The problem is that if we visit any sites with any "live" chat - and to be fair the only sites are my partner's bingo sites then she can never connect to their chat rooms. When we operated XP she could and also when we first got Vista she could (although initially she could only connect to some of the chat rooms) but now all her sites fail to connect to the chat, but the actual connection to the site and playing bingo is fine.

And the end of the day, to me the less time she spends on bingo the better , but I thought I would ask in case it suggests other connection problems. We have no other problems with internet connection.

Answer:Poor Internet Connection Or Infection?

Hello, reggieboy.It is likely being firewalled by McAfee. I doubt that suggests a malware problem, but we can check if you like.If you want to check:Please go to ESET OnlineScan (NOD32)You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of UseNow click StartShould you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click YesClick StartNote: (the Onlinescanner will now prepare itself for running on your pc)To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"Press ScanThe Onlinescan will now start and scan your pc (this could take a while)When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the windowClick Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txtThe Scanresults will now open in NotepadClick into the text area, right-click and chose "select all" (or use <Control>+A)Right-click again and chose "Copy" (or <Control>+C)Close/Exit NotepadNavigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this... Read more

14 more replies
Relevance 54.12%

Hello All: I think that I have picked up something elusive.  My svchost.exe keeps connecting to traffic.acwebconnecting.com.  I have at least 10 DNS client errors daily. My intenet connection has been slow and my Chrome extensions have been erased twice. Comodo recently started blocking 224.0.0.252 yesterday.   
 
I am using Windows 7 Home Premium 64.   Windows Essentials antivirus, Comdo Firewall 5.12, and Mvps Hostman. 
I have scanned with, Malewarebytes, Spybot, Windows Essentials, Hitman Pro, TDSSKiller and the scans report clean.  Can someone please help?  My DDS.Txt are below.  Thanks.
 
 
 
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.11.9600.16518  BrowserJavaVersion: 10.51.2
Run by Cynda at 16:57:14 on 2014-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4009.2690 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svch... Read more

Answer:Internet connection slow, possible infection?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===It migh just be that you Hosts file is malformed.I suggest you reset back to the default.How To:http://support.microsoft.com/kb/972034Use the Fix it button on the page.When all is well you can install the 3rd party hosts file you normally use.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double... Read more

10 more replies
Relevance 54.12%

Hi, I was redirected here from the Networking forums.

my computer was recently attacked by a very nasty fake antivirus program. I have managed to get rid of it (or at least it seems that way), however, now my internet connection isn't working. My computer is connected to a router via ethernet cable. It shows that it's sending out packets, but won't receive any.

I have tried many different things already. I've unplugged the router, reinstalled the broadcom drivers, ran the winsockxp fix, etc.

When I do the run~cmd~ipconfig /all command this is what I get:


Windows IP Configuration

An internal error occurred: the request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional Information: Unable to query host name.

C:\Documents and Settings\Paul>

I also cannot start windows firewall. It gives me an error message saying it cannot start the windows firewall/ ICS service.

I have also enabled the obtain the IP and DNS server address automatically in the protocol settings as well.

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 21:00:01.57 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.462 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32... Read more

Answer:Malware Infection / No internet connection

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

19 more replies
Relevance 54.12%

Hi; I posted previously in another forum, and after I was helped along, I was asked to post my topic here. I am trying to restore internet accessibility to my sister's laptop and get rid of all her malware as well. I have previously scanned with Malwarebytes, which removed 23 threats.Some things I have tried before posting on the last forum include:-Using command for "netsh int ip reset reset.log", resulting in the message "Resetting Echo Request, failed. Access is denied. Reseting Interface, OK! A reboot is required to complete this action."-Using command for "netsh winsock reset catalog", resulting in the message "The system cannot find the file specified."-Using command for "sfc/scannow", which seemed to run fine.-Running msinfo32, to find under Components>>Network>>Protocol that the list was empty.-Scanning with FSS, which showed that "Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: other errors. Attempt to access Yahoo IP returned error: other errors".What I was advised to do by the previous BC Adviser:"Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Download FSSCheckmark all the boxesClick on "Scan".Please copy and paste the log to your reply.Download mini toolboxCheckmark following boxes:Flush DNSReport ... Read more

Answer:No internet connection; Unsure of infection

Hi,

I noticed that my topic is the oldest one with no reply, and I have seen many topics posted days later than mine that have already received support feedback. I read the guidelines for the forum, and the note to please be patient as the "average response time is 5 days". It's been 5 days now, and I wanted to check and see if this topic was simply missed or that I was told to post it in the wrong section so it is being ignored.

Thanks, and hope to talk with you soon.

-tdzhgf

14 more replies
Relevance 54.12%

Hello, my parents were using the computer and I don't know what they install and now the internet connection is slow.

I can't even get on Google.com
Looks like the page was been redirected.

I scanned with Avast and nothing is detected. With MBAM, it detected around 30 infections and I will post the log below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2011 3:41:28 PM
mbam-log-2011-11-28 (15-41-28).txt

Scan type: Quick scan
Objects scanned: 194663
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 30

Memory Processes Infected:
c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> 1796 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegistryHelper.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service (Rogue.RegistryHelper) -> Quarantin... Read more

Answer:Infection that slow down my internet connection

Can you perform a complete scan?

7 more replies
Relevance 54.12%

Hello All
 
I noticed during virus scan checks that when I remove the plsapp.dll I have no internet afterwards? So naturally I went to the virus vault and added it to the exceptions as a work around for the time being. Well now I'm tired of my connection dropping every time my scan removes this file even though I've added this to the exceptions? I love the work you all do here and would love to learn what I did that caused this to happen and prevent it happening again not only for myself but others also.
 
Please help
 
Thanks In Advance

Answer:Plsapp.dll infection no internet connection

Hello and welcome to Bleeping Computer! 
 
From my research of the plsapp.dll file, it seems to be from a program called PureLeads. However, I still need you to do some preliminary tests:
 
1. Download Mini Toolbox and save it to your desktop. Run it, and please checkmark the following options. Note if you do use a proxy, be warned that this tool will reset your Firefox and Internet Explorer proxy settings.
 
Flush DNS
Report IE proxy settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Setings
List content of Hosts
List IP configuration
List WinSock Entries
List last 10 Event Viewer logs
List installed programs
List Devices
List Users Partitions, and Memory Size
List Minidump Files
List Restore Points
Hit Go  and post the result of the file Result.txt. It should be on your desktop.
 
_______________________________________________________________
 
The next program we are going to run is called Security Check. Download and save the file to your Desktop.
A command prompt window will appear when you open it.
This is NORMAL.
 After this a text document will open automatically called checkup.txt at the top . Post that into your next reply. 

25 more replies
Relevance 54.12%

Good Afternoon and thank you for helping me:

Here is my issue: I switched from AVG antivirus free home edition to Avast. When I uninstalled the AVG it did not remove the toolbar. I have disabled the toolbar but it seems as if it's still active. I have yahoo DSL for internet service with a yahoo toolbar. My internet explorer will sometimes default to avg instead of yahoo while surfing the internet.

When I try to launch my AOL, I?ll get a message stating that AOL has detected a firewall and I?ll have to retry it a few times before it will connect.

I checked my windows firewall settings and this is what I see. In the windows firewall_exceptions tab_programs and services: There is a box with this verbiage; "Windows firewall is blocking incoming network connections except for the programs and services selected below" these AVGs are in the list along with my other programs. Avast is not in the list. (Shouldn?t this say avast now?)

AVG installer
AVG installer
Avgemc.exe
Avgupd.exe

When I look at internet options_general tab_change search default settings_search providers, I see this list:

Aol search, Status tab: Default, Listing order tab: 1, Search Suggestions tab: not available
Bing, Status tab: blank, Listing order tab: 2, Search suggestions tab: disabled
Viewpoint search, Status tab: blank, Listing order tab: 3, Search suggestions tab: not available
AVG secure search, Status tab: blank, Listing order tab: 4, Search suggestions tab... Read more

Answer:possible infection preventing AVG removal

My previous post in the software forum is titled "AVG NOT FULLY REMOVED". I don't know how to move the logs I've attached to this one.
 

4 more replies
Relevance 54.12%

Hello all. 
 
First, let me say thank you for what you all do! Second, I'm sorry if the description of the problem is not ideal. I'm helping my mother in-law and I wasn't around when this started. 
 
She texted me saying she got a pop up on her machine saying along these lines "Windows Firewall Infected..BSOD....." I told her I would be home in a bit and would call her. Well she decided she would save me the trouble and call the 1-800 number that the pop up displayed.... Yup....I'm banging my head on the desk. 
 
She said some guy dialed into the PC and started a scan. My father in-law told her that this probably wasn't a good idea and told her she should hang up.
 
By the time I got to the PC there was some remote support session in progress that I killed. Firefox was now the default browser and homepage was Rescue by LogMeIn. 
 
Now AVG won't run so I'm assuming something is preventing it from running. Ran Malwarebit Anti-Malware and it didn't detect any threats? 
 
So I'm following the instructions you provided. Ran the Farbar tool and FRST log in below and the Addition file is attached. 
 
Again, THANK YOU!!!! 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by Rita Bailey (administrator) on RITABAILEY (14-09-2015 21:10:12)
Running from C:\Users\Rita Bailey\Downloads
Loaded Profiles: Rita Bailey (Available Profiles: Rita Bailey)
Platform: Windows 7 Professional Servic... Read more

Answer:Infection Preventing AVG From Running

Looks like the Addition file didn't attach to my original post. Sorry about that. 

16 more replies
Relevance 54.12%

   Okay, I'll start off saying I was in the middle of a conversation on Skype; out of nowhere this fake scanner pops up and starts scanning. Well it's not the first one I have seen, so I stopped the scanning process quickly after scanning with both AVG 9 and then SUPERanti-SPYWARE. I had Trojan viruses and ad ware tracking stuff and malware. I scanned it a couple times after that to keep getting the stuff off. Eventually after a good 5-6 restarts and 1 successful restore point to a day earlier when it was working has caused me to land on this site. Very thankful for it too. This computer is NOT infected, I have 2 computers, both with Windows XP, SP2. I can't get on-line with the other computer at all. I'm not sure why because I have scanned it multiple times and kept rebooting. So I'm stuck and need help.I have AVG 9.0, payed for. And I also have SuperAnti-Spyware. I use them together. Not sure if that is good... I had recently downloaded an old movie off a peer sharing thing, which I know is bad but I was very determined to see it. - I removed the peer 2 peer software and erased the movie. What I need help with because I am not sure if I was clear enough...Removing / Fixing what ever it is that is keeping me from getting on-line on my other computer.Help preventing another problem like this again.

Answer:Infection Preventing Access to the web

Hello, and welcome to Computer Hope.Please note the following information about the malware forum:Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above. Please do not attach logs or post them in Quote/Code boxes unless requested.Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.If you have already asked for help somewhere, please post the link to the topic you were helped.We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMPLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.Please visit this webpage for a tutorial on downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixSee the area: Using ComboFix, and when done, post the log back here.

1 more replies
Relevance 53.71%

Windows tells me not to unplug or power off machine. But I think I have no internet connection, so how can Windows install 9 updates?

In "Wireless Network Connection Status" I saw:

IPV4 Connectivity No Network Access
IPV6 Connectivity No Network Access
Media (something) Disabled

I cannot connect to my wireless network. Other computers on the home wireless network work fine. This makes me suspect a failed wireless adapter card in my PC. I did not check Device Manager for a bad adapter before I ordered "Shutdown".

Can I power off the PC anyway? Will something bad happen if I do? If I shutdown and power back up, what can I do to fix the "No Network Access" problems and go on line? Troubleshoot adapter through Device Manager? Any other ideas or precautions?

Answer:Installing updates (1 of 9) but no Internet connection

How did you check for updates in the first place if you have no internet connection?

Regards,
Golden

4 more replies
Relevance 53.71%

My Windows 7 64-bit PC auto-updated with Win Updates late last night and now has no internet connection. My other PC's that are hooked up through my router have no issues connecting. It's only the Windows 7 machine.I see a post on the McAfee forum complaining about something similar:https://community.mcafee.com/thread...Note, I do not run AV and I'm not infected with malware. Due to my profession, I'm 99.9% positive of this statement.Just no interwebs.Anyone else seen this issue or can possibly point me in the direction to start looking?

Answer:No Internet Connection After Windows 7 Updates

Look in Device Manager at the network device. Windows may have pushed an updated driver that doesn't work with your card. Look at the date the driver was updated. If it reflects yesterday's date, try rolling back the driver to a previous version.

7 more replies
Relevance 53.71%

I  have a Windows PC which cannot be connected to the internet.  I have installed Symantec Anti Virus 10.1.5.5000 and want to install VD updates which I have downloaded from another machine which can be connected to the internet.The new virus definitions are on a CD and I have written the following batch file to enable the files to be copied into the appropriate directory.copy x:\ *.* c:\Docume~1\alluse~1\applic~1\symantec\symant~1\7.5\(x= drive letter of CD drive)It doesn't work!  Any suggestions

Answer:Virus Updates - No Internet Connection

Can't you just copy the files manually?

3 more replies
Relevance 53.71%

Yesterday, my computer crashed. I was able to find the WinXP recovery disk, and get it up and running, but a problem that I've had for a while had come back.

When I installed the windows updates, my internet connection died. It'd work for the first, maybe...10 - 20 minutes? Yeah, around there. Then it'd say it was connected, but it'd just be dead. Help?

Answer:Internet Connection/Windows Updates

Hi all, Hi gj-glow3bears

This issue is being helped in your thread over in the networking forum --- http://www.techsupportforum.com/f31/...ne-157327.html

So, if anyone wants to leave an another reply, make sure to visit the other thread, as it has a few techs helping already. [I've left a brief reply there myself].

Best of luck!
. . . Gary

1 more replies
Relevance 53.71%

Hi,
I installed the latest Windows updates today. After doing so Windows had a problem connecting to the Internet. My modem reported being happily connected, but in Network Connections there was none. I reverted to a restore point just before the updates and everything was back to normal. As far as I can remember these were the udates>>>>>>>
Security updates for Vista ? x3
Security update for Javascript for Vista
Security update for media format runtime for Vista
Update for Vista
Malicious software removal tool
Update for Windows mail junk email filter
Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923)
Definition update for Windows Defender
Security Update for Microsoft office publisher
Security Update for Microsoft office word 2007
Security Update for Microsoft powerpoint
Security Updates for 2007 Microsoft office system x3
Security Update for Microsoft office infopath
Security Update for Microsoft office one note
I'm left wondering if I can ever instal any Windows updates ever again....?????
Any comments gratefully received.

Answer:Windows updates cut Internet connection

Hello,
Try installing the updates one by one and then restarting after each one. I always create a restore point do install this updates in this way. I have had issues with some updates in the past and if you install one by one you find out which one is the culprit.

1 more replies
Relevance 53.71%

I've somehow got some malware/ trojans/ viruses, whatever you may call them, and I'm unable to update my spyware/ anti-virus software. I currently have Spybot, Zonealarm pro, ad-aware pro and a recent download of the free avg anti virus...all of which are outdated. Can anybody please assist in the removal of these things causing the problems?

Thank you!
 

Answer:virus preventing updates

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

1 more replies
Relevance 53.71%

Hi,
Right now i have about 56 updates pending, most of them office updates, and a couple of Windows updates.
I've discovered that a update is preventing my PC from sleeping, as when i do a system restore back to before i updated my PC will sleep, and then instaill them again my PC wont sleep.

I'm assuming its a windows update rather than an office update causing this problem.
Is there a better way to see which update is causing the problem rather than instailling each update, one by one?

More replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

3 more replies
Relevance 53.3%

Hello All,First of all, in advance thank you for your help and contributing to this site.That being said my issue is this. On a wireless internet connection, worked fine for over a year. However about 2 weeks ago i installed and ran Malwarebites Anti-Malware and found some trojans and other misc viruses. After quaranting and deleting those i thought my comp was clean however now it is blocked from accessing the internet.First it wouldnt connect period and then I discovered that my ip adress, subnet mask, and gateway numbers had all been changed to 0.0.0.... So i manually entered those in, now what happens is that the internet will connect for a brief second and then close down and again a couple times before giving up. I have no ping to any sites. Attached is a Hijack this log Thanks again for your help. I have enabled auto-updates for this thread as well to ensure timely responses

Answer:Internet Connection Issues after Malware Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Relevance 53.3%

Hello,
I posted a thread about my problem on the malware forum and "dr. moriarty" redirected me to this forum after cleaning up my laptop but still have no internet connection. I used SuperAntiSpyWare to clean my laptop but after moving found items to quarantine and restarting my laptop, internet connection lost.

I also have XAMP installed on my laptop, so I run XAMP (apache) and tried to access localhost, no hope. I can get using 127.0.0.1 but not using localhost, even in the hosts file I have 127.0.0.1 localhost

here is the link to my post where you can find problem details and logs reports generated especially SuperAntiSpyWare, malwarebytes:

http://forums.majorgeeks.com/showthread.php?p=1659118

describing my problem and the steps we have took with "dr. moriarty".
Would you like to help please??

I tried DNS flush, IP config but still running with the problem.

Notice that I'm now using my old PC and going back and forth to my laptop.

I can see my wireless network connection in the list of available wireless networks. But when I go to the "network icon" at the bottom right side of the laptop screen I see it with RED X. If I click this icon and go to "connet or disonnect..." I can see my wireless network connection (Blinke8889)and has signal strenght "excellent". If I choose Blinke8889 to connect to it, it takes 1 minute and then I get "connection unsuccessful" and I can see "Connecte... Read more

More replies
Relevance 53.3%

Recently noticed pop ups frequently coming up even though I use AdBlocker. They said that they were from "DNS Unlocker". I realised this was likely malware and ran Malwarebytes to try to get rid of it along with Avira Antivirus. I had a approximately 60 hits in total and told the programs to quarantine them.
Once I reset my computer my internet connection no longer worked, I can't work out why
 

Answer:DNS Unlocker infection, tried to remove but now I have no internet connection.

I also just ran AdwCleaner, here is the file.
 

1 more replies
Relevance 53.3%

Hello,
 
I have run through the malware detection and removal with nokojon (see another post). He advised me to run DDS and post the logs here (See below).
 
The problem that I have is that due to possible malware infection it has knocked out my internet connection probably by messing with the connection setting. The sytoms of this are:-
 
1. Not being able to connect to the internet.
2. A small yellow triangle with an exclamation mark over the status of my connection on the taskbar, however when clicked on it says that i am connected to my wireless network.
3. An unidentified public network is shwon and I can't get rid of this. In the network and sharing center it appears between the lapto and  the internet.
 
As an aside I know the wirless is ok as I connect another laptop to it fine.
 
Please let me know if you require any other info. For the previous logs re: malware detection and removal please see the thread with noknojon.
 
Many, many thanks in advance.
 
Andy
 
DDS.TXT =>
-----------------
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798
Run by Chippy at 8:46:18 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3999.2227 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated... Read more

Answer:possible malware infection that has knocked out internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530568 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

11 more replies
Relevance 53.3%

Hi Bleepingcomputer ^^

I have been going nuts for allmost a week now and desidet to get some help =S

So to start from the beggining:

1. Got the win 7 security 2012 virus.....
2. Did the removal with FixNRC, then Rkill and finaly deleted it with MBAM
3. Afterwards i could'nt get connection to any internet at all just keept identifying
4. I tryed ALOT of things to make it work and finaly by reinstalling the win-sockets i got back on the internet =D
5. I took a closer look and it turns out only the things not connectet to microsoft could connect to the internet (firefox & skype) when i try to run Internet Explore (IE), Windows update, MSN or a pc-game it says that its offline/not connected.
6. I diagnosed the problem in IE and it said that the proxy couldnt be connect automaticly.
7. I've tryed to put in a proxy server (did'nt work) and reseting it (did'nt work)

Now i've tried for 5 days to make it work and nothing has done it for me =(

Pleace help, i'm awaiting orders =)

Answer:Microsoft has no connection to the internet after malwere infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 53.3%

Downloaded a file that I later found out has a trojan attached. Here's the logs:



DDS (Version 1.0) - NTFSx86
Run by Daniel at 0:16:11.78 on Sun 11/16/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.417 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k i... Read more

Answer:Trojan Infection & Slow Internet Connection

*bump*

5 more replies
Relevance 53.3%

I am struggling with the after effects of a System Tool (rogue anti-spyware) infection on a Vista machine that has left me with no Internet connection.I believe the System Tool infection has been successfully removed. There are no proxies set in Internet Options > Connections. Computer will connect to LAN & WLAN but only with local connection. No Internet connection from this computer. LAN and WLAN reset themselves to APIPA addresses on reboot even though DHCP is working fine and even after I save manual IP addresses for each interface (i.e. they aren't saved permanently).ComboFix reports the following message in the Command window on launching (and then continues) and again at Stage 38, even though I am signed into the Administrator account and "Run (ComboFix) as administrator":Access Denied. Administrator permissions are needed to use the selected options. Use administrator command prompt to complete these tasks.It seems like some network settings have been compromised in Registry &/or some permissions have been altered by System Tool before removal.Any help would be greatly appreciated and the helper will receive my undying admiration.The contents of the ComboFix log are as follows:ComboFix 11-02-28.07 - xxxxxxxx 01/03/2011 13:31:27.1.2 - x86 NETWORKMicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.44.1033.18.3068.2619 [GMT 0:00]Running from: F:\ComboFix.exeAV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4... Read more

Answer:No Internet connection after "System Tool" infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 53.3%

I opened what I thought was a folder, but what was in fact an .exe with a folder icon..stupid of me
I ran scans with NOD32, Ad-Aware, Spybot S&D. Spybot detected a .bat in the temp folder constantly trying to run after infection and I chose to delete it.
Combofix got rid of a few things afterwards (neglected to save the log file).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:20 PM, on 14/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SteamWatch\SteamWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Documents and Settings\LukeB\Desktop\X-Fi Changer\XFiMode.exe
C:\Program Files\Lavalys\EVEREST Corporate + Ultim... Read more

More replies
Relevance 53.3%

Hello,
 
running windows 7 home prem service pack one on HP pavillion dv6 notebook.
 
I suspect a malware infection as in IE the home page is http://i.e.redirect.hp.com/svs/rdr? there also was infection by delta search.
 
The internect connection does not work. Yellow triangle symbol over icon on taskbar, although is connected to wireless network.
 
Through network and sharing center an unidentified network is listed with a red cross between that and the internet. Windows diagnostics and troubleshooting do not resolve the problem. Becuase I have lost the internet connection it is not easy to cut and paste error messages and logs and am posting from a mac which has no problem in accessing the same wireless network.
 
Help would be greatly appreciated as I've seen from other posts that these issues can be complex if malware is involved. Can the malware subvert the internet connection and set up the unidentified network.
 
thanks in advance and look forward to hearing from you.

Answer:possible malware infection that has knocked out internet connection

Hello -
Please read and follow This topic. first as Delta Search is the same type of program.
Then select your browser type and reset your homepage back to normal.
These are advertising programs that will try and redirect you to their contacts.
 
You may need to use 1 or 2 Flash Drives to transfer information (or try Safe mode)
 
After you disable the Add on or Extension, please run these programs, and we will check for remains.
Please download all programs to desktop, and use Copy and Paste for your replies.
Windows Vista / 7 / 8 users may need to Right click and select Run as administrator.
 
 
First -
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.
 
 
Next -
Please download MiniToolBox to desktop and run it.
Checkmark following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the... Read more

13 more replies
Relevance 53.3%

Hi everyone - New to site.
 
My nephew was using PC IExplorer and said a Notification pop-up saying something like - encrypting files - he tried to exit the page and couldn’t so he powered off the PC.
 
Now PC doesn’t recognize my broadband connection (hardwired connection). Went to Control Panel-Internet Options-connections. It lists Broadband Connection and never dial a connection. Clicked LAN Settings show a check at Automatically detect settings. The Proxy server section is not checked.
Closed out with ok Clicked Connect to internet - Clicked existing option "Broadband" next - unable to connect - clicked diagnose response was detected a problem but was unable to fix. Went back to internet connection cleared everything and reapplied as above. Now when I click Connect to Internet I get Error 797 modem not found or was busy.
 
Removed the hardwired Ethernet connection from the PC and connected it to Laptop. Laptop connection works fine.
 
I don’t know how to proceed.
 
As per the posted guidelines, I downloaded DDS to a flash-drive and then copied to PC and ran DDS.
7-13 DDS.TXT is below and 7-13 Attach.TXT is attached.
 
Any help is appreciated - Jim

 7-13 Attach.txt   9.64KB
  1 downloads
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by Jim at 12:34:33 on 2014-07-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1972 [GMT -4:00]
.
... Read more

Answer:Infection - Vista PC - No Broadband connection to Internet

Hello 3Jim3,My name is Cody and I'll be helping you clean up your computer. I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.==========================================================================Some points for you to keep in mind:Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I w... Read more

26 more replies
Relevance 53.3%

I went through a major infection today.  MalwareBytes attempted removal but failed.  I downloaded Avast and ran a bootup scan, which removed most of it, but a nasty SYSWOW64/dnsapi.dll virus remains.  My connection to the internet is terrible, and some websites fail to load at all.  MalwareBytes and another program refuse to install, and Avast bootup scan finds the virus, but fails to remove it.
 
I am using Windows 7 64 bit

Answer:Major infection - affects internet connection

Welcome aboard  Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 53.3%

Hello,I was trying to download softwares from the internet and sunddenly chorme and firefox don't run. IE still running so I connected to the internet and searched for this and posts recommended to download SUPERAntispyware. I did download SUPERantispyware and run it.It detects a lot of things.. then I proceed to deleted the detected warm, trojan etc..I restarted the computer, now chrome and firefox and IE all could be opened BUT I LOST INTERNET CONNECTION. The wireless of my laptop is detecting the connection but the small icon has a red x on it.If I try to connect to the wireless connection, I get connection unsuccessful.I'm using windows vista.The log file generated by SUPERantispyware is attached to this post.PLEASE HELP.Thank you.-FADI[regaining space - attachment deleted by admin]

Answer:Please help: malware infection and internet connection lost

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. ************************************************************************* Please download Malwarebytes Anti-Malware from here.Double Click mbam-setup.exe to install the application.Make sure a c... Read more

13 more replies
Relevance 53.3%

Please help! An unknown infection is preventing programs from running on my PC; ie: Malwarebytes, etc.
Windows 7 64bit OS.
Thanks for any help with this dibilitating problem.
L J Mac

Answer:PC infection preventing programs from running

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it. If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

6 more replies
Relevance 53.3%

My computer has been repeatedly infected by something calling itself Antimalware Doctor, a nasty piece of malware which effectively renders the computer unusable until I have restored it to a pre-infection state using an Acronis boot CD and a backup stored on an external drive. The fix is not hard, but it is time consuming.

The computer gets infected when we watch a TV show on this web site:

hxxp://wowpinoytv.blogspot.com/2011/04/mara-clara-april-15-2011.html

I'm sure the conservative advice would be to avoid the web site, but it is a ripper of a show!

The computer runs WinXP pro SP3, and has AVG free installed, along with Spybot S&D. Spybot will find the infection once it is there, and if I kill the process associated with it (k70ccreloc.exe), it seems to remove it. But after a short pause it comes back and reaks havoc, corrupting files, killing the network and so on. AVG doesn't seem to notice anything is wrong.

I am curious as to how the malware is getting on to the computer. Nothing is happening, except at TV show is playing in a Browser (Firefox - current version). No ads are being clicked, the mouse is not rolling over anything. The show is playing, and suddenly the Antimalware Doctor window opens up.

I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.

With many thanks

MCart

Answer:Preventing infection by Antimalware Doctor

Please do not post active links to malware or possible malware related sites to include links which may lead to sites where infections have been contracted and spread. I have disabled the one(s) you posted so others do not accidentally click on them.I am curious as to how the malware is getting on to the computer.Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered def... Read more

2 more replies