Computer Support Forum

Malware- Infested Computer, Getting Worse

Question: Malware- Infested Computer, Getting Worse

Hello. I appreciate all the help that anyone can give me. For an understanding of what is happening/ how this all started, please see a thread that I started today, here: threadNew info that wasn't posted in that thread: My internet has recently stopped working. None of my browsers are loading anymore (mozilla, opera, or rogers yahoo)I have run MBAM several times to no avail. SAS had only found tracking cookies, nothing else. TDSS Killer continues to report something in the "atapi" driver, but won't take care of the problem after it instructs me to reboot.::DDS LOG::DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 19:12:05.17 on 14/05/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -4:00]AV: Rogers Online Protection Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}AV: Norton Security Online *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Rogers Online Protection Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exesvchost.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\dllhost.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\ARPWRMSG.EXEC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Rogers\SelfHealing\rogersagent.exeC:\program files\steam\steam.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exec:\windows\system\hpsysdrv.exeC:\Program Files\DISC\DISCover.exeC:\Program Files\DISC\DiscUpdMgr.exeC:\Program Files\DISC\DiscStreamHub.exeC:\Program Files\Opera\opera.exeC:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://express.rogers.yahoo.com/uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=64&bd=PRESARIO&pf=desktopuDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PRESARIO&pf=desktopuSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}mDefault_Page_URL = hxxp://rogers.yahoo.commDefault_Search_URL = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.commSearch Page = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.commStart Page = hxxp://rogers.yahoo.commSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.htmluInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=64&bd=PRESARIO&pf=desktopmSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PRESARIO&pf=desktopuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\rogers online protection\rogers online protection\pkR.dllBHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileuRun: [RHSI SHS] "c:\program files\rogers\selfhealing\SHS.exe" /backgrounduRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /backgrounduRun: [RogersAgent] c:\program files\rogers\selfhealing\rogersagent.exeuRun: [SHS] "c:\program files\rogers\selfhealing\SHS.exe" /backgrounduRun: [AdobeBridge] uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [Steam] "c:\program files\steam\steam.exe" -silentuRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheModemRun: [RTHDCPL] RTHDCPL.EXEmRun: [AlwaysReady Power Message APP] ARPWRMSG.EXEmRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [] mRun: [PCDrProfiler] mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /runmRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUNmRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"mRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exemRun: [fssui] "c:\program files\windows live\family safety\fssui.exe" -autorunmRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Htyp] c:\docume~1\compaq~1\locals~1\temp\Htyp.exemRun: [QuickTimeWebHelperQuickTimeWebHelper7.6.51327.79] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\da.lproj\quicktimewebhelperquicktimewebhelper.exemRun: [MicrosoftMicrosoft] c:\program files\common files\microsoft shared\dao\microsoftmicrosoft.exemRun: [HpqNUtilresources] c:\program files\hp\digital imaging\unload\en\hpqnutilresources7.0.0.229.exemRun: [QuickTimeQuickTimeWebHelper] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\da.lproj\quicktimewebhelperquicktimewebhelper.exemRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exemRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:bootmRunServices: [Htyp] c:\docume~1\compaq~1\locals~1\temp\Htyp.exemRunServices: [ImportScotchRules1.0] c:\program files\adobe\adobe indesign cs4\plug-ins\page item\scotchrulesimage6.0.exemRunServices: [QuickTimeResourcesQuickTimeResources7.6.51327.80] c:\program files\quicktime\qtsystem\quicktimecapture.resources\quicktimeresourcesquicktime.exemRunServices: [LiveUpdateAlertEng] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\languages\09\01\alertengalertengloc1.4.5.83.exemRunServices: [QuickTimeQuickTimeWebHelper] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\da.lproj\quicktimewebhelperquicktimewebhelper.exemRunServices: [QuickTimeQuickTimeWebHelperQuickTimeWebHelper] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\da.lproj\quicktimewebhelperquicktimewebhelper.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exeIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLTrusted Zone: trymedia.comDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dllDPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cabDPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\pjsw54bt.default\FF - prefs.js: browser.startup.homepage - hxxp://ca.mc880.mail.yahoo.com/mc/welcome?.partner=rogers-acs&.gx=1&.tm=1261955645&.rand=5fbqh75v9i751#_pg=welcome&&.rand=186729662&hash=fb52a405c6d5ec720cf31bdcf38dfe45&.jsrand=2264611FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\rogers online protection\rogers servicepoint agent\nprpspa.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-4-9 112144]R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-9 196368]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R3 Radialpoint Security Services;Rogers Online Protection;c:\program files\rogers online protection\rogers online protection\RpsSecurityAwareR.exe [2009-2-27 97520]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-5-13 15944]=============== Created Last 30 ================2010-05-14 22:57:50 96512 ----a-w- c:\windows\system32\drivers\tsk1C.tmp2010-05-14 22:57:50 36488 ----a-w- c:\windows\system32\drivers\klmdb.sys2010-05-14 21:43:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-05-14 21:38:32 0 d-----w- c:\program files\SUPERAntiSpyware2010-05-14 21:38:32 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com2010-05-14 03:11:05 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2010-05-14 03:10:53 0 d-----w- c:\program files\Hitman Pro 3.52010-05-14 03:10:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro2010-05-14 01:05:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll2010-05-14 01:05:09 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll2010-05-14 01:05:08 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll2010-05-14 01:05:05 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe2010-05-14 01:05:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe2010-05-14 01:04:24 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe2010-05-14 01:04:20 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys2010-05-14 01:04:18 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys2010-05-14 01:04:11 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys2010-05-14 01:04:08 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2010-05-14 01:03:23 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys2010-05-14 01:03:18 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys2010-05-14 01:03:14 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys2010-05-14 01:03:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys2010-05-14 01:01:54 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys2010-05-14 01:01:49 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys2010-05-14 01:01:45 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys2010-05-14 01:01:36 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys2010-05-14 01:01:32 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys2010-05-14 01:01:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys2010-05-14 01:01:25 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys2010-05-14 01:01:16 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys2010-05-14 01:01:12 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys2010-05-14 01:01:09 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys2010-05-14 01:01:06 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys2010-05-14 01:01:02 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys2010-05-14 00:59:57 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys2010-05-14 00:58:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys2010-05-14 00:58:55 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys2010-05-14 00:58:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys2010-05-14 00:58:43 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys2010-05-14 00:58:36 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys2010-05-14 00:58:32 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll2010-05-14 00:58:23 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys2010-05-14 00:58:20 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys2010-05-14 00:58:17 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys2010-05-14 00:58:13 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys2010-05-14 00:58:09 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll2010-05-14 00:58:06 103936 ----a-w- c:\windows\system32\dllcache\sx.sys2010-05-14 00:58:04 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys2010-05-14 00:56:51 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys2010-05-14 00:56:47 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys2010-05-14 00:56:44 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys2010-05-14 00:56:38 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll2010-05-14 00:56:32 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys2010-05-14 00:56:30 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys2010-05-14 00:56:28 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys2010-05-14 00:56:23 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys2010-05-14 00:56:10 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys2010-05-14 00:56:07 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll2010-05-14 00:56:04 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys2010-05-14 00:56:01 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys2010-05-14 00:54:45 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys2010-05-14 00:54:42 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys2010-05-14 00:54:39 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys2010-05-14 00:54:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll2010-05-14 00:54:33 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys2010-05-14 00:54:26 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys2010-05-14 00:54:23 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys2010-05-14 00:54:17 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys2010-05-14 00:54:15 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys2010-05-14 00:54:12 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys2010-05-14 00:54:07 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys2010-05-14 00:54:03 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys2010-05-14 00:52:59 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll2010-05-14 00:51:45 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys2010-05-14 00:51:36 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys2010-05-14 00:51:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys2010-05-14 00:51:23 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll2010-05-14 00:51:20 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys2010-05-14 00:51:05 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys2010-05-14 00:51:03 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys2010-05-14 00:49:55 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys2010-05-14 00:48:58 86016 ----a-w- c:\windows\system32\dllcache\pctspk.exe2010-05-14 00:48:52 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys2010-05-14 00:48:46 29769 ----a-w- c:\windows\system32\dllcache\pcntn5m.sys2010-05-14 00:48:41 30282 ----a-w- c:\windows\system32\dllcache\pcntn5hl.sys2010-05-14 00:48:38 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys2010-05-14 00:48:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys2010-05-14 00:48:29 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys2010-05-14 00:48:16 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll2010-05-14 00:48:12 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll2010-05-14 00:48:09 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys2010-05-14 00:48:07 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe2010-05-14 00:48:03 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll2010-05-14 00:48:01 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys2010-05-14 00:47:58 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll2010-05-14 00:47:55 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys2010-05-14 00:47:50 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys2010-05-14 00:47:43 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys2010-05-14 00:47:36 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys2010-05-14 00:47:30 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys2010-05-14 00:47:23 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys2010-05-14 00:47:17 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys2010-05-14 00:47:09 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys2010-05-14 00:46:02 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys2010-05-14 00:45:54 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll2010-05-14 00:45:25 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys2010-05-14 00:45:14 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys2010-05-14 00:45:12 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys2010-05-14 00:45:10 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys2010-05-14 00:44:52 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys2010-05-14 00:44:50 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys2010-05-14 00:44:40 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys2010-05-14 00:44:38 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys2010-05-14 00:44:27 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys2010-05-14 00:44:21 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys2010-05-14 00:44:19 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll2010-05-14 00:44:15 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys2010-05-14 00:44:07 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll2010-05-14 00:44:05 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys2010-05-14 00:44:02 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys2010-05-14 00:44:00 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll2010-05-14 00:43:57 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys2010-05-14 00:43:55 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll2010-05-14 00:43:52 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys2010-05-14 00:43:49 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys2010-05-14 00:43:46 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys2010-05-14 00:43:44 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll2010-05-14 00:43:41 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys2010-05-14 00:43:39 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll2010-05-14 00:43:36 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys2010-05-14 00:43:32 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys2010-05-14 00:42:50 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys2010-05-14 00:42:37 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys2010-05-14 00:42:24 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys2010-05-14 00:42:21 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys2010-05-14 00:42:06 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys2010-05-14 00:42:02 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys2010-05-14 00:42:00 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys2010-05-14 00:41:42 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys2010-05-14 00:41:26 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys2010-05-14 00:41:08 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys2010-05-14 00:40:48 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys2010-05-14 00:40:39 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys2010-05-14 00:40:37 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll2010-05-14 00:40:31 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys2010-05-14 00:40:28 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll2010-05-14 00:40:26 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys2010-05-14 00:40:18 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys2010-05-14 00:40:06 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys2010-05-14 00:38:57 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys2010-05-14 00:38:54 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys2010-05-14 00:38:50 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys2010-05-14 00:38:40 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll2010-05-14 00:38:34 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll2010-05-14 00:38:33 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll2010-05-14 00:37:37 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys2010-05-14 00:37:35 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys2010-05-14 00:37:34 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2010-05-14 00:37:32 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys2010-05-14 00:37:32 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2010-05-14 00:37:31 88192 ----a-w- c:\windows\system32\dllcache\irda.sys2010-05-14 00:37:19 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys2010-05-14 00:37:16 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll2010-05-14 00:37:14 38784 ----a-w- c:\windows\system32\dllcache\io8.sys2010-05-14 00:37:10 13056 ----a-w- c:\windows\system32\dllcache\inport.sys2010-05-14 00:37:08 16000 ----a-w- c:\windows\system32\dllcache\ini910u.sys2010-05-14 00:36:21 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll2010-05-14 00:36:17 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys2010-05-14 00:36:15 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll2010-05-14 00:36:13 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll2010-05-14 00:36:11 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys2010-05-14 00:36:08 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll2010-05-14 00:36:06 91136 ----a-w- c:\windows\system32\dllcache\icam4com.dll2010-05-14 00:36:04 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll2010-05-14 00:36:02 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys2010-05-14 00:34:58 289887 ----a-w- c:\windows\system32\dllcache\hsf_fall.sys2010-05-14 00:33:58 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys2010-05-14 00:32:58 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys2010-05-14 00:32:52 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll2010-05-14 00:32:45 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys2010-05-14 00:32:40 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys2010-05-14 00:32:33 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys2010-05-14 00:32:31 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys2010-05-14 00:32:29 11850 ----a-w- c:\windows\system32\dllcache\f3ab18xj.sys2010-05-14 00:32:25 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys2010-05-14 00:32:17 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys2010-05-14 00:32:14 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys2010-05-14 00:32:03 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll2010-05-14 00:32:01 45568 ----a-w- c:\windows\system32\dllcache\esuni.dll2010-05-14 00:30:58 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys2010-05-14 00:29:52 20192 ----a-w- c:\windows\system32\dllcache\dpti2o.sys2010-05-14 00:29:43 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys2010-05-14 00:29:42 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys2010-05-14 00:29:41 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys2010-05-14 00:29:40 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys2010-05-14 00:29:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys2010-05-14 00:29:04 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys2010-05-14 00:29:03 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys2010-05-14 00:29:01 26698 ----a-w- c:\windows\system32\dllcache\dlh5xnd5.sys2010-05-14 00:29:00 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys2010-05-14 00:27:58 20928 ----a-w- c:\windows\system32\dllcache\defpa.sys2010-05-14 00:26:53 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll2010-05-14 00:25:57 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys2010-05-14 00:24:37 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys2010-05-14 00:23:59 342336 ----a-w- c:\windows\system32\dllcache\banshee.dll2010-05-14 00:22:32 77568 ----a-w- c:\windows\system32\dllcache\ati.sys2010-05-14 00:22:31 96128 ----a-w- c:\windows\system32\dllcache\ati.dll2010-05-14 00:22:24 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys2010-05-14 00:22:20 14848 ----a-w- c:\windows\system32\dllcache\asc3550.sys2010-05-14 00:22:19 26496 ----a-w- c:\windows\system32\dllcache\asc.sys2010-05-14 00:22:19 22400 ----a-w- c:\windows\system32\dllcache\asc3350p.sys2010-05-14 00:22:08 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys2010-05-14 00:22:05 36224 ----a-w- c:\windows\system32\dllcache\an983.sys2010-05-14 00:22:04 12032 ----a-w- c:\windows\system32\dllcache\amsint.sys2010-05-14 00:22:01 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys2010-05-14 00:20:59 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys2010-05-14 00:20:58 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll2010-05-14 00:20:56 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys2010-05-14 00:20:54 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys2010-05-14 00:15:12 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll2010-05-13 23:52:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton2010-05-13 23:50:07 0 d-----w- c:\program files\NortonInstaller2010-05-13 23:50:07 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller2010-05-13 00:11:38 0 d-----w- c:\program files\Steam2010-05-05 20:48:22 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes2010-05-05 20:48:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-05-05 20:48:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-05-05 20:48:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-05-05 20:48:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware==================== Find3M ====================2010-05-14 23:11:58 61386784 --sha-w- c:\windows\system32\drivers\fidbox.dat2010-05-14 22:57:49 2954784 --sha-w- c:\windows\system32\drivers\fidbox2.dat2010-05-14 22:52:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2010-05-14 22:52:11 278036 --sha-w- c:\windows\system32\drivers\fidbox2.idx2010-05-14 22:52:10 823028 --sha-w- c:\windows\system32\drivers\fidbox.idx2010-03-10 04:33:41 1509888 ----a-w- c:\windows\system32\dllcache\shdocvw.dll2010-03-10 04:33:38 1025024 ----a-w- c:\windows\system32\dllcache\browseui.dll2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\dllcache\wininet.dll2010-02-26 05:43:57 627712 ----a-w- c:\windows\system32\dllcache\urlmon.dll2010-02-26 05:43:55 3073024 ----a-w- c:\windows\system32\dllcache\mshtml.dll2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll2010-02-26 05:43:54 251904 ----a-w- c:\windows\system32\dllcache\iepeers.dll2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe2006-12-25 21:48:50 22 --sha-w- c:\windows\sminst\HPCD.SYS============= FINISH: 19:13:10.28 ===============

Relevance 100%
Preferred Solution: Malware- Infested Computer, Getting Worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware- Infested Computer, Getting Worse

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog From Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

28 more replies
Relevance 72.16%

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

Answer:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

1 more replies
Relevance 69.7%

ace74aceThread Starter

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3893 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 463436 MB, Free - 185155 MB;
Motherboard: Intel Corp., Base Board Product Name
Antivirus: Norton Internet Security, Disabled

I have tried to run Malwarebytes anti Malware but what ever is on this machine is thwarting the scan. How can we get this machine back to running like it just came out the box?

I tried to create a Hijackthis log file but I cant'.
The computer seems to shut itself off when ever I try to run any anti Mal ware program, etc.... even when I go into safe mode with networking.
Can someone one help me clean up this machine?
 

Answer:Malware infested computer

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 64 bit version
Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

1 more replies
Relevance 69.7%

Hello, I'm completely new to this forum, but am at my wits end with my parents laptop. I know for sure it has the redirect virus, and there seems to be a few other malware that I am unfamiliar with, such as command prompt windows opening very briefly on startup of the computer. They usually close too fast to see the text in the window. I've already downloaded and run hitman pro, malware bytes, and adwcleaner. While these programs seemed to remove some malware, there seems to be some left. Now I've come for help with someone more trained in these matters. The computer runs Windows 8.1, and I dont think there has ever been anti-virus protection on it.

Answer:Malware infested computer.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

8 more replies
Relevance 69.7%

Serious problems with the old win XP Dell computer. I was out of town and my wife started dealt with it initially. She noted that TrendMicro blocked SMSS32.exe and recorded that there was a popup warning her about worm Win32 Netsky. She closed the pop up and attempted to continue to use the computer. When she noted it ran slow, she shut the computer down.When I got home, I updated TrendMicro and scanned the computer. It removed a trojan horse of sometype. I think "EU" was in the title. Still suspicious, I looked up SMSS32.exe and saw that my machine still had the signature for something called TROJ_FAKEAV.BNB. I went through the steps on TrendMicro's site to manually remove the trojan. Not all the items listed for the trojan were on my machine.Still suspicious, I created a new user account and left the machine on for a week unused. During that time, TrendMicro detected and removed a trojan with the word "Ransom" in the title and there were multiple error warnings for an instruction at 0x7c923845 referencing memory at 0x00000000. Searching on that led me to this site where a few recently have had the same problem.Here's the DDS and the ark----DDS (Ver_10-10-10.03) - NTFSx86 Run by Jonathon at 9:48:19.65 on Sun 10/17/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.220 [GMT -4:00]AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7... Read more

Answer:My Malware infested computer

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

21 more replies
Relevance 69.7%

I keep getting directed everywhere but where I want to go. Even .gov sites won't work.I have AVG but somehow something got thru. Please help!Also AVG detects a file called :"C:\WINDOWS\system32\skp.exe";"Runtime packed mew";""but can't seem to do anything about it.DDS (Ver_09-12-01.01) - NTFSx86 Run by Katie at 21:00:33.20 on Thu 01/21/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.475 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Seagate\Basics\Service\SyncServic... Read more

Answer:My computer is infested with malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

22 more replies
Relevance 69.7%

My computer is infested with malware and I don't know where to start to get rid of it.
I have Zone Alarm and the malware has set up a tmp file to divert it's functioning properly.
I also have System Mechanic 7 and the malware has infested it so that I can't even uninstall the application. I am not really sure if the Register Mechanic is operating properly. There are so many problems that everytime I try to fix one thing, there are a
multitude of other problems. My backup has been infested with malware and even when
I try to erase something, the malware puts it right back. I tried to use the incinerator from
the System Mechanic and now the malware won't even let me access the incinerator. I am
having bootup problems because of malware prefetch files that I can't get rid of. It does me no good to try to go back to a previous version of backup because the malware has
infested that as well. Is there anything that can cure this problem? I have seen some
software advertised as regcure and am wondering if this would work. How can I clean up
my computer? Any help would be greatly appreciated.

Holton Man
 

More replies
Relevance 68.47%

A friend ask me to look at her troubled computer. She was hit by MalwareProtector2008/Antivirus2008 and signed up for and paid for 2 years of protection with her credit card--she said then the popups started. She did not have updated antivirus protection. She had downloaded almost every free ware you can find ie .. games, music. When I turned it on, the popups were so massive that it was impossible to process anything. I could not do a Microsoft Update. I uninstalled all the free downloaded programs that I could find in ControlPanal, AddRemovePrograms. Then,went into safemode and deleted every free download I could find. I used msconfig to stop everything that was not necessary in the Startup and Services. I installed an unused copy of NAV2007. After it finally installed and updated it found numerous virus, trojans, adware and it removed many. It found MalwareProtector2008, Downloader trojan, MSJaun, av2009, Vundo(and its varients). Vundo kept returning because vundo seemed to have an open port and control of the pc any time IE7 was started. I read topics on "bleebingcomputer" and tried some of the hints to remove vundo, ran various programs ie: Norton's FxVundo, FxVundoB, UnHookExec(vundo had control of the registry). Lavasoft's Ad-aware, Spybot, Microsoft Defender, Malwarebytes' Anti-Malware, liveOneCare scan,Trend's Rootkitbuster, many times over(updating the software as needed. After the last time I ran Defender the WindowsUpdates took off and a... Read more

Answer:Various Malware, Trojans, And Adware Infested Computer

Hello would you please post the latest scan log of Malwarebytes. Here are the full instructions if needed.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and cont... Read more

1 more replies
Relevance 68.47%

Hi everyone,My computer is infected with spyware. Every 15 or so seconds, a new popup ad will appear. Or, the spyware will redirect the site that I am currently looking at to another site. I have tried treating this problem with at least 5 different anti-spyware programs (Microsoft, ad-aware, etc.) and have had no success.Below is my HiJackThis log:Logfile of HijackThis v1.99.1Scan saved at 10:38:51 PM, on 12/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\smncs.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\... Read more

Answer:Computer Infested With Spyware/adware/malware

Hello all,Pop-up ads are coming up like crazy and I can't stop it. I have tried all other traditional anti-spyware programs, but to no avail. Pllllleeeeeeeease help somebody. Below is my HiJackThis file.Thank you in advance!Logfile of HijackThis v1.99.1Scan saved at 12:58:13 AM, on 12/30/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\smncs.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\windows\system\hpsysdrv.exeC:\Program Files\InterMute\SpySubtract\SpySub.exeC:\WINDOWS... Read more

2 more replies
Relevance 67.65%

Hi,

Im using Windows XP.
I currently only have the following AV; MalwareBytes' Anti-Malware installed.

I've got reason to believe my computer is infested with malicous malware/spy-ware :(

I've tried the following:
-MBAM has detected over 500 threats and quarantined the majority yet...the problems still occur.

-The nod32 online scanner has detected 109 threats (all were various Trojans such as Adware etc. within registry) and has claimed to remove them...but the problems still occur.

-I've tried uninstalling useless/unused programs, which I don't remember installing?. (As an atempt to improve the computers speed..and diagnose the blue screen issue)

-Tried doing a 'Disk Cleanup' as an attempt to improve the computers speed, but the preloader gets half way and stops (perhaps due to slowness -> CPU?).

-System Restore - but that did'nt have any dates which the computer was clean on...

-Ran a free registry fixer (to clean up any registry errors, which apparently detected over 500 errors and fixed them).

But I am still experiencing the following problems (even though I've tried all the above):
-The computer automatically shuts down after a while (if windows started normally) and displays a blue screen (of death?) - which says something like 'A problem has been detected and windows has been shut down to prevent damage to your computer...uninstall any recent software...'. However if im on safe mode with networking (which I'm using now to post here) it ... Read more

Answer:Computer infested with malware, google redirects aswell

Following instructions;


Heres my DDS.txt log:



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 0:54:39.79 on 15/07/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.191.59 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = file://c:\apps\ie\offline\uk.htm
uInternet Connection Wizard,ShellNext = hxxp://110380url.cptgt.com/cpv.jsp?p=110380&ip=90.201.66.88&url=http%3A%2F%2Fwww.facebook.com%2F&context=Welcome+to+Facebook&selectedKeyword=facebook+com&selectedListingId=7292712
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
{12e9835b-31f2-4d02-b178-48c4b75dbde5}
{66a58e37-1986-4893-b382-514e5ac5799a}
TB: {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - No File
TB: SweetIM... Read more

19 more replies
Relevance 63.96%

Specs,

CPU: Intel core duo T8100 @2.10 Ghz and 2.10ghz

Graphics: Ati mobility radeon hd 3870

Ram: 2 Gb

Running Windows Vista 64 (although some of my program files say 32?)

So suddenly on june 5th my computer started acting more sluggishly and couldnt perform near as well as it did before. I checked the updates and windows defender and mcafee were the only programs recently updated, I defragged the hard drive, searched for malware and spyware, updated all drivers and none of it fixed my problem. My rig was easily able to play 1080p before and now the video lags terribly, and the games the used to run super smoothly (in range of 30+ fps) now run at and average of 12 fps or lower. On clean boot the problem persists and i cant really tell if the problem is there in safe mode because the only time i can really tell my computer is slowing down is when it is streaming video or playing games.

The weird thing is ive been messing with my video drivers to see if i can fix it, and after using driver sweeper my graphics card didnt function (my windows experience index went from a 5.9 to 1, i couldnt use windows aero) but 1080p ran smoothly as ever. Once i reinstalled the drivers my index score went back up to 5.9 but it cant play 1080p. Because of that fiddling around i cant install catalyst control center anymore (it seems to install ok but when i open it there is an error message "could not load file or assembly CLI.implementation or one of its dependancies the s... Read more

Answer:Computer performing much worse than it used to, not virus or malware

In addition to a full antivirus scan, did you make a full scan with malwarebytes?
If so make a memory test
http://www.geekstogo.com/forum/topic...ing-memtest86/

2 more replies
Relevance 56.99%
Question: Malware infested

My computer has just started bugging out!! it keeps getting redirected to adpages and i Can not download a Malware remover. It keeps giving me a error. Can someone assist me?DDS (Ver_09-12-01.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 3/13/2009 4:16:18 PMSystem Uptime: 1/26/2010 2:29:55 AM (2 hours ago)Motherboard: Intel Corporation | | D915GAGProcessor: Intel® Pentium® 4 CPU 3.00GHz | | 3000/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 229 GiB total, 195.177 GiB free.D: is FIXED (FAT32) - 4 GiB total, 0.846 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableL: is FIXED (NTFS) - 233 GiB total, 132.017 GiB free.N: is FIXED (FAT32) - 466 GiB total, 318.397 GiB free.==== Disabled Device Manager Items ================= System Restore Points ===================RP1: 1/18/2010 6:29:33 PM - System CheckpointRP2: 1/18/2010 8:20:55 PM - Installed TurboTax 2009 wmdiperRP3: 1/20/2010 7:35:22 AM - System CheckpointRP4: 1/22/2010 10:10:58 PM - System CheckpointRP5: 1/23/2010 3:21:04 PM - Restore Operation==== Installed Programs ======================AAC DecoderAcrobat.comAdobe AIRAdobe Flash Player 10 PluginAdobe Flash Player ActiveXAdobe Reader 7.0Adobe Shockwave Player 11.5AnswerWorks 5.0 English RuntimeAOL ToolbarAOL You've Got Pictures ScreensaverApple Application SupportApple Mobile Device SupportApple Software UpdateAutoUpdateBlackBerry ... Read more

Answer:Malware infested

Hello Nate342 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I would like to get another rootkit scan if we can. Please try the following. If for some reason it won't run don't try to force it just let me know.Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If it gives you a warnin... Read more

2 more replies
Relevance 56.99%
Question: Malware infested

My son came home from college with a laptop that seems to be infested with Malware. Although Spybot and Mcafee scans came up emty, I am certain there is something going on. The system is slower than molasses, and we get frequent system error messages. My hunch is problems with the registry - but I don't know enough about this to know for sure. So, I need help.

I have attached the following log file from Hijack This.
Logfile of Trend Micro HijackThis v2.0.2
 

Answer:Malware infested

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 56.99%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 56.58%

(original thread)http://www.bleepingcomputer.com/forums/topic383140.html.DDS (Ver_11-03-05.01) - NTFSx86 Run by owner at 11:45:58.85 on 05/03/2011Internet Explorer: 8.0.6001.19019Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.2005 [GMT -8:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\taskeng.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\rundll32.exeC:\Win... Read more

Answer:Infested Virus/Malware [V2]

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

2 more replies
Relevance 56.58%

I'M imbecile about both English and computer.Sorry about my ineptitude .But I still want to have my pc fixed .I'm begging for your mercy&help .Considering my limited capacity ,I excerpted some descriptions(scan results) from the hijackthis.exe to manifest the maladies my pc caught..The scan results are listed below.I'm gratefully looking forward for your precious reply?Your help will be sincerely appreciated .Thank you beforhand!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:23:26, on 2010-9-5Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v1.09 SP3 (1.09.0008.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kingsoft\Kingsoft WebShield\KSWebShield.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kingsoft\KSafe\KSafeTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Tencent\QQ\Bin\QQ.exeD:\????\wangf\HelloNet.exeC:\Program Files\Tencent\QQ\Bin\TXPlatform.exeC:\Program Files\Kingsoft\KSafe\KSafeSvc.exeC:\WINDOWS\system32\coni... Read more

Answer:SOS some indelible malware infested my pc

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 56.58%

I get the Antivirus 2009 popup constantly, along with websites directing me to random websites. Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:42 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:... Read more

Answer:infested with malware and spyware

is anyone going to help me???
 

2 more replies
Relevance 56.58%

Cannot run out of safe mode. The computer crawls and does not respond.

Had to run most malware removal tools in safe mode. The only tool I got to run while logged normally as mhollings was RoguKiller. I was able to kick that off before the desktop froze up.

Initial symptoms included disable of anti-virus, IE redirection and lockup of explorer.exe.

Logs are attached. Thanks in advance!
 

Answer:Malware Infested - Zero Attack and more

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 3 detections:

[PREVRUN] HKCU\[...]\Run : ProcessLasso (RUNDLL32.EXE "C:\Documents and Settings\Mhollings\Local Settings\Application Data\ProcessLasso\zgquvrax.dll",InjectDll) -> FOUND
[PREVRUN] HKUS\S-1-5-21-1172250837-843870029-1846952604-1017[...]\Run : ProcessLasso (RUNDLL32.EXE "C:\Documents and Settings\Mhollings\Local Settings\Application Data\ProcessLasso\zgquvrax.dll",InjectDll) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\Mhollings\Local Settings\Application Data\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\n.) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.

Now do the same for Files/Folders tab:



[ZeroAccess][FILE] n : c:\windows\installer\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\L --> FOUND
[ZeroAccess][FILE] @ : c:\documents and settings\mhollings\local settings\application data\{eea3ca83-0dc6-744b-ed69-201d14238b8c}\@ --> FOUND
[ZeroAccess][... Read more

3 more replies
Relevance 56.58%

Hi, for about a week now i have been experiencing problems which is suspect to be caused by some sort of spyware/malware.
The symptoms of the problem are continuous pop up alerts from a yellow triangle in the system tray, i'm not sure if this is a genuine windows warning but i assume it is caused by the spyware.
The pop up windows says System Alert: [email protected]
Other symptoms include advertisment pop ups for many different websites.
I use firefox as my default browser and have tried denying access to internet explorer to prevent these pop ups but the spyware seems to over ride the settings and pop ups appear (in IE windows)

I have attempted to remove the software by using obvious methods but with no success.
I have ran ad aware scans which find only tracking cookies, which i delete, although this changes nothing.
I have also ran ewido scans which find more than ad aware does, and again, which i have applied the actions, but with no success in solving my spware problems.
I have ran hijackthis, but there is nothing that i can identify and be sure that it is safe to remove, therefore i would prefer to get advice from womeone who knows more about the subject than me.

Any help in solving this problem would be much appriciated
Rob
 

Answer:Please Help! Trojan and Malware Infested

Here are my logs for ewido, hijackthis and spybot

Thanks for any help
 

4 more replies
Relevance 56.58%

Broni tells me I have to get more advanced help, and to post here to ask for it.This is my father-in-law's PC, connected to my router, and I'm posting from my PC next to it. He had been infested with XP security 2012, I removed it ( I thought) with MalwareBytes and SuperAntiSpyware and cleared the temp files with TFC by oldtimer. But the internet connection issue didn't go away. That's when i came to BleepingComputer and created an account to ask for help! So, here we are...Here is the link to what Broni and I have done so far...Am I infected? What do I do?this is the DDS log....DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Run by TEMP-Admin at 13:16:38 on 2011-12-28AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = about:blankuSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&local... Read more

Answer:Win XP PC infested with unknown malware

Forgot to attach the log files...


 GMER.log   8.98KB
  0 downloads

 dds.txt   8.59KB
  1 downloads

53 more replies
Relevance 56.58%

Hello,I have been infested with Ise32 Property window which keep appearing on window start up. I have scan my computer recently with Norton 360 and found out that i have been infected with the following virus: W32.Gammima.AG, W32.SillyDC, W32IRCbot and have subsequently removed it. Despite removing the virus with Norton 360, the Ise32 Property would still continually pop up everytime i start up my computer. Unfortunately, my Norton 360 could not find any problem that resulted in the poping of Ise32 Property window. I have also use Window defender to scan but found nothing.Is the poping out of Ise32 Property window got to do with the recently virus that i have been infected?I have also posted a forum at "Am I infected? What do I do?" and have tried the suggestion given by the moderator. I had been suggested to use Autoruns to delete the Ise32 file. However everytime i delete the file, it will still pop up a ISE32 property the very next time i start up my computer. The Ise32 property window show up a few option for me to choose; Restore, ok and cancel. However i did not select any option and close it eventually. Lastly, the moderator had suggested me to post a HijackedThis log over here. Bottom is my HijackedThis log.I am currently using window vista home. Please advice me what to do. I would appreciate your help to solve the problem.I am looking forward to your reply.Thank you,Best regardsLeoDeckard's System Scanner v20071014.68Run by xiaoleo on 2008-07-02 01:22:22Co... Read more

Answer:Infested With Ise32 Malware

HelloWelcome to Bleeping Computer Hijackthis logs and Malware removal. I am farbar. I will assist you with your problem.Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.Please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please delete first your copy of dss.exe in order to download a fresh copy.Download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Decka... Read more

14 more replies
Relevance 55.76%

I'm sure this is a question that has popped up before on these forums, and I'm sure I could conduct a little more on line research myself as to finding the answer. But then I thought I'd start a topic here because it might just be that there are several ways of doing it.
 
So after discovering a malware-infested site (on the surface web) and becoming infected as I just have with a browser hijacker (quickly eliminated thanks to Zemana!), what do I do now if I want to report the site in the hope that the page can be eliminated from the web as a whole?
 
Many thanks.
 
 

Answer:Reporting malware-infested sites.....How?

An ongoing threat exists for computer users who, while browsing the Internet, began receiving pop-up security warnings that state their computers are infected with numerous viruses...If you have experienced the anti-virus pop-ups or a similar scam, please notify the IC3 by filing a complaint at www.IC3.gov.Internet Crime Complaint Center (IC3)  The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant.Filing a Complaint with IC3Venues for reporting malicious software & sites:How to Report Suspected Malware IssuesReport malicious site/software to GoogleReport spam, paid links, malware, and other problems to GoogleHow to Report Dangerous WebsitesReport MalwareFTC Complaint Assistant

4 more replies
Relevance 55.76%

Lost access to my permissions, controlled  by remote access. Numerous different scans done but not picking up hidden files. Antivirus scan settings altered to weaker settings by whoever has administration authorisation. I don't even have option to delete many things that they are controlling. 6 month old Sony Viao so really like to get fixed without sending off if poss for repair?...... Even webpages aren't the official pages and certificates seem fake. Wi-Fi active even when system appears switched off. Restores not restoring nor are updates. Only way to set in safe mode is to pull the battery as computer fakes shut down. Also all in new phone....I'm no computer wiz so lamen terms would be great, thank you. Im willing to follow instruction though.... Arghhhh! Please help?!

Answer:WINDOWS 8 Malware and Virus infested - PLEASE HELP!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 55.76%

Hi,

Im dealing with a clients laptop that is absolutely picked with dataminors/ spyware/ malware .. ive cleaned up most of it but the machine is still behaving oddly.

The HiJackThis log is below, any help would be much appreciated.

---- BEGIN LOG ----

Logfile of HijackThis v1.98.2
Scan saved at 14:28:28, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINNT\System32\Atievxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SWEEPSRV.SYS
C:\WINNT\system32\CAPM2RSK.EXE
C:\Program Files\Sophos\Remote Management System\ALCAgent.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
\sbserver\Users\PeterHall\Desktop\HI... Read more

More replies
Relevance 55.76%

After I had contracted the virus, my PC kept logging me out of windows. I ran adaware but it couldn't remove the files as they were being used by winlogon. So I dropped into DOS and manually removed them, then I deleted the registry entries where these files appeared. When I restated my PC I was locked out. It took me to the windows login screen where all accounts (even administrator) was passworded. Luckily thanks to a boot CD I've managed to restore my computer to the point just after I deleted the infected files and I'm back into windows. However the infection still appears to be present. Since restoring my PC, i've ran adaware and avg antivirus and its found and removed malware and a virus in my last system restore point. However I'm not convinced it's all clear.After running Hijackthis I noticed that there are still refrences to fccayvw.dll and mllnm.dll which caused the initial problem. These files are no longer there but it's left traces behind as well as registry entried that need correcting. There is also a browser add on which was running with reference to the mllmn.dll file which I have disabled but It's still on the list of programs in internet explorer.Here is my log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:13:55, on 10/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon... Read more

Answer:Infested With Virtumonde Virus/malware

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

3 more replies
Relevance 55.76%

Running on XP. Ran several scan Trojan.unclassified-packed suspension,then has another Trojan show up. Has Mirar, used forums to remove it (think it did).Trojans seems to dissapear and reappear in SuperAntiSpyware. My computer is running super slow, my searches were being redirected, and my keys don't seem to work while typing. Have Norton 360, picks up nothing.. at a loss.HighJack stops and days denied access to the HOSTS fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:16:47 PM, on 2/24/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18385)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exeC:... Read more

More replies
Relevance 55.76%

Hello! My laptop seems to be infested with a variety of viruses, including one that redirects my search engines to other websites. Along with this, my laptop seems to be running sluggish compared to when it was new, and I can't seem to update my Windows Defender (this is badly needed, as this laptop hasn't been used in a year and a half or so). Sorry for my inability to pinpoint exact viruses, but here's the logs requested:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:51 PM, on 2/26/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\... Read more

Answer:Malware/Virus infested laptop

6 more replies
Relevance 55.76%

I'm sure this is a question that has popped up before on these forums, and I'm sure I could conduct a little more on line research myself as to finding the answer. But then I thought I'd start a topic here because it might just be that there are several ways of doing it.
 
So after discovering a malware-infested site (on the surface web) and becoming infected as I just have with a browser hijacker (quickly eliminated thanks to Zemana!), what do I do now if I want to report the site in the hope that the page can be eliminated from the web as a whole?
 
Many thanks.
 
 

More replies
Relevance 55.35%

My computer is infested with trojans and malware, my CD ROM is no longer reading any CD's, pop ups are everywhere, and this morning I turned on my computer and all my icons are no longer there I had to wait until a pop up came on so i could use the internet explorer in hopes you guys have replied and still no luck, i really hope one of you can help me get my computer back.
Here is my Log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 2008-02-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\WINDOWS\SCURIT~1\regedit.exe
C:\Documents and Settings\Owner\Application Data\?ymbols\regedit.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Documents and Settings\Owner\Desktop\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCU... Read more

Answer:Infested with Trojans/Malware/Popups. CD ROM not running. Help.

16 more replies
Relevance 52.89%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 52.07%

Hi, my computer [dimension 3000 XP sp3] used to be shared by all of my brothers, but now i use it to record music since they have left for college. Recently i was trying to download music from an apparently bad source, and now my computer has pop ups flying everywhere, redirects me to random web pages, and puts icons on my desktop. Sometimes my computer wont even load through windows and it freezes anytime i try to remove programs i suspect [new stuff i dont recognize]. When i try to system restore i can go through and select a date, but when i get to the last click of "next" to do the restore, nothing happens when i click it. My webroot spysweeper is no longer functioning, i've downloaded the trend micro housecall to deal with some infections, yet it doesnt seem to have helped. I've been monitoring articles for the past few days here and nothing seems to help so i decided to post my problem and see if the community could help me. Here is my HJT readout.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:48 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\W... Read more

Answer:Computer is infested

bump?
i would also like to add that my disk defragment will not analyze or run disk defrag, and when i click into my computer> right click c> properties> tools> error checking wont work either, says that windows is unable to complete disc check.
no malware is found under my housecall program from trendmicro, however i am still getting redirected and cannot open programs, such as spy sweeper and such.
 

1 more replies
Relevance 52.07%

I tried vundofix, virtumondfix, Kapersky, Spybot, and AVG. I have Windows XP sp2I have included Hijackthis report for review....Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:28:17 PM, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lpcywinp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Yahoo&... Read more

Answer:Computer Infested, With, I Don't Know What.

Hello Denise148Hope you don't mind, but as it seems that you are getting help elsewhere >> Link <<this topic has been closed.If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.Good luck

1 more replies
Relevance 52.07%

Hello all, first id like to say that yes i have gone through all of the FAQ, downloaded-updated- and -run every program, most coming back with nothing results, and i am positive my computer is still massivly in the bad, I really am at the point of wanting to wipe my computer to get rid of all the crap, but i have far too many things that i cannot and do not want to back-up or try to recover. Well my computer has many issues with it and probably many virus's but the main one that bothers me the most and i cannot deal with any longer is something where out of no where i will just get disconnected from the internet, it is not a router or ISP or net connection problem as i have checked, i also have my ethernet hardwired and not wireless, as wireless couldn't perform good results for me. So i will be playing a online game or be talking on a ventrillo server ect. and i will get randomly disconnected and i cannot get connection back although it is indeed working. The only way i can get connection back is to basically spam my Maxthon quicklaunch button bringing up around 10+ instances of the internet, and sometimes it will fix the issue, if i do nothing the net will not fix, so i spam 10 internets then close group, then repeat until internet comes back up! this is insanly annoying and is terrible, i have heard of troubles like this before but no solutions. Also another issue i deal with is a disappearing cursor.. randomly my cursor would just disappear and i could not navig... Read more

Answer:SOS my computer is infested bad!!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 52.07%

Apparently there is a virus on my computer that I can't seem to get rid of. I can find it in the processes, it's called vyvwyu.exe, and there's another called kykyhg.exe. I know that the file is located in the the prefatch folder, but when I try and delete the file it returns, I've also tried to run a selective startup making sure to not run the program, yet it still seems to startup. The wonderful virus is downloading other viruses and random programs onto my computer and I'm starting to have trouble keeping up with it...any help would be much appreciated.
 

Answer:Help, my computer is infested

First:

Download Windows XP Prefetch Clean And Control

Run this to flush out your Prefecth folder.

Second:

Please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal


After doing ALL of the above if you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

37 more replies
Relevance 52.07%
Question: Infested Computer

Hello there!

Here's a fun one. Logs attached (and more coming).

Cheers.
 

Answer:Infested Computer

More logs.
 

20 more replies
Relevance 52.07%

I ran Spy bot, m antivirus and PC doctor and I still have issues. If I google something when I go to click the links on the search results my computer jumps to skin car sights. Below is my hijack this log. Please let me know if you can help. Thank you
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:58 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\basfipm.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\P... Read more

Answer:Please help, I think my computer is infested

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

----------------------------------------------------------------------------------------
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5... Read more

1 more replies
Relevance 52.07%

I've been diligently following your instructions in 'Read & Run me First' sticky and have finally cleaned up a PC running Win XP Home Editon SP2 as much as I can do alone. The problem remaining is advertising webpages open up without Internet Explorer running. It's taken two days to reach to the point where virus scans and spyware tools come up clean - after starting with 100+ problems encountered.

Attached is a hijackthis log taken after following all the steps in READ & RUN ME FIRST. Bitdefender, Trend Micro Free Online Scanner and Trojanscan all come up clean. Adaware and Spybot now also come up clean. I still have webpages opening without Internet Explorer running.

If someone would please take a look at the log and advice me on how to proceed I would be greatly appreciate it.
 

Answer:Please help! Computer was infested!

Download LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the aklsp.dll file (in the ?Keep? section) to select it.

Then, Select the >> button to move aklsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(Note: If the file aklsp.dll is already in the remove section, then just click FINISH.)

Follow the instructions in the following thread:
Look2Me VX2 Removal

Now run HijackThis and fix the following:



O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\aklsp.dll' missing
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\hr0805due.dllClick to expand...

Post a fresh HijackThis log when finished with the above.
 

15 more replies
Relevance 52.07%

Please help. AVG detects the following viruses on my machine. PSW.Agent.AUET, ASJX, ARMW and Generic9RDX. After cleanup they keep reappearing.
Combo log:

ComboFix 12-04-25.01 - Shed 25/04/2012 10:59:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.532 [GMT 1:00]
Running from: c:\documents and settings\Shed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch\clients.json
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch\tabs.json
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011\Help AntiVirus System 2011.lnk
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011\How to Act... Read more

Answer:Computer infested. Please help

HiPlease run the following:Please download HelpAsst_mebroot_fix.exe and save it to your desktop.Close out all other open programs and windows.Double click the file to run it and follow any prompts.If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.helpasst -mbrtMake sure you leave a space between helpasst and -mbrt !When it completes, a log will open.Please post the contents of that log.*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.mbr -fNow, please do the Start>Run>mbr -f command a second time.Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.helpasst -mbrtMake sure you leave a space between helpasst and -mbrt !When it completes, a log will open.Please post the contents of that log.**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mb... Read more

16 more replies
Relevance 52.07%
Question: Infested Computer

Huge thanks in advance guys, you're doing a great service here. Came home from work and my computer was completely locked, so I restarted it, and as soon as it came on, it became bogged down with popups and ended up locking up, so I couldn't do anything. Restarted in safe mode, managed to run Spybot in safe mode and Avast's before startup scan. That cleaned it up enough for me to at least start the computer in normal mode. However, in normal mode I didn't have access to my task bar or desktop icons, so I ran everything from the task manager. After I used superantispyware, I could use my taskbar and desktop again, so I uninstalled Avast (because I know you only want one on at a time.) Also of note, Spybot keeps getting registry changes and I keep denying them, but one has popped up that I can't deny. Should I be allowing them? Other than that, everything went realatively smoothly. Computer is in a usable state right now.
 

Answer:Infested Computer

Next post.
 

7 more replies
Relevance 52.07%

Logfile of HijackThis v1.99.1
Scan saved at 4:10:29 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\mmdsregl.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet... Read more

Answer:HELP! My computer is infested

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
================
download http://www.mvps.org/winhelp2002/DelDomains.inf with I.E.

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

==================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control cente... Read more

1 more replies
Relevance 52.07%

Hello,

I had problems with a slow PC several weeks ago and went through the Malware removal guide here at majorgeeks. I installed everything and went through everything step by step. Everything seemed to be working afterwards and I didn't post a thread or upload any of my 5 logs.

Everything slowly started to go bad again. I had a problem with something called dealcabby and I mistakenly went to a site called cleanpcguide.com and downloaded their fake solution software and made everything worse. It is at: http://www.cleanpcguide.com/download/ and you can see the 3 things it wants you to download. I see the installers in my download folder, they are: FixNCR.reg, SpeedyPC Pro Installer.exe, SpyHunter-Installer.exe.

Now I can't open my folders, can't install or uninstall programs, can't change anything - can't rename folders, or access my external hard-drive - everything freezes. I can't do anything involving system tools, couldn't even do a system restore.

One of the programs I tried to uninstall was "SpeedyPC Software" which is no longer in the uninstall list, but the folder is still there in Program files folder along with .exe file I can't delete.

I still had all the programs I downloaded last time but none of them run. I tried to go through all the steps again but, Can't uninstall anti-virus or firewall programs. When I run RogueKiller, TDSKiller, HitmanPro, they run for awhile then freeze. Ma... Read more

Answer:Malware - Second Time Even Worse

I'm also attaching the .reg file the cleanpcgudie.com site had me intall.
 

8 more replies
Relevance 52.07%

About 2 days ago I received a link in my inbox of facebook from a friend, I was in a hurry and wasn't thinking and clicked the link, I know bad move and I know better than that too . A new window popped up and had some kind of loading bar on the screen, I quickly closed the window. Since that day I can not connect to the facebook page on any browser: chrome,firefox, or explorer. All other webpages are accessible except facebook. I am more concerned with what else could be going on in the background of my computer. I have been reading forums and running malware and cleaners non stop trying to figure this out. I have currently used: CCleaner, Spybot, Spyware terminator 2012, Superantispyware.

So here I am asking for help to hopefully regain control of my computer, I have read the rules, i tried the google redirection/hijaking thread just in case that was it, and followed the Read & Run me first thread. I will attach the files from roguekiller, MB, TDS Skiller, Hitman, and MGtools. Any help is much appreciated. Thank you for your time
 

Answer:Possible malware issue.. or worse

MGtools zip
 

6 more replies
Relevance 52.07%

I keep getting pop ups at the bottom of my screen and numerous other virus warning again and again. No matter what I do, I think I get rid of them and they keep coming back, please help!
 

More replies
Relevance 51.66%

Hello, (I thank you in advance for your assistance)

This is my first post in this forum, and have been dealing with a very problematic computer for months now. It has gone through 2 shipments to the manufacturer, with a system board replacement round 1 (was getting BUG_CODE errors, physical fault), then had to be resent to have software reloaded. (This second time they ended up changing my 540gb sata hdd for a 120gb ssd, never did give me a reason why, but the performance is worth the upgrade. Asus repair is just awful btw.) Ok, so having recently received my computer this latest return, it has Windows 7 operating system up and running, so ready to tackle other main issue:

Prior and/or during the debugging of my hardware problems, my computer became infected with a nasty concoction of virus/rootkit/nasties, what exactly I was never able to determine before the hardware issues took over. I know my nephew had downloaded something from a shareware group without my knowledge, and after running a scan, AVG found 3-5 items and labeled them trojans. I was very uninformed for someone who is technically capable usually, and that was my mistake, I grew too relaxed. I was using as my main login an admin account, was messing around in services, just fiddling where I shouldn't have been. That being said, I briefly came across this site while doing my initial virus searches, but was shortly incapacitated. After running malwarebytes and microsoft security essentials, the virus got ... Read more

Answer:Seriously Infested Computer - Very Cautious

Good Day,I have an infected computer, and look forward to any assistance that can be provided. I will be attaching dds.txt and attach.txt. I did not try to run gmer, as the instructions asked not to run it on 64 bit systems. Should you need any further information from me, please do not hesitate to ask.Thanks, and have a great day.still learning how to read... sorry.Merged posts. ~ OB

42 more replies
Relevance 51.66%

My brother downloaded some mp3 and his desktop now has porn icons, the background is a blues screen that says that his computer is infected and he needs to buy software to clean it up.

The task manger can not be opened, and the add remove programs menu has no remove buttons, and when you try to uninstall things, a pop-up displays saying that the account does not allow uninstalling of programs.

I have seen many infections, but nothing like this, apparently AVG free does not even pick it up. Any ideas?

Charles
 

Answer:Brothers Computer is infested

What operating system is this?
 

7 more replies
Relevance 51.66%

(HJT log included)

I'm living in a sharehouse and my mate's computer has been absolutely destroyed by this malware. Constant pop ups alt tabing him out of programs are driving him crazy, and they spawned from a bad trainer for a video game. I'v tried helping him, used BPS adware remover, adaware, looked through HijackThis, registery cleaner and looked through the registery, running processes and done everything that I have ever needed to do to clean a computer. Unfortunetly the malware persists. It has gotten to the point where I am having trouble running some files that just won't go through. Anyway, to the more information section of this post here is the HijackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 1:05:07 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\TEMP\winD5B.tmp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
... Read more

Answer:Absolutely infested computer

I don't see any anti-virus software running.
Load AVG http://free.grisoft.com/freeweb.php/doc/2/ it's free.
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

3 more replies
Relevance 51.66%

Let me start off by saying I know nothing about computers. My problem is that everytime I'm using the internet, new windows keep opening with random sites such as ebay or dealtime, etc. Most of the time I'm on the internet I"m closing the new windows that keep popping up or everything locks up and I keep having to shut the system down. I have tried everything I know to get rid of them but nothing seems to work. I have norton 360, ad aware, spybot and I tried the stinger but it continued to lock up so I was never able to complete the scan. I have also tried a virtuemonde remover with no success. I know that I have the trojan virus. Adaware only finds tracking cookies, Spybot removes c smithfraud and a couple of others but always the same ones and Norton keeps telling me that everything is fine. I would appreciate any and all help. HEre is my Hijacklog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:42 PM, on 1/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

Answer:I Think My Computer Is Infested With Viruses That I Can't Get Rid Of

Welcome to the BleepingComputer HijackThis Logs and Analysis forum aeachusMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidan... Read more

1 more replies
Relevance 51.66%

So I have no one else to blame... I was trying to download a TV show from the network's website (don't worry it is freely released) and the download was painfully slow. As impatient as I am I decided to go to a third party p2p site to get the video so I would not have to wait as long. Upon download completion I attempted to watch the video and a window popped up telling me that I need to update a codec to view the file type (I believe it was divx). Anyway, immediately after "updating the codec," which I now assume was neither an update nor a codec, my computer was blasted with who knows how many infections. What I did next: I ran all of the spyware and virus scanning software I had and removed/quarantined all infected whatevers found. I managed to get rid of the viruses that were causing the "YOUR SYSTEM IS INFECTED" background as well as a few others and things began to get better but I still noticed really weird things happening. So I downloaded Malwarebytes, Ad-Aware and SpyNoMore. This is where things got odd. Ad-Aware wouldn't even begin to install; it gave me an error message that I'm sorry to say I cannot recall the wording. Malwarebytes took a few more tracking bugs of my computer and SpyNoMore found nothing although it will not update its definitions.Where I am now: I am having terrible symptoms caused by at least one virus. I am pretty sure I have some version of the Google Re-Direct Trojan but FixTDSS found no problems except a s... Read more

Answer:Computer Utterly Infested

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 51.66%

can someone take a look at this hijack this log and tell me what needs to be removed and why? I have use adaware and spybot and I am still getting browser popups that I don't want.

Logfile of HijackThis v1.98.0
Scan saved at 9:32:03 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\zipped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton ... Read more

Answer:Spyware infested computer

7 more replies
Relevance 51.66%

Hey, first off I would like to say thankyou to Jet Ian for helping me clean up my laptop. Thankyou, now I am trying to get my Desktop cleaned up, it is sooo slowww, anyways here is my hijack this log and my panda log for my desktop, your help will be appreciatedLogfile of HijackThis v1.99.1Scan saved at 3:18:22 AM, on 2/17/2006Platform: Windows ME (Win9x 4.90.3000A)MSIE: Internet Explorer v5.50 (5.50.4134.0100)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXEC:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\PELMICED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\AIM95\AIM.EXEC:\WINDOWS\SYSTEM\WMIEXE.... Read more

Answer:Slow Infested Computer

SnakeNdGrassGo to Add/Remove Programs thru Control Panel. Uninstall the following if they exist:Window SearchWin ToolsIEtoolsIESearchWindows AssistantWindowsSASearch AssistantWindows Search AssistantWhen uninstalling you will be prompted to insert a security code. Please do so and reboot when done.If you do not see these programs in your Add/Remove programs then download and run both of these uninstallers:http://lop.com/new_uninstall.exehttp://lop.com/toolbar_uninstall.exe Then open HJT Scan Only, close your browser and all open windows , check these entries and click on Fix Checked.R3 - Default URLSearchHook is missingO4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXEO4 - Startup: DLHelperEXE.exeO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cabO16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab SHOW HIDDEN FILES AND FOLDERS * Click on MY COMPUTER * Then on your C: Drive * Then to TOOLS/ FOLDER OPTIONS/ VIEW * Choose the radio button to SHOW HIDDEN FILES AND FOLDERS * Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES * Then APPLY/ OK * Don't forget to reverse this once your computer is clean To Enter SAFEMODE * Go to START/ SHUT OF YOUR COMPUTER/ RESTART* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, t... Read more

7 more replies
Relevance 51.66%

I keep getting pop-ups on my laptop, even when i'm offline (these don't load). They appear twice a minute or so and often divert me from the page, including the techguy welcome page. also, my laptop is running very slowly because of them.

I've checked for viruses using spyware doctor and avast! but they don't seem to find the problem.

When I checked the addresses of the pop-ups, they mostly begin with CPVfeed..... etc. so i figured that this was the problem.

I've checked the forum for previous threads on the problem but the solutions provided seemed for the specific user.

Can you help me?

ps. i use a wireless connction that my father refuses to password protect.
 

Answer:CPVfeed? Pop-ups have infested my computer

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/564912-argh-pop-ups-everywhere-cpvfeed.html#post4651996
 

1 more replies
Relevance 51.66%

I appologize. I did not research this well enough,w hen I first posted, so I am going to edit this, so I can use the correct lingo and be less confusing.

I had some problems with my computer before, and you guys helped me. Once it was fixed, I created a system restore point. My computer is now infested with spyware etc but we have also added some programs and such to it since I fixed it last time, and I was wondering if I were to convert it back to that system restore point, if that would delete my new programs? If not, I know how to restore it, but if it WILL delete my stuff, would you recommend fixing this new spyware and such, or converting my puter back to how it was and adding the programs later (if I can)?
 

Answer:Solved: Infested Computer

16 more replies
Relevance 51.66%

I've updated and run Norton Antivirus, AdAware and Spybot. Here's my log:

===================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 11:36:58 AM, on 6/13/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\vlnlvn.exe
C:\WINNT\System32\primeter.exe
C:\WINNT\system\huiroh.exe
C:\WINNT\System32\qedxtray.exe
C:\Program Files\abws\uhus.exe
C:\WINNT\System32\drwtsn32.exe
C:\Program Files\NavNT\VPC32.EXE
C:\Documents and Settings\Marlborough Public L\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://... Read more

Answer:Library computer infested

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe M... Read more

10 more replies
Relevance 51.66%

I am trying to remove viruses from a computer. I think I got some out but I am running into problems. The viruses won't allow Malwarebyte run...it comes on for 5 seconds then disappears. The same thing happens with hijackthis. I try it again and it says about the path being wrong. It won't let me take anything out of msconfig either. I know the permissions were changed. But anything I use to remove trojan viruses will not work. This includes Superantispyware, malwarebyte, hijackthis, combofix, I cant install Avast AntiVirus, nor will online antivirus software work, spybot search and destroy doesnt work. They don't work in the safe mode or the normal mode. I don't want to reformat the computer. It won't repair the operating system. Can anyone recommend anything? I'm stuck.
I'm sure the registry was corrupted as well.

Answer:computer infested with viruses

Hello,is this an XP machine? Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware... Read more

24 more replies
Relevance 51.66%

I have been having problems with my computer it is only 2 months old - I got internet about a month ago and I started having problems right away.  I started to get pop ups and then all of a sudden I was not able to go on the internet - when I click on internet explorer it just flashes and then disappears.  I ran Adaware from a CD a friend gave me and the scan showed tons of stuff I deleted/quarantined all of them but the problem continued.  I came here and looked at the posts then I tried to do a scan in safe mode but when I get to safe mode I only get the black screen with the four safe mode marks on the corners no taskbar or icons. How can I ran a scan if safe mode is like that?  Now I'm getting a message that says to insert the windows xp cd some files missing.  Also how can do more scans if I can't access the internet? I tried to download the programs you mentioned on the  posts onto a CD and it would not let me.  Sorry if this is too long but I'm desperate.  Any help would be greatly appreciated

Answer:Help computer infested with viruses

Do you have a real Windows CD, or a restore CD or what to reinstall everything. That sounds like your best bet, a lot easier and faster than this might be, but that's up to you.Next would be using Safe Computing practices. Load on your protection BEFORE you even connect to the net for the first time!http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530What were you using for protection before? How about posting some details, model number, etc. of your system. How do you connect to the internet?Post back if more help needed as well.

10 more replies
Relevance 51.66%

(Moderator edit: log post moved to the HJT Team Forum for review and member help. jgweed)I have followed all of your remedy steps before posting this problem, My windows is updated, I run an antivirus and a firewall, but Spy Falcon still broke through my security. None of my applications picks up the Spy Falcon program. When Spy Falcon first invade my computer, it took over completely, executing pop-ups, changing default settings and home pages, plus it brought, "iworm_attck_v122.02a" with it. It appears I have cleaned all viruses, spyware and adware from my computer. After following your instructions I still have a blinking icon in my task bar - red blinking circle with a diagonal line through it / alternating to a green handicap icon. I continue to get a red text box with the following inscription: Your computer is infected Critical System Error! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software. Clicking on this icon brings me to the Spy Falcon homepage.Hopefully you can provide me with a solution to remove this annoying program from my computer.Thanking-you in advance, I await your reply.NCBLogfile of HijackThis v1.99.1 Scan saved at 10:18:47 AM, on 14/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32�... Read more

Answer:Computer Infested With Spy Falcon

Hello,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmO3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!If any scanner, for example Spyware Doctor or Windows Defender gives an alert after fixing above hijackthisentries, allow the changes and don't block it, because it will put the entries back again if you block it.* Download Roguescanfix Download it to your desktop.Doubleclick roguescanfix_setup.exeSelect the language setup and click ok.Proceed with the installation. Make sure the 'Start Roguescanfix' is checked.Once you click Finish, it will start the fix.Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.If your firewall gives an alert, allow it instead of blocking it.In case you still get the ... Read more

2 more replies
Relevance 51.66%

I'm trying to clean my Sister-in-law's computer. She's running Windows XP SP3. After having no luck installing MBAM, even after running rkill, I was finally able to install MBAM and run a scan while running in Safe Mode. The initial scan identified 1,004 infected items. After rebooting in Normal Mode, a second scan resulted in identifying 56 additional infected objects. Subsequent scans continue to identify one infected file that MBAM, and myself directly, cannot seem to delete (even while I'm in Safe Mode). Here's the last MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4093

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/12/2010 1:28:06 PM
mbam-log-2010-05-12 (13-28-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 210246
Time elapsed: 52 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\yofun.sys (Rootkit.Agent) -> Delete on reboot.... Read more

Answer:Sister-in-law's Infested Computer

Hello,It appears as though you have a rootkit aboard which will require specialized tools to remove. Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.Orange Blossom

2 more replies
Relevance 51.66%

Hi
Its been more than a week my PC is acting crazy. Random text is being typed on its own in textfields and wherever the cursor is. Also its not possible to type some letters for example when you press 'l' the pc logs off.. press 'm' and all windows minimizes... press r and run command opens up and many more. The number keys dont work now and the system is too slow or hung most of the time.I cant type anything on my pc now. Please help. I am typing this from my friends computer.

I scanned my computer using A-Squared Antimalware first and it caught some virus called trojan.generic just the first time. Later on the scans came up with no infections even though my computer was still acting weird. Then I scanned them with Malwarebytes AntiMalware and it also caught some viruses the first time like trojan.dialer.. trojan.DNSChanger and Trojan.Agent. Later all the scans came clean. Its become really unbearable now. I just dont know what to do . Should I go for HijackThis?

Any help would be highly appreciated.Please do help.

Thank you
cheerios121

Answer:Computer infested with trojans.Please help!!

Did you try SAS?SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.
FirstReboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu w... Read more

1 more replies
Relevance 51.66%

My computer was running quite fine until a while ago... i started getting major popups on my computer for winantiviruspro.com and dealiotoday.com (or something along these lines).... i was wondering if anybody will be able to help me... i was also very confused and im pretty sure that this is spyware since i am using mozilla firefox (and have never had any popups before this incident)my hijackthis log looks like this:Logfile of HijackThis v1.99.1Scan saved at 10:10:27 PM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\notepad.exeC:\Documents and Settings\Eric\Des... Read more

Answer:Spyware Infested Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

10 more replies
Relevance 51.66%

DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Brian at 15:01:37.17 on Wed 12/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.38 [GMT -5:00]

AV: The Shield Deluxe Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\virus removal\dds.scr

============== Pseudo HJT Report ===========... Read more

Answer:Trojans are infested on my computer! HELP!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 51.66%

I used a site called datafilehost ,http://www.datafilehost.com/d/49eec52f, and forgot to uncheck the use install manager, aka virus installer. Now I have been desperately trying everything I can to remove malware and viruses from my computer.

I managed to find most of It, alas I still have some problems when I browse online. The DNS server often becomes unresponsive and I would have to refresh maybe 20 times for It to start working again. This doesnt bother me as much as, say knowing I have something on my machine can snip my credit card information...

Did a system restore just before the installation
Installed every antivirus imaginable
removed UAE
I read the R&R thread just after running most of the anti-malware/virus/adware programs. however I still got logs lying all over the place.
I know some of the stuff that got installed by the manager is called skypeemiticons, startsearch, yooouuutuuubbeeadblocke, and suptab.

Help please
 

Answer:datafilehost,com infested my computer

Sorry, almost forgot attachements.
 

6 more replies
Relevance 51.66%

Hey all...I am in need of some major aid. I have somehow ended up with this outerinfo crap on my computer. I download hijackthis but am not sure where to go from here. Below is my hijackthis notepad but I am unsure which ones to repair. I would be extremely greatful for any help. I am currently in college and 99% of my classes are online and this is hampering my work Any help would be greatly appreciated!!

Ali

Logfile of HijackThis v1.99.1
Scan saved at 9:09:57 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
 

Answer:Help!!! Outerinfo has infested my computer!

Welcome to Majorgeeks!


As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide plus a guide on how to attach the logs HOW TO: Attach Items To Your Post
 

1 more replies
Relevance 51.66%

Hi! I've been telling my husband for months that using Ares P2P sharing and streaming online movies from 1channel.ch is going to cause his computer to be full of viruses and what do you know?! He wasn't even using a virus detection software!!! IDIOT! lol Anyways... so when I downloaded MSE and did a scan I wasn't surprised to see the Trojans found on his device. My question is HOW do you rid the computer of these viruses that seem to be cleaned by MSE and then always pop back up... Here is the name of just ONE of the Trojans: Trojan:Win64/Sirefer.B. Any help in cleaning his system will be GREATLY appreciated. 

Answer:Computer Infested with Trojans

Hello I moved this from WIN 7 to Am I Infectedlets run these and see how it is after.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:•Flush DNS•Report IE Proxy Settings•Reset IE Proxy Settings•Report FF Proxy Settings•Reset FF Proxy Settings•List content of Hosts•List IP configuration•List Winsock Entries•List last 10 Event Viewer log•List Installed Programs•List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>>Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>Now I'd like us to scan your machine with ESET OnlineScan1.Hold down Control and click on this ... Read more

9 more replies
Relevance 51.66%

I had similar issues with my first pc in 2004. The MG site has been my go to source for resolving these issues, which I have by self learning and using recommended antispyware and other detection and troubleshooting tools. Also be sure to carefully configure your overall system and browser settings. The owners and volunteers at MG are performing an incredible service to all of us. Good luck to everyone!
 

Answer:empathy for those affected with malware and worse

Happy to hear you have had positive experiences at MG's, we try to answer every thread in a timely manner and respond as soon as time permits for us all.

Tell your friends about us, spread the word!
 

1 more replies
Relevance 50.84%

Hi everybody. I have a problem with the QuickBrowser adware and i hope with your help I can get rid of it. Here is my situation:Every 5 minutes or so, my antivirus software tell me that there is an attack to my computer is block and the software tell me the name of it is "HTTP QuickBrowser Avtivity" from the "top-banners.com". I have tried many different spyware, adware, antivirus softwareto scan my computer but so far nothing help. Here is the log file of Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:38:50 PM, on 11/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\... Read more

Answer:Computer Infested With Quickbrowser Adware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum TTuyen My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers.Disconnect from the Internet. Double click on c... Read more

15 more replies
Relevance 50.84%

Hi

my parents have clicked on something in the past and now their laptop seems to have constant pop up ads and windows, which is making it unusable, can you please help with the following outputs
many thanks in advance

I do not have easy access to a windows CD

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267
Run by JuneandPeter at 19:18:09 on 2015-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.873 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Launch Manager\dsiwmi... Read more

Answer:[SOLVED] Parents computer infested with pop up ads

Hello and welcome to Tech Support Forum

I do see some adware in the log, so let's run this specialized adware removal tool then we'll go from there

Download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
If items are found, please select the Cleaning button
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

16 more replies
Relevance 50.84%

So my boss gave me her laptop to have a look at cause it was running like complete crap. Popups galore, lag central, etc. I have run Ad-aware and Spybot, and installed SpywareGuard and SpywareBlaster. I also ran a windows update, which to my shock hadn't been run AT ALL since the computer was purchased over 12 months ago.I now get a problem upon loading of windows telling me it couldn't load the file 'EGDACESS_1058.dll", which I understand is associated with spyware...? Any help fixing this would be great too.I'm sure there is plenty of crap in this log, so if I could get anyone's help it would be much appreciated.Thanks!Logfile of HijackThis v1.99.1Scan saved at 11:46:51 PM, on 16/05/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ACS.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:... Read more

Answer:Boss's Computer Infested X 1 Billion

Helllo again, Barra Let's see if we can clean your boss's computer too.Please download Ccleaner and save it to your desktop.Tutorial for CCleanerDuring the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it============================================Download and install Ewido Anti-Malware During the installation, uncheck the following under Additional Options: Install background guardInstall scan via context menuCheck for updates but do not run it yet.Note: If you have problems with the updater, you can manually update Ewido.Download ewido-signatures-full-current.exe from here and save to your Desktop.All you need to do then is to double-click it, click Install and then when it has finished, Close.============================================Make sure that you can see hidden files " Click Start " Open My Computer " Select the Tools menu and click Folder Options " Select the View Tab " Under the Hidden files and folders heading select Show hidden files and folders " Uncheck the Hide protected operating system files (recommended) option " Click Yes to confirm " Click OK** These files are hidden to stop you accidentally removing something important.It is advisable to hide them again after fixing your computer. **============================================Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once... Read more

10 more replies
Relevance 50.84%

My computer is infested with what i believe is trojans or some other type of viruses. Ultimate cleaner 2007 somehow got downloaded onto the computer and its obviously a virus. There are also other fake spyware cleaners that got downloaded. And when i click on start, "control panel" is no longer there, so i cant even go in and remove them myself. Heres is my hijackthis log, so if anyone can please help, that would be awesome! Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:59 PM, on 9/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\explore.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Dell\Media Experience\PCMSer... Read more

Answer:Help With Hijackthis Log, Computer Is Infested With Trojans!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Flyinlowsup My name is Richie and i'll be helping you to fix your problems.Your pc is extremely badly infected to say the least,among the nasties vtr.dll is present which is a Backdoor Trojan A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the n... Read more

22 more replies
Relevance 50.84%

I just got home from college and my parents computer is just covered with viruses and malware. i have this sypware_quake program that i know is bad but i cant get rid of it and also i have another pop-up virus alert that shows me some little pop up screen in the bottom right side saying that i have a critical error.

here is they hijack list from this computer...... PLease help
Logfile of HijackThis v1.99.1
Scan saved at 3:50:25 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\jre1.5.0_02\bin\ju... Read more

Answer:Parents Computer Is Infested With Viruses !!!help!!!!

9 more replies
Relevance 50.84%

Hello. I have recently picked up a whole bunch of viruses or spyware. To be honest I dont really know which is which. Here are the 4 things that I have tried to delete but it says access is denied. These are also running in my take manager.

1. ms0509283-3207 This is labeled as an app. Its other name is called gogo5x

2. errorhandler.exe This is also listed as an app.

3. cinfo.exe This is also listed as an app.

4. 0COD130E160E1.exe

It wont let me delete these things. I'm pretty sure this things are viruses or spyware. Here is a hijack this log i just did. Any help with these problems would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:57 AM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Fi... Read more

Answer:My computer is infested with spyware and viruses

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you d... Read more

1 more replies
Relevance 50.84%

This is one of toughest virus I encountered and again I'm on the point of deciding whether to reformat or not. This happened when I tried to install a program. I did not know that the program contains virus. After installing, my browser crashed and restarted my computer. After that, some programs like my bluetooth could not start and it's showing that I should check the installation path or whatever because it has virus. I was about to scan it with avira but unfortunately it is not starting also. It says it has been configured. I performed a quick scan using mbam and it found (as I can remember) 8 viruses. It has malware trace, trojan and backdoor whatever, etc. It asked to restart the computer so I did. When I restarted the system again, I could not use the computer anymore and i don't know why.I started in safe mode. Unfortunately avira is not working. This time mbam didn't found any problems. So I decided of having a system scan online. I used eset and found out that almost every .htm file has iframe nap virus(?). There were hundred of thousands of them. I accidentally clicked on delete quarantined files so I don't know if I did the right thing or not.So I restarted again on normal mode. I checked my bluetooth and it was messed up and was on that scenario again. Mbam didn't found any threats but I know that there is. I decided to boot in safe mode and have a system restore. Now I can use the computer better. The problem is just that avira is detecti... Read more

Answer:My computer was/is infested with virus and I don't know if it's clean.

Hello and welcome..Ok so we lost our MBam log?Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into ... Read more

3 more replies
Relevance 50.84%

Okay, so I have XP on my computer, but it has been infested with a virus. It was just tampering with programs until today, and now I cannot get past the windows loading screen, it just auto restarts (in safe mode too). So I am going to format it on the weekend, but I still have files I want to retrieve before I do. So if I were to install Vista onto the machine would I be able to access those files while using that OS?

Answer:Using Vista on a virus infested computer?

No.

Vista install will re-format the hard drive before it installs.

jcgriff2

.

1 more replies
Relevance 50.84%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3893 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 463436 MB, Free - 185155 MB;
Motherboard: Intel Corp., Base Board Product Name
Antivirus: Norton Internet Security, Disabled

I have tried to run Malwarebytes anti Malware but what ever is on this machine is thwarting the scan. How can we get this machine back to running like it just came out the box?

Im getting a Hijackthis log file ready to post.
 

More replies
Relevance 50.84%

My computer can no longer shut down without it freezing up. Playing any games has become an impossible task with constant choppiness.

I'm thinking it might have to do with spyware problems.I hope somebody can help. Here is the log from hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 9:07:28 PM, on 9/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IEXPLORE32.EXE
C:\WINDOWS\SYSTEM\QMSDUDKJ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\DLCRAP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=protect1&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer... Read more

Answer:Computer infested to the core with spyware; please help!

8 more replies
Relevance 50.84%

i have so many problems with this computer, i don't even know where to begin... i recieve pop-ups anywhere i go, and more than one at a time at that, everytime i start aol, something pops up and tells me "registry editing has been disabled by the administrator"... (something along those lines, if not word for word) well ok, i didn't ask! also, aol always detects something called "tesllar A" and aol claims to take care of it... but everyday? if they took care of it, why are you finding it again and again, every day?
i was browsing around google, and found this site. i noticed alot of people using this Hijack this program. so i downloaded it, but before i touched anything i decided to run the scan, and post the log of it here, to see if anyone can find any problems. heres the log. any help would be highly appreciated!
P.S. I'm new to the forums...(my first post, as if you havent noticed...=P)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:17:27 AM, on 9/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS... Read more

Answer:Im convinced my computer is INFESTED with CRAP

when i went to sleep last nite, i ran a mcaffee scan which took like all night. this morning when i looked at it, i was amazed at how many items were detected. is this normal? thats like basically half of the files it scanned!

can anyone take a look at that hijack log and see if you notice any problems?

Details
Number of items scanned: 152268
Number of items detected: 71193
Number of items repaired: 19
Number of items quarantined: 48
Number of items removed: 71097
 

1 more replies
Relevance 50.84%

a friend was online with no real protection.
he has installed norton, it only runs safe mode without locking up.
i ran adaware (found hundreds of things) 36 cannot be removed.

later today i'll install spybot, blaster, ms beta ...etc.

he's on vacation, i told him i would see what i can. he's running 2000 on an old gateway here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 6:05:18 AM, on 04/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SYSDXVID.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\YOZDJWSBK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHA... Read more

Answer:Solved: friends computer infested, HELP

15 more replies
Relevance 50.84%

Fighting a week long problem that seems to be getting worse.

Running XP Media Center SP3

I use Avira as my anti-virus and spybot as anti-spyware. Several days ago system was lagging on the internet. Scanned with both of the above and found several issues: virtumonde.a, smitfraud. After, I thought, my system was clean I also ran CCleaner.

This seemed to help but after a couple of days it seems to be getting worse. Spybot won't start (I can see it in task manager but it won't launch). I have also seen an internet redirection through "windowsclick" which is also annoying.

I have read several of the forums and have tried to download: MGtools, Super Antispyware and Malware bytes. Only MGtools worked and I have included the log file below. The other two wouldn't even load or run.

Major Geeks was recommended to me from several others and this is my first time posting.

Thanks
 

Answer:Malware infection getting worse - spybot, adaware, etc. will not run

Welcome to Major Geeks!

First you must disable Spybot's Teatimer. See this: How to disable Spybot's TeaTimer

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Development Kit 6 Update 4
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) 6 Update 11


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 172.31.254.2 mykillernic
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {E9C0BA2D-FBCE-4184-AA62-4AE15ADE8031} - c:\windows\system32\fdahtby.dll
O4 - HKUS\S-1-5-21-4116697270-3760401919-1086182312-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Joshua')
O4 - HKUS\S-1-5-21-4116697270-3760401919-1086182312-1010\..\Run: [QuickTi... Read more

12 more replies
Relevance 50.84%

Hi all I have a huge problem and I am about to go nuts.

I have tried everything I can think of from these forums and others but I cant seem to get this virus off my computer.

I believe the Virus name was "Security Protector" or something of that nature. I have removed these fake security viruses over 5 times now. I am no wiz at computers or anything but thanks to certain malware removal tools it worked.

This time around I cant kill the damn thing. Ok now onto everything I have tried to do:

-booted in safe mode tried to remove it via Rkill and Malwarebytes but this time it did not run malwarebytes. it said it was unable to access and also later threw a code 707 2
-booted again in safemode then decided to do a system restore to a previous date and try to clean the computer that way...didnt work same bleep.
-booted in safe mode tried to run all the options in Rkill dns, scan etc. didnt remove it.
-booted again and tried to reinstall malwarebytes but redirecting started and wouldn't let me access anything via google yahoo etc.
-used my laptop and got inherit.exe was told to open and put malwarebytes folder inside it...no luck inherit wont even open up.
-booted again this time firefox won't even open up!!! ARRRRRGGHHH

Please help me with what ever you can. Rkill still works so I can copy the log from that if it helps thank you all!

-TY

Answer:Malware redirect virus getting massively worse!! HELP!

Hello.You have an advanced rootkit infection. This type of thing goes beyond the scope of this forum and will require assistance from our Malware Removal Team.It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!~Blade

2 more replies
Relevance 50.84%

This morning, my wife's Yahoo email account was hacked, and someone tried sending a bogus "I was mugged, please wire money" message to everyone in her contacts list. I figured it was a spoof, but when we got the PW changed, there were two messages in her Sent box, including the original and a secondary response to a skeptical friend who had written back. To be safe, I had her shut the computer down for the rest of the day until I could get home and try running the READ ME.

Until that point, the computer (a Dell Vostro laptop running XP SP3) appeared to be running fine, with all Windows security updates and standard, up to date protection via AVG Free, Spyware Blaster, Spybot S&D, Windows Firewall. I was paranoid about doing anything before going through the READ ME steps, but did keep the wireless connection on to catch the SAS and other necessary updates prior to running and did not notice any slow response throughout the process.

Several items were picked up - a few related to a Coupon printing program and a few other things I did not recognize. After completing the READ ME steps, the things (especially Internet-related) seem to be locking up - I was unable to update Spyware Blaster, Gmail was taking forever to load and that made me worry even more. Logs are attached.
 

Answer:Possible Malware, READ ME seemed to make things worse

MG logs zip attached.
 

4 more replies
Relevance 50.84%

My computer cannot get online since it was infected by some malware. Some has been cleaned by MalwareBytes but what remains is now causing worse and worse problems:Symptoms include:1. Windows cannot configure network, if i run WZC it then sees the network but cannot get an IP. IP displays as zeros.2. Increasingly long pause before startup.3. GMER scan causes sudden reboot after hanging on a file.4. Taskbar has reverted to windows classic and xp no longer appears in the menu.5. Lots of redirects when online (this was before the connection broke).I have done some scan and some basic fixes but nothing has worked any help much appreciated, i will certainly donate generously if the problems can be fixed. Scan information is below, firstly MBAM, then OTL, as explained above, i cannot get GMER. Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4161Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1301/06/2010 21:57:15mbam-log-2010-06-01 (21-57-15).txtScan type: Quick scanObjects scanned: 136221Time elapsed: 7 minute(s), 54 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicio... Read more

Answer:Malware blocking internet - problems now getting worse - help please!

PLEASE CLOSE - i have found some help elsewhere - thanks very much, you people are doing great work!Jeremy

2 more replies
Relevance 50.84%

I have had redirect malware before, and Malwarebytes got rid of it. This time I have also run Symantec AV, SuperAntispyware, Ad-Aware, Norton Power Eraser, TDSS Killer, and Hitman Pro, all to no avail. They found a few trojans, but the redirects persist.

I did not have Symantec and Ad-Aware installed at the same time ... I was getting an ordinal 1109 error associated with it, so I replaced it with Ad-Aware. I am not getting that error anymore.

In addition to the redirects, Firefox has been slow, producing repeated script errors, and freezing occasionally. The computer has also been making a ding-ding sound when I am not even using it or merely reading something, and it will not revive from Stand-by.

I found a similar thread in this forum last month, but other than the anti-malware/AV programs I do not know what else to try. Any help would be much appreciated!

Here are the requested logs:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 128 Mb
Hard Drives: C: Total - 234880 MB, Free - 182869 MB;
Motherboard: Dell Inc., 0RY007
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:18:19 PM, on 1/21/2012
Platform: Windows XP SP3 (W... Read more

Answer:Search results redirect malware or worse

16 more replies
Relevance 50.43%

Like hundreds others here, I seem to have recently picked up the google redirect virus. I get redirected only occasionally but it happens often enough that I'm sure I'm infected. I only use Firefox.At about the same time, or exactly the same time I picked up this piece of malware, I also started getting occasional (doesn't always happen) errors when booting up. One error pops up a window that says something like "cannot connect to network" and I am asked to Try Again or Work Offline. Try Again always works. The second error pops up a window that says "windows explorer must shut down and restart" and I am asked to Send an error report to Microsoft or Don't Send. Afterwards, windows explorer indeed restarts.I normally only run AVG Free edition. I installed and ran Malwarebytes Anti-Malware yesterday and it detected one trojan (forgot the name unfortunately) and removed it. However none of the problems were fixed. I installed and ran about 5 or 6 other programs including TDSSKiller and nothing additional was detected. I also ran Windows Update and updated everything to the newest version (normally I disable all updates).==========================================DDS (Ver_10-10-10.03) - NTFSx86 Run by Oyama at 11:02:27.34 on Mon 10/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.197 [GMT -10:00]AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD1... Read more

Answer:Google Redirect Virus has infested my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

11 more replies
Relevance 50.43%

A 2Ghz Windows 2000 Professional machine, 128MB memory 40GB hard disk with over half free. It had several malware issues, none particularly horrible that I know of. Cleaned up with Ewido, Spybot S&D, Adaware, AVG scan and CA online scan. Nothing shows up anymore. Also defragged hard drive. Still slow booting and performance, and loses internet connectivity often (fix with uninstall / reinstall TCP/IP).

Can you spot any reason it still might be slow? Thanks in advance for your help!

My log:
Logfile of HijackThis v1.99.1
Scan saved at 6:57:30 AM, on 9/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
... Read more

Answer:W2K computer was infested, still slow & connectivity problems

Bump and further information:

I downloaded and ran "Process Explorer" (great tool, BTW), and note that there is constant I/O activity (about 35K/second) from the process services.exe. This is with nothing actively running on the machine other than the Process Explorer (and the resident AVG, ZoneAlarm, and Ewido protection). CPU usage is low single digit percentage, but it's CONSTANT I/O.

10 more replies
Relevance 50.43%

Hi,

I hope someone can help me with this...pleaseeee...

My netbook has been infected majorly by I dont know what all and how many viruses, malware trojans etc!! Basically I am totally lost...

I have so many viruses thats its not even funny anymore...it is so serious that I cannot even connect to the internet now damn it...

I use windows xp home version...

I have avg antivirus nd superantivirus free edition on my computer...even tried eset anti virus

please don't ask me to download anything as my internet apparently is not working so its impossible for me to download anything...

just now i ran a scan and discovered i had rootkit.seneka-trace

earlier i was facing problems with firefox as anything i searched on google was getting redirected to something else... i unistalled my firefox...and started working on chrome which is now facing problems as in without the connection its trying to get on to onlinenotify.net...
also i have been getting messages of shutdown from nt authority...my task manager got disabled...but i enabled it now...also my ipod wont work on my computer now as my mobile device has stopped working...its as if hell has broken on my head...god damn it...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:29, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ser... Read more

More replies
Relevance 50.43%

I ran adaware 6 and cwshredder... here is the log file from HijackThis... Thanks for taking a look!!!!

Logfile of HijackThis v1.97.5
Scan saved at 11:23:37 AM, on 1/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\AUSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\STUIMON.EXE
C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\VXEUXT.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\WINDOWS\SYSTEM\PGOWP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\AMERICA ONLINE 6.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0007.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet ... Read more

Answer:Trying to clean up this horribly slow and pop up infested computer!!!!!

16 more replies
Relevance 50.43%

Ok, so my buddy recently got his old computer up and running again but the thing is it's completley spyware/malware/adware ridden.I swear this has to be the worst machine I've ever seen.Below Ive included the Hijack This log that I managed to get.Anyone who could be of assistance that would just be great.Thanks in advance!---------------------------------HIjackThis log----------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:37:17 AM, on 1/2/2002Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\WINNT\System32\svchost.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exeC:\WINNT\wanmpsvc.exeC:\WINNT\System32\hkcmd.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exeC:\Program Files\WhenUSearch\Search.exeC:\Progra... Read more

Answer:No idea where to start, computer's Completley infested.

Hi,Have you ever scanned with an Antispywarescanner? Also, is your Antivirus up to date? Because there's actually malware present and running here from more than 4 years ago.What I suggest here is, please uninstall eTrust EZ Armor, because I'm sure this one is way outdated.Also, I see you have 2 firewalls installed. Zonealarm and PcTools Firewall. You can't have more than 1 Firewall installed, so one of them should be uninstalled.The Pc tools firewall is not for free, so I'm wondering if this one was purchased anyway. If not, then I suggest you uninstall it.The Zonealarm Firewall present there is way outdated, so I suggest you uninstall that one anyway. You can reinstall another Firewall again, but I suggest you do this once we're done here and not before. This because while you're infected, I want to avoid that you create rules (allow) the malware in your Firewall.Reboot afterwards.After reboot, install AVG 8:http://free.avg.com/Perform a full scan with it and let it delete everything it is finding.Then reboot.After reboot, install Spybot s&D:http://www.safer-networking.org/en/spybotsd/index.htmlAlso perform a full scan with it and let it remove everything it is finding.Then reboot once again.After reboot, rescan with HijackThis and post a log in your next reply. Then we'll start from there.

18 more replies
Relevance 50.43%

I own a Lenovo T61 Thinkpad (T series) and the other day out of no where I got the dreaded blue screen. I restarted my computer and during Windows startup it switched to the blue screen - I can't start windows. I'm getting an error message that says "The file or directory X:\minint\inf\INFCACHE.1 is corrupt and unreadable. Please run the Chkdsk utility."

- The X drive is the drive that windows refers to when Windows is not running - it represents the C drive.

My main problem is that I have a laptop given to me from my college, so a lot of things are disabled - such as booting from a device other than the harddrive, or accessing any bios settings. System restore is also disabled.

So.. my question is, how can I run the Chkdsk utility without starting windows? And if I can't.. how can i access and download this INFCACHE.1 file?
 

Answer:The Dreaded Blue Screen Has Infested My Computer!

You can't copy that file from one system to another since it is a cache of install data specific to the hardware devices on the system. I believe some other corruption than that file is responsible for the failed boot, perhaps the INF directory itself

Unless you can boot from something other than the hard drive -- I don't see how you can run chkdsk (you would need to boot to the "recovery console" on a CD to which it is burned) and I'm not sure that would resolve the problem.

However you might be able to do it, or at least recover files by removing the drive and booting it as an external drive on another computer using an IDE to USB converter such as this:

http://www.amazon.com/Sabrent-USB-DSC5-3-5-Inch-Converter-Adapter/dp/B000HJ99DI
 

3 more replies
Relevance 50.43%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3692 Mb
Graphics Card: AMD Radeon HD 6320 Graphics, 384 Mb
Hard Drives: C: Total - 461838 MB, Free - 415583 MB;
Motherboard: Dell Inc., 0RXDMJ
Antivirus: Trend Micro Titanium 2012, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:21 PM, on 9/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\officea\CS\CST.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Downloads\Software\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Softwar... Read more

Answer:brand new laptop slow. fear malware or worse.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by wryley at 22:21:37 on 2012-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.1859 [GMT -7:00]
.
AV: Trend Micro Titanium 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Program Files\IDT\WDM\... Read more

2 more replies
Relevance 50.43%

Hello! I have a problem with my PC and I strongly suspect malware in my computer. I have recent noticed my computer working at exceptionally slow rates, I suspected malware and spyware as I've gotten them before. It was clear that I have malware in my computer once pop ups began appearing asking me to download anti virus software to "clean" my computer. I had fallen for these malicious traps before and closed these windows immediately. Therefore, I am sorry but I dont know any of the names of the viruses or malware attacking me. I have tried to fix these problems myself by downloading anti spyware and malware products online from website such as downloads.com. I ran scans with them and deleted several files thinking it would cure the bugs. But it seems I may have agrivated the problem as now I cannot even access some websites and I cannot access my local drive through "My Computer". I need a professional's assistance, pleaseeee help meee, I dont know what else I can do. Thank You!Andrea. heres the hijackthis report:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:20:20 AM, on 6/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WIND... Read more

Answer:Tried To Remove Malware Myself, Think I Made Things Worse, Help Pleaseee..

Hi,I notice from the log that there are running more than one different Anti-Virus programs installed. Avira and Avast.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Also, if you didn't purchase Spyware Doctor and you're not planning to purchase it either, I suggest you uninstall it.Then, * Please download FixwareOut from the following site:http://download.bleepingcomputer.com/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post t... Read more

14 more replies
Relevance 50.43%

Hello all,

In a nutshell, my computer is running hella slow and I cannot access one of my hard drives. I just recently ran a virus scan with AVG 7.5 and am using Comodo Firewall and even though it says everything is fine, its not.

Where it started
- About two months ago, I opened the music folder on my hard drive (Z:) and noticed my files from D-Z were nowhere to be found. The weird part was when I opened iTunes, I was able to play all of those files no problem and when I right click on a song and picked 'Get Info', the 'Where' path referenced the Z drive and music folder like it was there no problems. Later that month, I go to My Computer to see if the files are there. For one, it took my computer about 5 minutes to bring up all of the icons. When it finally displayed all of my drives, I noticed Z drive didn't show any remaining space. I try to open the Z drive and Windows gives me an error message saying the disc is not formatted; would I like to format now? I closed the box and immediately ran scans with AVG, Comodo, and Kapersky online scan. They cleared a lot of malware yet when I click My Computer it still is very slow to display all of my drives and of course, I can't access the Z drive.

Just before posting this, I just went through and checked all of my running programs and found these:

ctfmon.exe
llsass.exe
services.exe
spoolsv.exe
wdfmgr.exe
winlogon.exe
wuauclt.exe

I don't know what more to do. I don't want to start over an... Read more

Answer:Post Anti-virus/malware Removal - Worse Than Before!

Those are all normal as written . Is this an XP machine?

13 more replies
Relevance 50.02%

I received an email notice from "USPS.com" that a package I was actually expecting could not be delivered.  I was instructed to select the "Print Shipping Label Now" button and take the print to the post office.  When my package didn't come in the next two days, I decided to respond to the email.  At the post office I was informed it was a scam.  I am ashamed I fell for it, particularly after exploring the original notice in greater detail.  Wish I had done that before.
 
I do not know the name of the virus and haven't seen any info that mentions a possible name, or if it has been presented, I have missed it.  The virus has slowed my computer down, but done no physical damage I can determine, so far.  I have found I am unable to restore my Windows 7 OS back to a previous date.  An attempt ends with the blue screen of death.  The larger irregularity is that I have received hundreds of "[email protected]" undeliverable messages.  All of these are bounced from email addresses that I do not know.  This makes me think my computer is being used to spread something to a mailing list obtained from another source.  None of my personal contacts have been involved, to my knowledge.  Also, I have not received any questions or warnings from any legitimate company/individual I normally communicate with.
 
I have two desktop computers on a Win 7 HomeGr... Read more

Answer:USPS virus infested computer, broadcasting emails

I am adding the following information just in case it may be relevant. 
 
Just now I started to shut Windows 7 down (Start>shutdown button) when I received a notice something like:
"Someone else is logged onto this computer.  Do you still want to quit?"  I cancelled the shut down process and instead, did a quick search to find out how to see who was logged onto my computer.  Using the search information I brought up the MS Task Manager and selected the User tab.  There were two users as noted below.  The top line is the header for the two users listed below.  The third line (Richard Barron) is the profile I initially selected.
 
USERS / ID / STATUS
Adm Account / 1 / Disconnected
Richard Barron / 2 / Active
 
As usual, I chose my personal profile (RICHARD BARRON) when I began this session.  However, a few days ago, I created a new profile as an administrator in an attempt to combat the virus I have.  I did this prior to contacting and registering at bleepingcomputer.com.  Upon your instructions, I have not used the new administrator profile, run any anti-virus programs nor done anything related to the virus since I sent you my dds logs.  And when I started this session I did not choose the Administrator profile.
 
As stated in my previous email that started this thread, I am getting lots of bounce-backs ([email protected]) fr... Read more

17 more replies