Computer Support Forum

i think i'm infected. dunno what kind.

Question: i think i'm infected. dunno what kind.

this was on someone else's computer and she system restored before i could take a look at it so i can't tell you what virus i think it was or what her symptoms were aside from adult theme pop-ups. but i know all viruses are not removed by system restore so i am looking to see if she is still infected. i have run mbam and it said her comp was clean. rootrepeal would not run because i says it does not support 64...(sommething or another. i should have paid more attention to that error) thank you all for your help in advance. here is her dds log:DDS (Ver_09-12-01.01) - NTFSX64 Run by Maler at 11:38:06.47 on Thu 01/28/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4058.2787 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) Copyright Information 4SP: Windows Defender *enabled* (Updated) Copyright Information 3SP: Norton Internet Security *enabled* (Updated) Copyright Information 2FW: Norton Internet Security *enabled* Copyright Information 1============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exec:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exeC:\Windows\system32\agr64svc.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exeC:\Windows\SMINST\BLService.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files (x86)\Viewpoint\Common\ViewpointService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\igfxpers.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exec:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXEC:\Windows\system32\igfxsrvc.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\Apoint2K\Apntex.exec:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeF:\off my computer\AT&T\Internet Security Wizard\ISW.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\Maler\Desktop\dds.scrC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnbuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnbmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnbmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnbBHO: &Yahoo! Toolbar Helper: Copyright Information 0 - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: / Copyright 9 - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: NCO 2.0 IE BHO: / Copyright 8 - c:\program files (x86)\common files\symantec shared\coshared\browser\2.5\coIEPlg.dllBHO: Symantec Intrusion Prevention: / Copyright 7 - c:\progra~2\common~1\symant~1\ids\IPSBHO.dllBHO: SSVHelper Class: / Copyright 6 - c:\program files (x86)\java\jre1.6.0_05\bin\ssv.dllBHO: HP Smart BHO Class: / Copyright 5 - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Show Norton Toolbar: / Copyright 4 - c:\program files (x86)\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dllTB: Yahoo! Toolbar: / Copyright 3 - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dlluRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hiddenmRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\2.0"mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /StartmRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exemRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exemRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exemRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre1.6.0_05\bin\jusched.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: / Copyright 2 - / Copyright 1 - c:\program files (x86)\java\jre1.6.0_05\bin\ssv.dllIE: / Copyright 0 - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exemRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun-x64: [Persistence] c:\windows\system32\igfxpers.exemRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exemRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exemRun-x64: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exemRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide============= SERVICES / DRIVERS ===============R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20071204.002\IDSvia64.sys [2008-8-4 251952]R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_3c6572ef\AESTSr64.exe [2010-1-26 86016]R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\ccSvcHst.exe [2008-2-6 149864]R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2010-1-26 24652]R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 129536]R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 125328]R3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-4 1245064]R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-2-5 48176]S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]=============== Created Last 30 ================2010-01-28 16:32:19 0 d-----w- c:\users\maler\appdata\roaming\AT&T2010-01-28 16:32:19 0 d-----w- c:\programdata\AT&T2010-01-28 15:57:23 0 d-----w- c:\users\maler\appdata\roaming\Malwarebytes2010-01-28 15:57:19 22104 ----a-w- c:\windows\system32\drivers\mbam.sys2010-01-28 15:57:19 0 d-----w- c:\programdata\Malwarebytes2010-01-28 15:57:18 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2010-01-26 23:57:38 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll2010-01-26 23:57:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2010-01-26 23:57:38 1926656 ----a-w- c:\windows\system32\gameux.dll2010-01-26 23:57:38 1695744 ----a-w- c:\windows\syswow64\gameux.dll2010-01-26 23:25:28 0 d-sh--w- C:\$RECYCLE.BIN2010-01-26 23:24:40 0 d-----w- c:\programdata\CyberLink2010-01-26 23:19:36 16084 ----a-w- c:\windows\system32\results.xml2010-01-26 23:16:44 58880 ----a-w- c:\windows\system32\AESTAR64.dll2010-01-26 23:16:44 433664 ----a-w- c:\windows\system32\AESTEC64.dll2010-01-26 23:16:44 155648 ----a-w- c:\windows\system32\AESTAC64.dll2010-01-26 23:16:43 76288 ----a-w- c:\windows\system32\AESTCo64.dll2010-01-26 23:16:43 5709824 ----a-w- c:\windows\system32\idtcpl64.cpl2010-01-26 23:16:43 543232 ----a-w- c:\windows\system32\idt64mp1.exe2010-01-26 23:16:43 443904 ----a-w- c:\windows\sttray64.exe2010-01-26 23:16:43 3774 ----a-w- c:\windows\system32\bltinmic.ico2010-01-26 23:16:43 3774 ----a-w- c:\windows\system32\2hps.ico2010-01-26 23:16:43 2391040 ----a-w- c:\windows\system32\stlang64.dll2010-01-26 23:16:43 15222 ----a-w- c:\windows\system32\nbspkrs.ico2010-01-26 23:16:01 202240 ----a-w- c:\windows\system32\staco64.dll2010-01-26 23:15:59 164352 ----a-w- c:\windows\syswow64\staco.dll2010-01-26 23:15:55 0 d-----w- c:\program files\IDT2010-01-26 23:15:54 780288 ----a-w- c:\windows\system32\stapo64.dll2010-01-26 23:15:54 500224 ----a-w- c:\windows\system32\stapi64.dll2010-01-26 23:15:54 454656 ----a-w- c:\windows\system32\drivers\stwrt64.sys2010-01-26 23:15:54 367104 ----a-w- c:\windows\system32\stcplx64.dll2010-01-26 23:15:47 0 d-----w- c:\program files (x86)\IDT2010-01-26 23:15:36 131 ----a-w- c:\windows\xUninstall.bat2010-01-26 23:15:20 15086 ----a-w- c:\windows\system32\jmcr_xd.ico2010-01-26 23:15:20 15086 ----a-w- c:\windows\system32\jmcr_ms.ico2010-01-26 23:15:20 15086 ----a-w- c:\windows\system32\jmcr_mmc.ico2010-01-26 23:15:20 0 d-----w- c:\windows\JMCR_DIR2010-01-26 23:14:51 161792 ----a-w- c:\windows\system32\drivers\Rtlh64.sys2010-01-26 23:14:51 0 d-----w- c:\program files (x86)\Realtek2010-01-26 23:14:34 0 d-----w- c:\windows\syswow64\HPMDP2010-01-26 23:14:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf2010-01-26 23:14:17 0 d-----w- c:\program files\Apoint2K2010-01-26 23:12:23 920088 ----a-w- c:\windows\syswow64\igxpun.exe2010-01-26 23:12:23 319456 ----a-w- c:\windows\syswow64\difxapi.dll2010-01-26 23:12:23 0 d-----w- c:\windows\syswow64\x642010-01-26 23:12:23 0 d-----w- c:\windows\syswow64\Lang2010-01-26 23:12:22 0 d-----w- C:\Intel2010-01-26 23:11:07 53248 ----a-w- c:\windows\syswow64\CSVer.dll2010-01-26 23:10:36 870480 ----a-w- c:\windows\system32\oem7.inf2010-01-26 23:10:14 85280 ----a-w- c:\windows\system32\bcmwlcoi.dll2010-01-26 23:10:13 3507200 ----a-w- c:\windows\system32\bcmihvsrv64.dll2010-01-26 23:10:13 3478016 ----a-w- c:\windows\system32\bcmihvui64.dll2010-01-26 23:10:13 1374712 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS2010-01-26 23:10:13 0 d-----w- c:\program files\Broadcom2010-01-26 23:08:26 54824 ------w- c:\windows\syswow64\agrsmdel.exe2010-01-26 23:08:26 14336 ------w- c:\windows\syswow64\agrsco64.dll2010-01-26 23:08:07 0 d-----w- c:\windows\Options2010-01-26 22:50:55 0 d-----w- c:\users\maler\appdata\roaming\Symantec2010-01-26 22:50:08 44 ----a-w- c:\windows\system\hpsysdrv.dat2010-01-26 22:50:05 0 ---ha-w- c:\users\maler\BIT92BC.tmp2010-01-26 22:38:36 0 d-----w- c:\users\maler\appdata\roaming\HP TCS2010-01-26 22:37:47 0 d-----w- c:\programdata\Viewpoint2010-01-26 22:37:46 0 d-----w- c:\program files (x86)\Viewpoint2010-01-26 22:37:37 0 d-----w- c:\programdata\AOL OCP2010-01-26 22:37:37 0 d-----w- c:\programdata\AOL2010-01-26 22:37:23 0 d-----w- c:\program files (x86)\common files\AOL2010-01-26 22:37:22 0 d-----w- c:\program files (x86)\AIM62010-01-26 22:37:20 366 ---ha-w- C:\IPH.PH2010-01-26 22:35:22 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND836420B_E486150-005_4A_I30F7_SCompal_V99.64_F.12_T080826_WV3-1_L409_M4059_J250_7Intel_86FD_92.00_#100126_N10EC8136;14E4432B_(FR921UA#ABA)_XMOBILE_CN10_Z_2F.12.MRK==================== Find3M ====================2010-01-26 23:16:22 86016 ----a-w- c:\windows\inf\infstrng.dat2010-01-26 23:16:22 51200 ----a-w- c:\windows\inf\infpub.dat2010-01-26 23:16:21 86016 ----a-w- c:\windows\inf\infstor.dat2008-08-04 07:20:36 665600 ----a-w- c:\windows\inf\drvindex.dat2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2008-08-04 07:18:17 8192 --sha-w- c:\windows\users\default\NTUSER.DAT============= FINISH: 11:38:44.00 ===============

Relevance 100%
Preferred Solution: i think i'm infected. dunno what kind.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: i think i'm infected. dunno what kind.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

23 more replies
Relevance 60.27%

OK, so basically the computers running badly and its just not possible to play any full screen games (as old as BF 1942 for example) and im not sure if i get many popups coc i use firefox and its good at blocking, anyway, ive tried a few antiviruses and the problem still exists. I know this is barely any info but what do i do now?

Answer:Infected And Dunno What To Do

Also, i forgot to mention that i went into msconfig and looked under the startup tab. I found a few suspicious files and stopped them from starting. In case you want to know what they are:
utorrent.exe
funk.exe
the third is a blank name with no command, with a location of "SOFTWARE\Microsoft\Windows\Current Version\Run"

well i stopped these but no luck, still no fix.

2 more replies
Relevance 58.22%

Hi guys In ran avg and it says a host file has been changed C:\windows\system32\drivers\etc\hostsIve run hijack this and here is the log ,,any help is appreciated thanks !Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:39:04 PM, on 9/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Exp... Read more

Answer:Avg Says Host Fiel Changed Pls Help Dunno If I Am Infected Or Not

Hello ronindog, It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. General system maintenance can change the Hosts file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correct to the file would have caused it to appear changed.Lets check your HOSTS file. It's located at c:\windows\system32\drivers\etc\hosts. You can open it up in Notepad. If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it. Post it here if that's the case.*******************************************Download CCleaner and install it. (default location is best). Do not run it yet! CCleaner Tutorial*******************************************Select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), p... Read more

4 more replies
Relevance 49.2%

The only clue that I have a problem is when the messages that norton is scanning out-going email hundreds of them if I let it go long enough, then error messages start popping up as wellHere are some examples of the textExample 1Your email message to [email protected] the subject ofWatchwas unable to be sent becasue the connection to your mail server was interrupted please open your email clinet and re-send the message from the sent messages folder.example 2Your email message was unable to be sent because your mail server rejected the message554 Your email is considered spam (8.60 spam-hits)I tried to fix it on my own but wasn't able to. Norton doesn't identify anything wrong neither did Eiwdo. I'm reluctant to leave it conected to the internet not knowing what else it may be doing. Adaware and spybot are now clean. Also incd doesn't start any more it comes up with an error accessing the file systemThanks for your helpLogfile of HijackThis v1.99.1Scan saved at 3:17:39 PM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\savedump.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\Explorer.EXEF:\Program Files\... Read more

Answer:Infected With Some Kind Of Automailer

Hi,Welcome to BleepingComputer. I will be more than happy to help you work on your problems.Please give me some time to review your log as this can be a lengthy process. As soon as a BleepingComputer Staff Expert reviews my fix, I will post it for you.In the mean time, if any problems occur. Please let me know.Please only use this topic to reply to. Do not start another thread.The fixes we will use are specific to your problems and should only be used for this issue on this machine.If you?re unsure of anything at all please stop and ask!

9 more replies
Relevance 49.2%

I'm getting popups, fake anti-virus screens, fake links in google searches, words highlighted in web pages with advertising content ... you name it, I've got it. I tried using Spybot Search and Destroy but it didn't find anything. Not sure what to do next, any help would be appreciated. 
 
Paul. 

Answer:Infected with some kind of malware

some more info that might be useful: 
 
This is on Windows 7. I am using primarily Chrome as my browser, but Firefox also shows problems. A lot of the popups and links reference "Respect Sale". 

13 more replies
Relevance 49.2%

I'm running windows8 normally but this 'bug' has infected my startup, as well as system restore.
 
Help is appreciated

Answer:Infected with some kind of rootkit

Hello Kompany, this one is a bit tricky.Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Relevance 49.2%

I was fooled into installing something that posed as a windows media player codec the other day. After restarting my computer I would get a window popping up every minute or so telling me my computer was infected and that I should install such-and-such virus remover. Sometimes it would open internet explorer and send me to a webpage for a fake anti-virus program. It also changed a registry value so that I couldn't open the task manager (I looked up online how to fix this and changed it back). Sometimes a little flashing red octagon with a white X through it would appear in the lower right-hand part of the screen (whatever that blue bar thingy is called...the name escapes me at the moment).I ran a deep scan with BitDefender, which came up with nothing (except a few spybot files, which it complained about being "password protected"). I then ran something called RogueRemover, which found and deleted a number of files. At that point I thought my computer was clean, but a few hours later the popups started again.In another round of scanning I ran AdAware, which found and deleted some 56 files (one of which was a trojan), restarted my computer, and ran AdAware a second time (which found and deleted a single tracker file). I then ran SpyBot, which deleted a few files (wish I had saved the log...), BitDefender again, which again found nothing but some of the SpyBot files, and AVERT Stinger, which only gave me the number of clean files in its log (seems like kind of useless ... Read more

Answer:Infected With Some Kind Of Smitfraud

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KensaiMy name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

9 more replies
Relevance 49.2%

--A few days ago, this machine was infected with "anti-spyware soft", a virus which pretends to be anti-malware. I found some instructions for removing it, and I did so, at least to the point where I can run the machine again.I run Trend Micro OfficeScan on this machine.Then I installed and ran Spyware Doctor. It found hundreds of infections, a few of which were serious. It removed them successfully.Then I began getting "block" messages when using IE. Something is trying to hit addresses like "7gafd33ja90a.com", and OfficeScan is blocking it.So I installed and ran Hitman 3.5. It found a couple more things and removed them, but the block messages continue. I must still be infected with something.I apologize that I have not been able to run GMER.exe. I get a blue screen before it runs to completion. I will try again, and post the results if it succeeds.You instructions are ambiguous as to whether attach.txt should be zipped or not. What I have attached is.Occasionally, DHCP Client will not start on a re-start of this machine. This never happened before the infection.--DDS (Ver_10-03-17.01) - NTFSx86 Run by Rona at 15:38:38.46 on Fri 05/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.265 [GMT -4:00]AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {2C0146A3-0877-4771-B012-BA57C50A5BFA}============== Running Processes ===============C:WINDOWSsystem32svc... Read more

Answer:Infected with rootkit of some kind

Hello and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

3 more replies
Relevance 49.2%

Hi
My computer has started to send lots of emails at random times. I only know this is happening because Norton pops up to say its scanning outbound email. Most of the time they get rejected due to content but I'm worried about what might be being sent...

I've scanned for viruses, run SpybotS&D but it still happens. I can't figure out what process is opening the connections on port 25 - CurrPorts lists them as "unknown", TCPView lists them as "[system process]:0"

Here is my HijackThis log - please help me. Thank you.
 

Answer:Infected with a mailer of some kind

Sorry - I see other people paste the log file in so here it is again:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:36:42, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Pr... Read more

3 more replies
Relevance 49.2%

Hello, I need help figuring out if my comp is infected and how to deal with it. I only have a very basic knowledge on managing my computer so please bare with me.
I'm afraid that before I came here and read all the warnings to not run ComboFix first I already did At least I did all the things that should be done before running it and the whole process went smoothly like in the guide.
I also did all the things you ask to do before posting. Gmer said that it found modifications due to a Rootkit.
So here is my DDS log and other logs are in the attachments including the one from ComboFix.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Iga_Maya at 13:09:57 on 2012-07-10
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1376 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.e... Read more

Answer:Infected with some kind of rootkit

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460058 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 49.2%

Hi,
My background now has ones and zeros, and in big red letters it states across the desktop:

WARNING!
YOUR'E IN DANGER
YOUR COMPUTER IS INFECTED WITH SPYWARE.....
All you do with your computer is forever in your hard disk.
When you visit sites and send emails, all your actions are logged.
And it is impossible to remove them with standard tools. Your data is still
available for forensics....SECURE YOURSELF RIGHT NOW, REMOVE ALL SPYWARE
FROM YOUR PC.

I'm not able to run any .exes, such as taskmanger, notepad etc...
My AVG is out of date ( a month or two old ). I was able to boot into SafeMode with networking and update MalwareBytes. After updating and rebooting back into Safemode, there was a messege from Mbam that the files were 13 days old...not sure what that means if I just updated it.
I'm presently running MalwareBytes in SafeMode.
I have two accounts on the computer, an Admin and a Limted User account which we use for facing the internet. I only use the Admin account for updating and installing apps and running scans. The message above was while on the Limited User account, I did not log into the Admin account yet.

Please advise and thanks for your time.

The Mbam scan just finished and it found rogue.SystemTool on the desktop. I selected remove, rebooted into the Limited User account and it was still there. Updated the 13 day old defs in Mbam and running another scan...please let me know...thanks

pss. I see on the desktop in Safemode RKill, it has to... Read more

Answer:PC Infected With Some Kind Of Fake AV

16 more replies
Relevance 49.2%

Hi... I had this nasty virus that disabled the RUN option and the Task Manager... Following a tutorial posted in this same website, I downloaded combofix and hijackthis... Apparently, the issue was solved, but the tutorial said that I had to register in one of these forums and post both of the logs... It said that I should choose one in my native language, but it appears that the link 4 the spanish forum is broken or sth...I hope this is the end for that headache, but still, it'd be nice if you could tell me if I still have some threats or not, because the tutorial said that (at least with the hijackthis) I shouldn't delete anything without expert advise.. so... here it goes..........thanks 4 all ur help !!! COMBOFIX.TXT-------------------ComboFix 08-11-07.01 - ElvitaLuz 2008-11-07 23:48:11.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2590 [GMT -5:00]Se ejecuta desde: c:\documents and settings\ElvitaLuz\Escritorio\ComboFix.exe * Resident AV is active.(((((((((((((((((( Archivos creados desde 2008-10-08 - 2008-11-08 ))))))))))))))))))))))))))))))))).2008-11-06 22:40 . 2008-11-06 22:34 512,096 --a------ c:\windows\system32\drivers\amon.sys2008-11-06 22:40 . 2008-11-06 22:34 298,104 --a------ c:\windows\system32\imon.dll2008-11-06 22:40 . 2008-11-06 22:34 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys2008-11-06 22:34 . 2008-11-07 00:46 <DIR> ... Read more

Answer:Infected with Some kind of Vundo

Hello elvita24 and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. Please note that this is ComboFix log 3 that you are posting. The previous 2 would also be of interest to see what you have been able to remove. Vundo can be tricky to remove, so its great that you posted back here!Please download OTViewIt to your desktop.Close all windows and double click OTViewItPlace a tick in the Scan all Users boxIn the File Age drop down box select 90 daysClick Run Scan and let the program run uninterruptedOn completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.Thanks,Johannes

21 more replies
Relevance 49.2%

basically my boss's PC is full of Adware and a couple of trojans , I have tried to run: spydoctor , norton, avg pro, adware, anything and I still get all the same thing . Errors on startup, spyware dll's popping up , all kind of crap .

I think it would just be easier to reformat , the problem is that I don't have the backup disk and the key is a good working key since its a dell so I don't want to run any un-legit stuff on my pc so I need to see what options do I have .
 

Answer:OMG What do I do , this PC is infected with all kind of crap ...

Can you run HijackThis on it, then post the log here? That'll give us a fairly good idea as to what we're dealing with here...
 

13 more replies
Relevance 49.2%

Hello,The symptoms appeared 4-5 days ago. It seemed yesterday that Avira managed to delete it, but it appeared again.Symptoms:Anytime I try to search on Google it redirects me to another page full of ads, or it happens that only a blank page is loaded.I found this kinda malware problem on the net, discussing in other forums; used MalwareRemoval, SmitfraudFix, Norman Malware Cleaner, AVG ... [too long list] BUT it seems to be that the malware unabled these programs -- I could install them but could not run -- except one: Norman Malware Cleaner. It could run, found the infection, cleaned it, asked me to reboot and scan again, but the malware did not want to be deleted.So I did what you suggested, and now attaching the info.Thank you for your help very much in advance.Also would like to attach Rootkit Unhooker report.EDIT: Posts merged ~BP

Answer:Infected by some kind of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 49.2%

a pop up keeps telling me to go to restorefix.com to download something to fix my registry please help

Answer:infected with some kind of malware pop up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.2%

Hello their,bout a week ago i started experiencing problems on my pc. at first i had problems with the internet. so i downloaded AVG on my pc and it seems like it got rid of a lot of things i needed. On my Task manager i only have Explore.exe loaded up. And as of yesterday i haven't been able to load up I tunes properly because i can not connect to their website. Also my computer will not load up my little flask drive. i know you guys take some time to get back so ill be waiting. HijackThisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:51:04 PM, on 5/4/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\A... Read more

Answer:Infected by Some kind of virus

Hello shortyshorts7,I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these.AVG Antivirus or Symantec/Norton Antivirus Please disable any running anti-virus program before running Kaspersky Online Scanner.If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/Close any open browsersPlease do a scan with Kaspersky Online ScannerYou can refer to this animation by sundavis.Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the... Read more

16 more replies
Relevance 49.2%

I have a virus on my notebook. it could be 'worm.win32.netsky' (that does say when i open my notebook). my background has changed to; it says that i have a serious infection and spyware. if tried to format my notebook but it didnt work. im now getting many pop-ups, some about anti-spyware sites.DDS (Ver_09-12-01.01) - NTFSx86 Run by necati pakel at 17:21:00,03 on wo 20-01-2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.94 [GMT 1:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k bthsvcsC:\Program Files\Java\jre6\bin\... Read more

Answer:infected with a worm of some kind, perhaps more

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

3 more replies
Relevance 49.2%

Hi. It all started when my moms computer started playing this weird, circus like music. I could not determine where it came from, so I guessed it was some kind of virus. She had AVG on her computer, but I decided to install a better one. So I went to avira.com but then I was redirected to another website. I did however get around this problem and installed the antivirus from Avira. The program did not detect anything at all, but I did some googling and it appears that the computer has some kind of a rootkit.

The computer has since then been slower and a lot of unknown processes has shown up. I have used programs like Sophos, Unhackme and Emisoft Anti-Malware to remove some of the problems, but they could not find it all. I hope some of you could take a look at these logs. I tried to produce a log using gmer, but the program freezed and did not respond to anything, the same did the computer. I tried this about 4 times, even in safe mode, but the same thing happens.

Thanks in advance.

Tine
DDS log:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Ingjerd at 19:49:22,37 on 27.10.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2013.1324 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Emsisoft Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\Progra... Read more

Answer:Infected with some kind of rootkit (I think)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 49.2%

I'm usually pretty good with small issues like this, but after spending hours searching for help on this issue I can't even find any information on what is happening.... My roommate was using my computer the other day and after browsing different sites (he says he didn't download anything), he told me he turned the computer off. When I got home and turned it on, I noticed that cmd.exe pops up at during startup but does not display anything it just quickly appears then disappears. Then, every 10 seconds or so, what looks like a system message (displaying "Windows Internet Explorer" in the title bar) repeatedly pops up saying "Cannot find 'http:///'. Make sure the path or Internet address is correct.". The only way of preventing this message from annoyingly popping up is to not close it. I can't seem to find any services running that aren't supposed to be there and there is nothing listed under startup in msconfig that shouldn't be. I've ran several anti-spyware scans using the several programs I have access to as well as the virus scans I ran using Norton, never finding anything in those scans. Any help would be greatly appreciated as I am severely losing patience and cannot seem to find any resolutions for this matter....


Ran a scan with HijackThis and here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 4:30:51 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes: ... Read more

Answer:Infected with some kind of malware Please help!!!

Hello bigred1030 and welcome to TSF,

Upload this file C:\WINDOWS\system32\spool\hpprintspool.exe to http://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "Submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

------------------------------------------------------

Please run this online scan to search for anything that may be lurking about. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while p... Read more

15 more replies
Relevance 49.2%

Hi,
i have been browsing your forums for quite some time and have to say that i have been able to remove viruses by following posts.. But Im not able to find any information for this one. I dont even know what has infected my computer. All i know is that i get this popup at the bottom right of my comp and annoying porn popups.

any help to get this resolved will be greatly appreciated.

Thanks

Answer:Some kind of Trojan infected

I bet the number will lead you to one of those offshore porn talk things at extremely high $$$ rates!!!

9 more replies
Relevance 49.2%

Over the last couple of days when I boot up my computer in the morning, I get flurries of ads in short intervals from Internet Explorer, and my computer has been very very slow lately. Also I've started getting imprints of buttons stuck on my screen, such as right now I have the "Online" button image from msn messenger sitting on the webpage. I did a Spyware Check and told another forum about the cookies that came up and was told that the following were really bad:"Ad.YieldManager.com", "yieldmanager"Here's my Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:10:03 PM, on 1/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\ATKKBService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\svchost.exeC:\P... Read more

Answer:Please help, I'm not sure what kind I've got, but pretty sure I'm infected

Hello blasterchief,Can you please tell me what other forum you've been to, along with a link? I gotta tell you, everyone gets cookies, and I'm not seeing much at all in the way of malware. What AVG found was in System Restore and not a threat to you.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart t... Read more

2 more replies
Relevance 48.79%

I need help analyzing my scan, been getting "your compter is infected" green screen and ran malwarebyte, superantispyware, spybot, and it would get rid of somthing and then a couple days later it would come back, anyways, here's my log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:21:25 AM, on 1/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Mediafour\MacDri... Read more

Answer:Hijackthis log Help! "your compter is infected" not sure what kind

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

11 more replies
Relevance 48.79%

I stupidly allowed a family member to access my PC for an hour yesterday, and it seems that whatever they went on (Bingo gambling sites I would assume) has now infected my PC.
My default browser (Firefox) keeps opening every 30 minutes or so on its own and going to random websites which are just full of ads, etc. My homepage was also set to Mail.RU, which is malware as far as I know.
I have run Spybot Search & Destroy, AdAware, and Malwarebytes anti-malware although they didn't find much and the problem still seems to be persisting.
I think I may actually have a "b2.ijquery11.com" browser redirect issue. I keep checking my browser history when the ad sites appear, and this website is always the first that is opened. I checked online and it seems to be a known issue, but I won't mess around with anything until I get some advice here.
Thanks.

Answer:Infected with some kind of browser hijacker

First check the Firefox short cut - right click -properties - and reset to your home page
Then open Firefox and resresh it.

Click the menu button and then click help Help.
From the Help menu choose Troubleshooting Information.
If you're unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting Information page.
Click the Refresh Firefox button in the upper-right corner of the Troubleshooting
click Refresh Firefox in the confirmation window that opens. Firefox will close to refresh itself. When finished, a window will list your imported information.
Click Finish and Firefox will open.

1 more replies
Relevance 48.79%

You know Modio, right, the save editor for the 360? Well their usual download place was being really annoying, telling me I was already downloading it; so I (foolishly) looked for it elsewhere. I have the link still if someone knows how to scan files without downloading them.

Anyway, I downloaded it to my desktop, and MSE picked it up right away and asked to quarantine and remove it. I read up a bit on it before, though.

I think the name of the virus was Trojan.PWS.Banker.(a few numbers). It said it might be some sort of key-logger.

So ever since then I've been running dozens of different scans in safe mode (with networking, although I only plug in the Ethernet cable to download the tools.)

I haven't found much of anything, but Kaspersky (which took 26 hours for some reason) found 32 "vulnerable" applications. Didn't even offer to fix them though, so yeah, day well wasted.

I know you can never really know for sure if your computer is infected, but I just don't trust it now.

I would like to save my files, though.

So if nothing else comes up during whatever other scans you guys know of, I think I'll just backup, wipe and reinstall.

Answer:Downloaded infected zip, kind of worried now

Hello,we will need to see some logs to get an idea.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Mal... Read more

7 more replies
Relevance 48.79%

Hello again!. My computer has been acting funny lately. My virus watch has detected a trojan but it wont let me do anything about it. It says something like hacker trojan or hijack trojan. Can someone please look at my log and see if anything doesn't look right and possibly help me fix things I dont know about. My comp hasn't been doing too well, I just restored it ,I had some sort of spyware that made it to where a google search would pop up everytime I clicked on a link. Also, does anyone know where I can download a trojan guard type of program and a firewall? Thank you very much for your help.Logfile of HijackThis v1.99.1Scan saved at 12:31:06 AM, on 11/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSc... Read more

Answer:Computer Infected With Some Kind Of Trojan

Hello maggot,does anyone know where I can download a trojan guard type of program and a firewall?No such thing as a "trojan guard" but a-squared Free 2.0 is a good trojan remover.You can download a-squared Free 2.0 You run it like this:Select the "Deep Scan" button and press the Scan button.If malware is found, click the button "Remove Selected Malware"and save the log file by clicking on "Save Report". Let it delete whatever it finds. Here are four free firewalls available for personal use. If one conflicts with your system, try another. You Need a (Properly Configured) FirewallUnderstanding and Using FirewallsKerio Personal FirewallOutpost Firewall Free Jetico Personal FirewallZoneAlarmZoneAlarm Manual - PDF formathttp://download.zonelabs.com/bin/media/pdf/ZAP40_manual.pdfIf you want a registry protector, then I recommend Teatimer. It is include with Spybot 1.4 ************************** Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish&q... Read more

6 more replies
Relevance 48.79%

I run Windows 8.1 and could not use DDS so I used FRST
 
Right now when ever I sometimes click on a link a random tab will pop up leading me to take some survey. Also When randomly surfing the web a window pops up out the side showing me deals for random products. I have tried multiple guides and malware removal tools to try to get rid of it but none of it is working. Here is what I got from the FRST scan.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Bleep (administrator) on RICHIES-LAPTOP on 18-09-2014 16:09:19
Running from C:\Users\Bleep\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.... Read more

Answer:Infected with some kind of Google Survey

Hello SgtMudkip and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
 
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
 
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our... Read more

10 more replies
Relevance 48.79%

For the last few days my browser has been taking me to different locations when I do Google searches. It seems very strange, but when I do a google search and click on one result it takes me where I need to go, it is usually the second or third option I choose that redirects. It is not always the same website, sometimes it takes me to yellowpages, other times a realestate listing, and other sites as well. I'm not sure if this helps, but the root of the problem might lie in my idiotic pursuit of free internet television, I think I might have downloaded a divx player from a bad site and now I have this problem, but for all I know it is unrelated. My ignorance is why I am turning to professionals. DDS (Ver_09-12-01.01) - NTFSx86 Run by Gillian McCusker at 11:11:31.07 on Sat 01/23/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.164 [GMT -5:00]AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin�... Read more

Answer:Infected with some kind of Browser Hijacker

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

3 more replies
Relevance 48.79%

Today i got a dimmed browser not screen with a fake UAC i didn't open it but i started getting this weird stuff on my computer like the mouse moving by itself and when i try to download malwarebytes it blocks it and Wikipedia is all foggy and i use Firefox so this is strange i downloaded everything that i was supposed to like gmer and defogger tdsskiller dds HJ 2.0.2 ComboFix and everything but the computer also opens the Task manager and puts the computer to sleep sometimes and disconnects the connection it's very strange and since i have AdBlock Plus whenever Google Anylistics opens up a pop up it's blank with a filename and a website called looksmart tried to make me download something and i got a link to download a Flash Player 11 is there such a thing and Kaspersky told me that this version is outdated for use of this OS and that the servers don't work i use Kaspersky IS 2010 bought with an activation code read my profile info for the whole information of my computer i use Windows 7 Ultimate (Signature Edition).Here is the HijackThis 2.0.2 log please tell me if this is good or bad.:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:23:46 PM, on 5/3/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:Windowssystem32taskhost.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesSyna... Read more

Answer:Infected with some kind of malware/rootkit W.32

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 48.79%

I have one or more viruses on my computer.

First web searches are hijacked. I have tried Spybot, MalWareBytes, RootRepeal, HiJackThis, and VirusBuster.

The virus seems to kill MalWareBytes, SpyBot, and HiJackThis and then resets permissions on the .exe. I can reset the permissions but it happens again. I was able to run combofix but I won't post the logs yet.

I do have the DDS logs and will post them.

Any help that you can provide would be great.

Thanks.

Answer:Infected Trojan of some kind maybe MyWebSearch

Additional information.I am fairly certain that I have AntiSpy 2009 rootkit on my machine. Netlogon.dll is infected. I appreciate any help to remove it.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted y... Read more

3 more replies
Relevance 48.79%

First, my specs:
WinXP SP3, as up to date as possible
Running Avira AV

The problem started out as a typical google search redirect, with the usual malwarebytes blocking - so I booted into safe mode and ran malwarebytes, and it detected 5 objects, all with the phrase "trojan.dnschanger" in it.

So after removing them through that, I ran an avira scan until it caught something called "rootkit.gen3" or something like that.

So after quarantining that, I rebooted into normal mode (my system restore is not active), and now I have no internet connection at all.

I'm trying to run a gmer scan now, but it seems to not be letting me, and keeps locking up the machine, so for now all I can post is the other stuff:

(I was able to run a hjthis scan, and could post that, or my malwarebytes log, if requested).

Thanks

DDS (Ver_10-12-05.01) - NTFSx86
Run by Mike at 15:06:37.62 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2481 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Pro... Read more

Answer:Infected with some kind of trojan or malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

1 more replies
Relevance 48.79%

About a week ago, my computer got infected with a virus/trojan of some kind. I think it originally came from a facebook image file I was attempting to open. Over the past week, my computer has been running slower and slower and my internet has ground almost to a halt, especially when using a web browser. In addition, when I start the computer, it displays an alert message that says, "C:\WINDOWS\system32\ddcApnLe.dll is not a valid image file." I've tried using both VundoFix and VirtumundoBeGone. VundoFix did almost nothing, but I think VirtumundoBeGone helped out the speed of the machine quite a bit. But unfortunately I am still getting that same alert message, leading me to believe the root of the problem still exists. I was hoping someone could help me figure out the problem and how to fix it. Thanks! These are my two HijackThis logs:Deckard's System Scanner v20071014.68Run by Mark Smith on 2008-04-25 20:44:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --81: 2008-04-26 01:44:23 UTC - RP546 - Deckard's System Scanner Restore Point80: 2008-04-25 21:42:13 UTC - RP545 - Windows Defender Checkpoint79: 2008-04-25 05:34:01 UTC - RP544 - Software Distribution Service 3.078: 2008-04-25 05:32:08 UTC - RP543 - Installed Windows ... Read more

Answer:Infected With Virus/trojan Of Some Kind

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

9 more replies
Relevance 48.79%

Hi there
 
Not quite sure how to describe this but i'll try my best.
About a week ago the internet started working really slow, until at one point it just stopped working at all, well
all of the the internet outside of my country stopped working for us and only servers in my country worked, I live in Iceland, only websites ending with http:/www.*.is worked for us.
I called My ISP and they told me that our IP address had been blocked on either side of the Farice fiber to iceland.
I asked why that happened, he said that we had been under a UDP package attack and our IP was receiving about 
100-150mb per second of UDP packages which crumpled their servers and they had to do a full reboot of the system.
the next day after the attack they changed our IP address, it was a fresh one and had no connection to us, about 1 week
later the attack started again and it was the same story, their servers crumbled and we were IP blocked again.
Because of their small servers and no 24/7 support they wanted us to move to another company which had much
larger servers and bandwidth and better support than the one we were originally at.
 
So....
At first the net was stable and everything was ok, but the next day the net went *bleeping* again, had to restart the
router to get it back.
So there must be a virus/rouge/malware in one or more of the computers that sends a signal or something to attack us.
I believe that i've narrowed the problem to certain machine on the local net, it had ... Read more

Answer:I believe that I'm infected with some kind of UDP attack virus.

Hello playman, I suggest starting with the main run these. Then do each machine.Let's do one at a time.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Des... Read more

11 more replies
Relevance 48.79%

A couple days ago internet explorer kept popping up every 10-20 seconds with the same website about renting movies. I went on line to try to find something to help me solve the problem. I found the following website:http://answers.yahoo.com/question/index?qi...04152134AAfesHOThey told me to do the following:get these free tools... adaware(lavasoft.com) spybot(safer-networking.org) HiJackThis(trend.com) winsockfix v1.2(majorgeeks.com) CCleaner (ccleaner.com)install and run the adaware/spybot updaterdisable restorestart-run-apps-accessories-sys... disk cleanupreboot safe mode w/ networking (continually press f8 upon reboot)Run adaware and spybot deleting anything they find.Run Hijackthis (this shows all BHO's on ur browser~very important)Run CCleaner (Repair/delete anything it finds)Run free online scan (trend.com bitdefender.com pandasoftware.com) remove any findingsRun winsockfix v1.2rebootenable restoreI did all of these steps, rebooted my computer, and found out that my computer now runs slower after running these programs than it did before. Sometimes I have to turn my computer on or off a couple times to even get it to work at a manageable speed. Once working at a manageable speed, i seem to only have about an hour or two before eveyrthing starts slowing down again. I then get warnings about my virtural memory being low. after hitting control-alt-delete, I see that explore.exe continues to take up more and more virtual memory. It will end up going over 1,000,00... Read more

Answer:infected with some kind of adware, not sure what it's called

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 48.79%

my dad's system seems badly infected with malware. MBAM removed 700 or so threats. Also scanned with ad-aware and spybot and eset online virus scanner. I am trying to install microsoft security essentials but the system seems to prevent that. it seems to create random alphanumeric folders in the D drive and then cant find the MSE installation file and I cant browse to it.Also, the mouse is double clicking instead of single clicking and I cant find a mouse setting to change this.System has been infected a while. Dad uses system restore when it gets bad, but it doesnt seem like that is a permanent solution. Thanks in advance for your help.Here are my logs..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Jerryberube at 19:42:30 on 2012-01-01Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3075 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\program files\dell\media experience\d... Read more

Answer:infected with malware - dont know what kind

Hi Bubba7827,

I will be handling your logs to help you get cleaned up. Please give me some time to look them over and I will get back to you as soon as possible. Thanks in advance for your patience.

61 more replies
Relevance 48.79%

I am having issues with my computer.. I have Zonealarm firewall and Avast Antivirus. Avast has not alerted me to anything unusual, however over the past few weeks, Zonealarm says computer IP 192.168.1.3 is trying to connect to my computer.. This happens anywhere between 7 to 12 times a day. The attempts are blocked through zonealarm but I want to get rid of the cause. Also, Zonealarm notified me that something called RAZERTA was trying to send data from my computer. I'm not sure what that is?

Please forgive me, I know very little about computers, so I may sound like a complete idiot.. My computer isn't doing anything weird, other than running a little slow, so I didn't do anything about the zonealarm alerts. However, I maintain a few websites, and recently somehow they were hacked into and malicious scripts were added into the headers of the index pages of all three of the sites I work on. I removed the script and reloaded the index pages, and the sites stay clean for a day and then have the same issue the next day.

Please help me.. I'm assuming my computer has something funky on it. I had downloaded some webcam programs like skype and oozoo and msn messager over the past few weeks, but when I started having computer issues I deleted all three programs.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Charity at 15:00:08.43 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.349 [GMT -7:00]

AV: avast... Read more

Answer:Infected computer, not sure what kind of malware?

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following: 1. Click on the My C... Read more

2 more replies
Relevance 48.79%

Someone has too much information about what sites I am visiting and emails I have sent and their contents, is it possible this person is using spyware to snoop me out? Please help me, here is my logfile: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:10:19 AM, on 10/6/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\WINDOWS\System32\WLTRAY.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\P... Read more

Answer:Is Someone Stalking Me? Am I infected with some kind of spyware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 48.79%

I have recently been infected with some kind of virus or spyware. As my internet has gone funny and wont open a high majority of websites such as dingblog.com. I also get wierd sponsored links when searching in google.com such as brittaniasearch and porn sites that I didnt use to get before. I have ran a scan with spybot,nero 360, ad-aware, pc guard but still the problem remains. Some help would be greatly appreciated

Answer:Infected by virus/spyware of some kind

Follow the guidelines here...http://www.computerhope.com/forum/index.php/topic,46313.0.htmland a specialist will see you in turn.

1 more replies
Relevance 48.79%

Hi, my computer has XP home, and I think it's got infected with a virus. I have AVG and other anti-virus software called V3-lite and AL-YAK. Lately, V3-lite's real-time scan function is shut down for some unknown reason, and none of the anti-virus software seem to pick up any virus when they scan the computer. On top of that, since this Monday, my MS Outlook is failing to retrieve or send e-mails. Any help would be greatly appreciated.

Here is my DDS file:

DDS (Ver_09-10-13.01) - NTFSx86
Run by u at 15:27:16.27 on 10/22/2009 Thu
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.1527.691 [GMT -7:00]

AV: V3 Lite *On-access scanning enabled* (Updated) {A5B78720-5B41-4D39-B70F-131ABDA6F977}
AV: 알약 *On-access scanning enabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AhnLab\SiteGuard\SGsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS... Read more

Answer:I think my computer is infected with some kind of virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 48.79%

I cought some kind of redirect malware. WHen I click on a link in firefox or IE, different sites open, but not the one that I clicked.
DDS (Ver_09-09-29.01) - NTFSx86
Run by ymilman at 11:11:21.93 on Wed 10/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.2814.1443 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Rational\ClearCase\bin\albd_server.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\KACE\KBOX\KBOXManagementService.exe
C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\cccredmgr.exe
C:\Program Files\Rational\Clea... Read more

Answer:Infected with some kind of redirect malware

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:59:01 PM, on 10/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Rational\ClearCase\bin\albd_server.exeC:\WINDOWS\system32\cisvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\KACE\KBOX\KBOXManagementService.exeC:\Program Files\KACE\KBOX\KBOXSMMPService.exeC:\Program Files\Rational\ClearCase\bin\lockmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cccredmgr.exeC:\Program Files\Rational\ClearCase\bin\view_server.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\PRO... Read more

3 more replies
Relevance 48.79%

Internet Explorer is extremely slow and without any clicks it automatically opens new windows redireted to unsolicited sites, such as: registrydefender.com, internetcorkboard.com, mydealmatch.com, and others.On the task manager I noticed a process wuauclt.exe going consistantly at 50% of CPU time. The same with one of the svchost.exe going at between 40 and 50 %.The DDS.txt lof file follows:DDS (Ver_10-10-10.03) - NTFSx86 Run by Carolina at 17:09:19.25 on Fri 10/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.414 [GMT -4:00]AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exesvchost.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32 ... Read more

Answer:Infected with some kind of browser hijacker

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 48.79%

I have been infected with some rogue programs, I tried to remove it with MBAM but on restart I kep getting errors and the the virus came back. Below are the RSIT logs. Please help.Logfile of random's system information tool 1.06 (written by random/random)Run by Debbie at 2009-04-08 17:50:07Microsoft Windows XP Home Edition Service Pack 2System drive C: has 52 GB (72%) free of 73 GBTotal RAM: 958 MB (55% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:50:22 PM, on 4/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G US... Read more

Answer:Infected with some kind of rogue program

Hi Darkumas,

The Computer is heavily infected. Please make sure it is disconnected and not used.

It is too late here and I have to get some sleep. Tomorrow I'll post a fix.
Regards,

farbar

11 more replies
Relevance 48.79%

Please Help I can't seem to remove this from my computer...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:27:40 PM, on 8/02/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exeC:\Program Files\ClamWin\bin\ClamTray.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\... Read more

Answer:Infected withe some kind off system 32

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

21 more replies
Relevance 48.79%

I got infected two days ago with some kind of worm. It was the Antivirus XP Pro 2009 fake antivirus software, which MBAM took out, but there are some lingering side effects that I can't shake and it's causing me great difficulties.

My browser is going through that awful google-redirect and I'm getting redirected all over the place.

My automatic updates shows that it is off, but it is actually on.

I put in a flash drive, and it does not appear in the my computer window.

performance is down.

everytime I re-run MBAM, SpyBot and or PCTools Spy Doctor, I get a whole host of new infections even after full scan and reboot.

For the life of me, I can't remove this thing and it keeps reloading itself each time I log on.

Please help.

Thank you.

Here is the DDS log

DDS (Ver_09-03-16.01) - NTFSx86
Run by Peter Kim at 11:41:22.81 on Thu 05/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google g... Read more

Answer:Infected with some kind of worm. Vundo maybe?

Mods: Please close topic. Resolved. Thank you.

2 more replies
Relevance 48.79%

If anyone could help, that'd be great.just yesterday my laptop started redirecting every web page I open to ridiculous adds. every single web page or web link I click opens a new tab and redirects me to an ad and only when I close that advertising tab does the web page I want open. Running Windows 8 and it happens in Chrome and IE, i was told to see does it still happen in incognito mode in Chrome and it persists there too.At the same time, it started happening on my phone too. any web links I click on Chrome or on the phones factory browser open a new tab full of ads and when I close that tab, it takes me where I want to go. Strangely if I click a Facebook link on the phone it doesn't open the link, but takes me to the google play store to random games and crap like that. The phone is Android 4.4.4I've tried spybot, avast, avg, malwarebytes on both the phone and the laptop and they have found nothing. I've tried avast on the laptop too which has found nothing.both the phone and the laptop are only a few weeks old so I did a factory reset on both the phone and laptop (because I hadn't much data to lose) and the factory reset didn't get rid of the problem either. I know that is probably the virus removal equivalent of turning something off and on again and expecting a fix.
 
now, i took out my old laptop to post this and just discovered that my old laptop (that had always been trouble free)(Windows 7) seems to have the same problem and my mothers smartphone (android 4.4.4... Read more

Answer:Definitely Infected with some kind of ad redirect, don't know where to start.

Are all the gadgets using the same WIFI? If so, Reset your router. If you don't know how to do that, post the make and model of the router.

0 more replies
Relevance 48.38%

Hello,

I am seeking your assistance.

I was somehow infected with a ransomware virus tonight. It seemingly only appeared after I ran malware bytes, which I'd decided to do because my system was running slowly.

Now, loads of my files are encrypted, including some really important things.

I think I have removed the virus (after having run malwarebytes, and I can't see any traces in the registry) but I'm not sure.

So, I would really like help with 3 things:

1) Identifying exactly what was infecting my system
2) Identifying whether it's still infecting my system
3) Any conceivable way I can decrypt my encrypted files (I do not have a system restore point I can go back to). This is the most important one I need help with.

Any help would be massively appreciated.

Thanks,

Mockmaster
 

Answer:Infected by some kind of Ransomware/Cryptolocker/Cryptowall?

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 48.38%

ok well for some reason everytime i click on a link or a search result my browser opens a new tabs with advertisments i have runned malware bytes but i doesnt remove it i have run spyware tool that dont help either
maybe someone can assist me on cleaning my pc from this junk and so i can feel more secure while using this pc

Answer:My Browsers are infected with some kind of click fraud

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

47 more replies
Relevance 48.38%

Not sure how to deal with this infection, keeps messing up the winpatrol so I have to shut it down. 

Answer:Infected with some kind of Kernel, disabled Winpatrol

Can you be more specific about is being disabled?What exactly is happening with WinPatrol?What version are you using?

7 more replies
Relevance 48.38%

I don't know what to do. I hope this is right place to post this. My other computer got some kind of viurs a while back. I tried to get a free spyware software but that just made it worse. Now I can't start up the computer because the computer will freeze becuase there are some many different items trying to start. So I don't even know what virus it is.

Answer:My other computer is infected with some kind of virus/ Moved

Hello spiritsamuri and welcome to BC As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.In order to assist you, we need some additional information.What is your operating system: Windows XP, Vista, etc.?I tried to get a free spyware software but that just made it worse.Please tell us what the name of that program is.What security programs do you have installed?Now I can't start up the computer because the computer will freeze becuase there are some many different items trying to start.Can you identify what these items are?Are you able to get into Safe Mode?Orange Blossom

12 more replies
Relevance 48.38%

hey there can someone please help im running windows xp and latly my computer has been playing up, like it was restarting evertime i would start up and as soon as i see my background it would bot up again. but now when i start up and logon i get all these error messages and there is some "status installer " trying to run here is my hjt log thanks for helping

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\utorrent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = abou... Read more

More replies
Relevance 48.38%

Hi,

When searching in google clicking on search results redirects me to random pages. Strangely it's only occasionally, and not every search result. Seems to happen quite at random, and oddly enough didn;t happen when I just tried a random search. I have run malware bytes, spybot search and destroy and superantispyware. But the problem still happened after the runs. I'm on XP and have avast and zone alram installed.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Jon at 20:14:43.26 on 28/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.705 [GMT 0:00]

AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:&#... Read more

Answer:Infected with some kind of Firefox Google Redirecter

Hello VictorSkyeWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked b... Read more

11 more replies
Relevance 48.38%

Hi, I share this computer with my parents, and when I came home from some friend's place, I had this google "virus" that directs me to Search-Daily.com, so I would be happy if someone could help me to fix it.Here comes my logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:28:03, on 2008-01-28Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exeC:\apps\ABoard\A... Read more

Answer:Infected With Some Kind Om "virus" (searh-daily)

Hi,

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new HijackThis log and give a description of how your computer is currently running.

9 more replies
Relevance 48.38%

So I got infected by the TDL3 Rootkit virus. After many scans with things such as MBAM, AVG Free, Hitman Pro, and TDSSKiller, I though I got rid of the TDL3 virus. But, I noticed that in Firefox, I still have the symptoms of the "Google redirect virus". I definitely need some help to get rid of this darned thing Any help would be greatly appreciated. Also, I ran multiple scans with GMER. Each time I tried, the scans take HOURS to complete, and whenever I try to click "Save" to save the log after the scan is completed, the program ALWAYS stops responding. :'[ I've noticed that the only results that come up in the scan appear in the first few minutes, though....Anyway, as requested by boopme, here is the DDS log:[(*Note, I foolishly had many tabs open in Google Chrome Hence all the GoogleChrome open applications*)]DDS (Ver_10-03-17.01) - NTFSx86 Run by John at 22:08:31.21 on Sun 09/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.1368 [GMT -4:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exe... Read more

Answer:Infected with some kind of Protected Malware (TDL3?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

18 more replies
Relevance 48.38%

The other day I searched for ballet play lists and clicked on one that infected me. 
 
I'm getting pop ups on chrome for a chat and another saying your download is ready, install now, and I can't close the window without shutting chrome down through task manager. 
 
I'm running Windows 8 on a gateway nv570P09u laptop. 
 
I also uninstalled quicktime plugin on chrome around the same time - not sure if it's related.
 
I ran housecall and eset in regular mode and adwcleaner in safe mode and it cleaned a couple things but I'm still getting the pop ups. 
 
Please help, thank you.
 

Answer:Infected with some kind of pop-up saying my download is ready and chats

Hi. I'm checking your log now and will reply with instructions soon.

19 more replies
Relevance 48.38%

Hi there - I heard that your forum is good for helping people out with virus problems (and costs less to donate if successful than taking to a store!). Basically, I ran a CD from my girlfriend's internet provider a few weeks ago and it seems to have installed some nasties onto my pc. I've had various problems since - reports of trojans trying to attack my system, websites redirecting themselves to other sites, the pc running incredibly slow for periods, applications not opening part of the time, firefox not opening at all any more. I've tried running various virus checks and security software but none of them have fixed the problem. I've followed the instructions in terms of what to post here, although I couldn't get a report from GMER because it kept resetting the computer about 30 seconds into the scan. If anyone is able to help I would really appreciate it. Thanks a lot for your time.

Hijack This info:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:59:24, on 23/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOW... Read more

Answer:Am infected with some kind of virus/trojan/spyware

Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:

Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for ... Read more

3 more replies
Relevance 47.56%

I think my flash drive/pen drive get infected with some kind of weird virus... When I open it I see the only shortcut name of flash drive itself inside the drive. No folder or files are visible. e.g. lets say If I connect my drive to PC and open it I see shortcut named kingston (8GB) When I double click on it I can see the error message ,    Error Loading ~$WJKLOZIEL.NFC Specified module could not be found.
I have scan it on Quick heal with updated virus database of 4 April. I can see it scanning all the folders and files inside the drive but that nothing works. still I can see only the shortcut of that drive.
What to do ?
 

More replies
Relevance 47.56%

Hi everyone. this is my first post here..
I will get straight into my problem. So recently I m seeing that some of my startup programs are not starting they r giving "XXXXXXX.exe has stopped working".. Sometimes this even happens with my browser Google Chrome. At that time i need to reinstall it ad it works again. But now even the task manager has been disabled . I am just totally confused here waht to do. Can someone help me. I tried adwcleaner.. and combofix as well.. but after using combofix it shows that registry editing has been disabled by administrator. just like in task manager shows it has been esiabled by administrator.. Someone plz help me.

Answer:Some kind of virus has infected my pc and is basically corrupting many programs

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

14 more replies
Relevance 47.56%

I have some kind of malware infection that interrupts my internet connection about every 3 to 4 mintues, for about 30 seconds or so.  I've run Combo fix, Rogue Killer, Malwarebytes, Spybot, TDSSKiller, Rkill, Trend Micro Rootkit Buster and Gmer. Rogue Killer finds some Rootkit files but can't remove them.  I also ran Hijack This! but didn't see any obvious problems.  I need some help I think.  I know it's malware because whatever it is isn't affecting my Linux installation, also on the same hard drive, in a dual boot.
 
Thanks.
 
Nick

Answer:Infected with some kind of malware that interupts my internet connection

HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, FRST, OTL, Zoek and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.Since you already ran Combofix due to possible malware infection, its log should be thoroughly reviewed by trained experts in order to ascertain what was detected/removed and what malware you're dealing with. A log should have been created and saved to the root directory (%SystemDrive%), usually C:\ComboFix.txt.Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.If you cannot complete a step, then skip it and continue with the next.In Step 6 there are instructions for downloading and running running running FRST which will create two logs.When you have done that, post your logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for ass... Read more

1 more replies
Relevance 47.56%

 I think my flash drive/pen drive get infected with some kind of weird virus... When I open it I see the only shortcut name of flash drive itself inside the drive. No folder or files are visible. e.g. lets say If I connect my drive to PC and open it I see shortcut named kingston (8GB) When I double click on it I can see the error message ,
    Error Loading ~$WJKLOZIEL.NFC Specified module could not be found.
I have scan it on Quick heal with updated virus database of 4 April. I can see it scanning all the folders and files inside the drive but that nothing works. still I can see only the shortcut of that drive.
What to do ?
 

Answer:Flash drive infected with weired kind of virus ?

Hello -
Instructions
1 Turn on the computer, wait for the operating system to fully load and insert the flash drive. The operating system will display a message asking what you want to do with the contents of the flash drive. Click "Cancel" to close the message.
 
2 Click "Start" and then "Run" to launch the Run command box. Type in 'cmd' and hit "Enter" to launch the Command Prompt. You will see a window appear with a black background, with a blinking cursor next to "C:\"
 
3 Minimize the Command Prompt window and go to "My Computer." Right click on the flash drive icon and check the drive letter assigned to the drive. On the Command Prompt window type in the drive letter and press "Enter." If your drive letter is "E," type in "E:" or select the correct drive letter, and then press "Enter."
 
4 Display the list of files contained in the flash drive. In the Command Prompt, type in "dir /w/a". That is, 'dir-space-slash-w-slash-a'. This command will display all the files stored in the drive. Check whether the drive contains unfamiliar or suspicious files you did not put in it. Common signs of infection are the presence of files such as "Autorun.inf," "Ravmon.exe," "svchost.exe," and "Heap41a."
 
5 Disable attributes of infected files. In Command Prompt, type in "attrib -r -a -s -h *.*"NOTE: That is, 'attrib-space-dash-r-space-dash-a-space-dash-s-space-dash-h'. Press "Enter."
This command will disable, in order, the 'read only,' 'archive,' 'system' and 'hidde... Read more

3 more replies
Relevance 47.15%

Help!!! my screen is red with a warning that says spyware detected. it has become my desktop picture. Now when i go to my computer some folders are missing such as my harddrive. What's more i cant install anti spyware programs now, i dont know why. Probably because the application that runs them has dissappeared. Now i when i access folders a popup comes out saying something like virus detected would you like to download anti spyware? if i press ok or no it directs me to a site that has been blocked for my safety by avg which i used to have. The avg seems not to work now. When i try to open it the computer asks me to choose a program to open it with! What do i do?? HELP!!!!!
 

Answer:Help! Infected with some kind of virus now i cant find my hard drive on my computer!

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/735500-strange-virus-don-t-know.html
 

1 more replies
Relevance 47.15%

Tried downloading an ebook torrent. Surprise surprise, what I got was a lot of... something-ware.
It started out with a bunch of UniSales screens, which I got rid of by downloading MalwareBytes and Avira for good measure (been using Microsoft Security Essentials).
Basically, it makes my computer load really slowly, plus I have to keep scanning to get rid of the darn things.
BTW, my computer is a Dell Inspiron All-in-One, Windows 7
 
If you need any more details, just ask
Any help would be greatly appreciated. Thank you
 
EDIT: Also noticed, when a site is loading, at the bottom of the screen where it says suchandsuch.com is loading, the name is completely different than the actual site
 
MalwareBytes turned this up: ADWARE/MultiPlug.Gen4
And ADWARE/InstallCore.Gen

Answer:Infected with some kind of malware/adware... the letters PUP show up alot

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

22 more replies
Relevance 47.15%

Since yesterday I keep receiving this message in a popup from norton "Norton blocked an attack by: system infected: Fake Plugin Activity 2" It pops up every time you open any browser (firefox, IE, Chrome), and keeps popping up a few times a minute while browsing online, or even as I am typing now. Norton, up to date Norton Security, says that it blocked the attack and that "no further action is needed" but my online searches seem to say that I am already infected and Norton is fighting it on the inside, whatever that means. I also downloaded Norton Power Eraser, and I still continued to receive this message after it was complete and my system rebooted.
 
As I am using the computer all kinds of pop up ads are appearing.  Some for fixing computer problems and other random ads.  Even as I have typed this, some other Norton windows popped up, one with fake plugin activity 3, and a completely different one that didn't last long enough for me to see.  So I don't know if I have a bunch of viruses or just one.  Each time it says that norton blocked it. 
 
I am using Norton Security and used Power eraser.  I have no other malware programs.  I have Windows 7, 64-bit. 
 
aircap

Answer:I have some kind of virus: system infected: Fake Plugin Activity 2

Hi aircap63,
Your report analysis  on other Forum  continues.
Therefore this topic is closed. Sorry.

1 more replies
Relevance 47.15%

I'm certainly infected, my Windows 7 firewall service is missing on the task manager and an error coded 0x80070424 keeps appearing when I try to restore windows firewall to it's original settings. My antivirus (MSE) always reports an infection and my usual action is to remove the virus. I don't what is causing the infection. Me myself knows what to download and what's not.

OS: Windows 7 Ultimate 32 bit
AV: Microsoft Security Essentials

DDS LOGS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Royce Borja at 10:46:18 on 2011-12-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1964.1062 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows ... Read more

Answer:Infected with some kind of rootkit/virus, Firewall Service Missing

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

12 more replies
Relevance 47.15%

Whenever I use Mozilla Firefox and go onto www.google.com and search something every search result i click redirects me to some random site. Usually the sites have an ip address in front of it that the site it self or just a random site like shopica.com. I also get a invalid floating point opperation error when running some programs. The only way i could acess this site was through a proxy because of my current issues.

Have tried to download Spybot and Malwarebytes' Anti-Malware but i can't get them to run. Spybot cant update for some reason.
I have run scans with AVG Anitvirus, CCleaner, and other removal tools,but with no success of removal please help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:37 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgt... Read more

More replies
Relevance 46.74%

Zeus Trojan steals $1 million from U.K. bank accounts
http://news.cnet.com/8301-27080_3-20013246-245.html?tag=topStories2

A fairly quick read...I had been reading about the Zeus trojan and how it's hitting PCs.
I just saw this article today on a colleagues FB page....
Here's the part that's alarming...you MAC users that keep thinking you're immune...

"While more than 280,000 compromised computers were running some variant of Windows, there were about 3,000 Macs running the exploit kit that were part of the botnet, along with about 300 PlayStations and seven machines running Nintendo Wii, the report found. "

3000 MACs in the botnet

And how many people here think it's safe to stick your gaming console in the DMZ of your router? Just because it's not a Windows OS.
 

Answer:The Zeus Trojan....wiping out UK banks..but read what kind of computers got infected

3000 MAC's!! dang, thats like half of the total amount of MAC users right?
 

10 more replies
Relevance 46.74%

Hi,
I have some kind of infection on my computer. I have a windows XP home edition. and I only use firefox. i have a wireless connection and two other laptops in my computer that i constantly use (all windows XP also).
The signs that I see of it are:
1- many times when I click on links the website tries redirecting to somewhere else. firefox however stops it from doing that (i get a little toolbar on the top that says website tried to redirect, and it asks me if i want to redirect it)
2- i have a little magnifying glass that shows up in the lower right hand tool bar- date/time area. when i left click on it it and a box shows up. the title is 'search settings' and then it says 'prevent unknown programs from changing your default search settings without your knowledge' and then it has possibilites for IE and Firefox, with two options. the first option 'notify me first before allowing changes to my settings' and the second option is 'allow programs to change my settings'. the second option is the one that is checked off, and the settings cant be changed at all, i can only see it but i cant change it. sometimes one anti virus or another will be able to remove this magnifying glass (which i pretty much use as an indicator if my pc is clean or not) but the next time i restart my computer it will be back.

what have i done:
1- i used to run lavasoft adaware, symantecs and avast. they would be able to remove the 'magnifying glass', and each... Read more

Answer:infected i think with some kind of worm, keeps coming back, antiviruses cant detect it anymore

Hello. How many active antirus programs are running? Now let's see what we can find. Please for this scan disable all AV's after download,Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from
here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD
and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button... Read more

13 more replies
Relevance 43.46%

what kind of printer will connect to this type of computer

Answer:what kind of printer works /with this kind of comp...

It can be a bit confusing... You need either a Google Cloud Ready printer connected to your internet or you need a Windows/Apple computer with Chrome installed, connected to your internet, sharing an older printer. Once you have either of those setup you can print through Google Cloud Print.

1 more replies
Relevance 43.46%

Hi everybody, got some troubles

My old memory, Kingston 1GB PC3200 CL3 148-Pin DIMM Kit (512x2) fits and works perfectly, but I just bought a 2GB kit: Crucial 2GB 240-Pin DIMM PC4200 UNBUFF

The problem is (you've probably worked it out by looking at the mem specs) is that the slot on the new memory doesnt match up with the bar going accross my memory bank.

Which part of the memory specifications defines where abouts the slot is on the actual memory module is?

My motherboard is a GA-7S741M

Soz if im not very good at explaining,

can anyone help?
 

Answer:I bought the wrong kind of memory... what's the right kind?

16 more replies
Relevance 41.82%

Well I ordered some RAM off ebay. PC3200 512 X 2. One stick is fine, but with the other one I get this. This is the second one the guy sent me and I think he sent the exact same one back thinking I wouldn't notice. I tried a different slot on the board too - same thing. I tried having only one stick in there and it was fine, but when I swapped sticks into the same slot - boom. Grrr...

Answer:Gee, I dunno... bad RAM?

Well well well.. should be easy enough to figure out where this problem started............


















Quote:




Originally posted by Snump
Well I ordered some RAM off ebay

7 more replies
Relevance 41.82%

I keep getting annoying, sometimes pornographic popups, since I downloaded lovefreegames.com. I have since deleted lovefreegames, but I am getting popups pretty bad. I have run SpyBot S7D, Adaware, Norton, and finally HJT. Here is te log from HJT. Anyhelp would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 314 PM, on 03/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\AIBBRWB.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\CALC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\OPSCAN.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32... Read more

Answer:Dunno what else to do...

*bumping up*

4 more replies
Relevance 41.82%
Question: i dunno

This seems pretty easy but,this is what it does during installation.Should the spaces be removed along with the semi-colon or is this a normal config.Just seems a little odd to me..
C:\Perl\bin\perl.exe;C:\WINDOWS;C:\WINDOWS\COMMAND\;C:\Python25;C:\progra~1\common~1\gtk\2.0\bin; ;C:\RUBY\BIN
 

Answer:i dunno

What you have is a Windows rendition of $PATH which delineates the various directories that are searched to find a command to be executed.

Spaces are ok for file names and directory names on Windows systems. So, I would say leave them as is.

To demonstrate, you can put an executable with a unique name, e.g. hello, in any one of the directories - i.e. separated by the ';' character in $PATH, then position your command window to your $HOME directory, and give the command:
$ hello
where hello is the executable name of the hello world program that just prints out the words: Hello, world!

I would then move the hello executable back to your home directory.

Unless your installation triggered an error message regarding $PATH - it is nothing to worry about.

-- Tom
 

2 more replies
Relevance 41.82%
Question: Dunno what it is

Ok i have spyware but dont knwo what it is. My ad-aware comes up clean, nothing from trend micro or anything. It sits on my desktop on the bottom right and autohides under the taskbar, when you mouse over it it slides up and has a drop down menu wiht three options. "clear history" "Taskbar Activates""and "Hide Search" It also has a text box that you cant type into that says search the web

Any idea on what it is?
Any help is appreciated.
 

Answer:Dunno what it is

nevermind, its that wonderful desktop.exe, thanks for the help
 

1 more replies
Relevance 41.82%

do ppl still * torrent* if so whatcha using?

2nd question.. how do i access the dark web
 

More replies
Relevance 41.82%

Dell Dimension C521 with XP Home loaded. Some time ago I installed a Linksys 2.4 GHz Wireless G PCI adapter with speed booster onto the motherboard, set it up properly and it worked fine.
Now I wish to connect a wired modem (Clearwire) for internet access, but XP is not recognizing the modem at all, only the wireless adapter
I have checked the ethernet connection on the computer, it's OK
No matter how many times I run the XP connection wizard, the modem is just not found
Did I somehow erase the program or driver that would recognize any modem ?
How do I get it back?
Thanks in advance !

Answer:dunno what I did, please help!

You should go to the homepage for the modem, and download the latest drivers. It sounds like you do not have the drivers installed.

4 more replies
Relevance 41.82%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:32:53 AM, on 10/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\... Read more

Answer:I dunno how to fix this, need help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 41.82%

anyway this is what happend i went to open a game it was called WolfTeam it loaded but did not pop up. so i restarted the pc and after that i started getting BSOD (blue screen of death). i went and disabled the auto restart after system error and got this msg after restarting with another bsod it said Win32k.sys so i googled it and from what i have read it says ram problem. so now i figured 1 more reboot wouldnt hurt it rebooted and got to the login screen but the resolution was all messed up i seen lots of diff colors and everything was BIG. so at that point i decided to take out a stick of ram i have 4 gigs of ram btw after taking out 1 stick it loaded good and let me login normal but then i got another bsod.. after that i read to take out the battery that is on the mobo to reset the memory or what have u after that when i turn on the pc the lights come on the hardrive kicks on everything works but now i cant get any video to the monitor.. i cant get into my pc to tell u all the specs but ill try to name off some.nvidea 8600 gt4 gigs of ram corshairgigabyte mobo320 gig hard drive seagate2 dual core intel processor500 wat power supplywindows xp props. and another thing i went into bios and i may have disabled the video card witch i dont know how i did.Thnx in advance any suggestion is appreciated...-Travis

Answer:Dunno what i did... =/

In fooling around in the BIOS any number of variables could have changed here.Remove all power sources.Remove the CMOS battery for 10 minutes.Turn on and off your power switch a few times with the above removed to discharge any resident charge.Replace the battery connect everything and re-boot.Did you say that you have 2 processors in that machine ? ?When posting specs it's helpful to include model #'s...

14 more replies
Relevance 41.82%
Question: wat? i dunno

Im really bad at this kind of stuff so hopefully someone can help.
All i know so far is that when i try to boot windows, it goes to the safe mode / last known good config screen. tried to load the last known good config and it didnt help. i was told that after a windows update was installed and computer was rebooted, it just wouldnt load windows. sorry for the lack of info, but i got nothin... im tempted to just reinstall windows.

anyone?
 

Answer:wat? i dunno

Hi Steve

Guessing it wont go into Safe Mode either and recycles back to same screen?

Could try a repair of windows and boot to OS CD.

Or as you say just bite bullet and go for clean install, but does the HD have data thats needed to be recovered first? if so I did a weird trick a while back, just one of those weird moments when a spark of genius jumps out and as I have Acronis True Image 2009 installed, and a rescuse CD created it booted to that and managed to be able to just Image the My Documents folders and other folders to portable HD, then formatted PC and installed Windows XP again, installed the 15day trial of Acronis 2009 (available from Majorgeeks) on that PC, plugged in the portable HD and managed to drill down into the Image and right click copy and pasted the folders to the desktop and then left the user to move them into the correct folders.
 

7 more replies
Relevance 41.82%
Question: I dunno here...

I have been getting weird spyware from my Ad-Aware scans, like tracking cookies when I use Firefox, and it actually found a file. I just did a scan with McAfee, and after it finished it found a trojan and I deleted it. Here is the logfile, but I don't know if there is anything bad on it. I hope not. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 10:25:36 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avg... Read more

Answer:I dunno here...

Hi..Not to much to clean out.

Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

AWS

----------------------------------------------

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed).

C:\Program Files\AWS

-----------------------------------

When finished please post a new log......

1 more replies
Relevance 41.82%
Question: dunno what to do

I'm at a crossroads here. On one hand I really want to have my computer built VERY soon as I only have 2 more parts to order, and on the other han dI really want WIn Vista since it will be the next step in innovation and be 64 bit, and be required by most games coming out in Jan and after (I think)

problem is that Vista doesn't some out till end of Jan, and I want this comp done by end of Dec. I was thinking about getting Win XP media center to maybe hold me over but I don't know. In a month I would just be shelling out another $200 for Vista so I would have wasted so much money. What should I do!!

Answer:dunno what to do

just get xp and use it, and don't get vista for a couple of years. i have yet to hear of any games that say they will be vista only. the only thing vista has over xp gaming wise id dx10, and the 1st vid card t support it just came out and is over 600usd. so unless you have the nvidia 8800, you won't even be seeing dx10 in use, even if you get a game that uses it (i don't believe any are out yet). after using vista rc1 for a while, i just went back to xp. for me vista didn't give enouph tweeking power over my system to get the most speed for my gaming. the os just simply doesn't allow for 100% user control over the os like xp is. vista is just too concerned about protecting you and its self.

8 more replies
Relevance 41.41%

clinteast
Hi chaps having a nightmare with pc at moment and looking for some ideas please.

To cut a long story short I was playin EQ2 and my pc went kaputt.

At first it would not boot up and kept changing the cpu size from 1500 to 2800.

Then I unplugged and replugged everything and 9/10 it would not boot up at all as in nothing would come up on monitor.

Eventually i had to call an engineer out who charged 20 quid for first hour 45 for 2nd fortunately he wasnt there for more than an hour.

He tested everything and was dumb founded. Sometimes it would boot up then freeze most of the time it would just reboot and then sometimes not even boot at all(using my pc as we speak).

He ultimately thought it was my memory so i slipped him 20 quid and went and bought some new memory. Stupidly guy behind the counter has given me pc 3200 ddr400 i swapped the memory round and it kept booting but restarting as i click on icon to log in(I meant to get pc 2700 ddr333).

My chip is amd athlon 2800
Win Xp Pro
400 W
ATI radeon 9800 xt pro
80 gb hd
On board ac97 sound cmedia

I have been reading on net that it might be my psu but i thought 400w should be enuf. I guess i could buy a larger model 550w maybe.

Or maybe its my mother board as sometimes it lets me boot up like it is now but it will probably reboot half way thru this message.

Also another note on booting up sometimes it read my memory as only having 140mb in or some other insane figure and freezes when it has a stick of 512mb in.

I... Read more

Answer:Pc Reboot/Or not at all dunno what to do plz elp:(

Check your fans. That 52 is kinda warm for the MB.(could be the sensors are crossed and the 52 is really the CPU) Make sure the fan is running in the power supply. That fan is the exhaust fan for the case. If it's not running, the power supply could be overheating and causing problems. A good cleaning with compressed air wouldn't hurt anything.
 

3 more replies
Relevance 41.41%

When i log on to the actual Paypal website, it is asking me to verify my bank and credit card numbers (Looks like a phishing attempt but isn't).

I have to log on to access the 1-800- tech support number. As soon as I enter my password, it takes me directly to this page. Can anyone please post the aforementioned number?

Security Measures

Help with this page ?

We are currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and you will now be taken through a series of identity verification pages.

Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.Click to expand...
 

Answer:Paypal...dunno where to put this

I was able to log in just fine. I looked for an 800 number for you, but all I could find was this one:

1-402-935-2050
 

4 more replies
Relevance 41.41%

My computer's been acting like bleep ever since I bought it. It's always had popups from Drivecleaner and I can't find forums on removing what I've got. Can someone please read this HijackThis log and try to help me? I'd appreciate it greatly.(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast) Logfile of HijackThis v1.99.1Scan saved at 2:50:17 PM, on 11/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\AIM\aim.exeC:\Program Files\Winamp\Winamp.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Defa... Read more

Answer:Dunno How To Describe It

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory. Download and run the HijackThis autoinstall program Please choose the default location of C:\Program Files as the destination.Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.

4 more replies
Relevance 41.41%

Hi, starting from yesterday night I've been getting these hits from my Kerio Firewall where a bunch of nowheres try to connect to my "Task Scheduler Engine" and the application involved on my PC is c:/Programs/WINNT/system32/mstask.exe
I've scanned the file using Norton AntiVirus but it was not identified as a virus. I tried to quarantine it but even after the quarantine there's still hits from my Kerio Firewall.
Also, at the same time I've found a Download.Trojan virus in my PC and I've deleted it. I am not sure if there is any connection between the Trojan virus and mstask.exe.
As I am a total idiot in computers, can someone tell me if this is a virus and what should I do with it. I would greatly appreciate any help.
 

Answer:I dunno if this is a virus

Hi innewton, mstask is a windows scheduler, not sure why it it coming up as a virus, I included a link to info on it.

http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/

Also you might try a different firewall, I use sygate it's free and very good, heres a link.

http://sygate.com/

Good luck.
 

2 more replies
Relevance 41.41%

Logfile of HijackThis v1.98.2
Scan saved at 12:29:45 AM, on 1/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Pro... Read more

Answer:HJT LOG...dunno what the problem is

Hi audiboy, Welcome to TSG!!

Download Spybot http://www.safer-networking.org/en/download/index.html

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot and post another log.
 

1 more replies
Relevance 41.41%

about ztorsftdgh.vbs . when i insert my USB flash disk, ztorsftdgh.vbs keeps on coming even on other flash disks, what do i do ?

Answer:please help, dunno how to fight this one

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
STEP 1
 
 
First make sure that you disable Autorun:
 
How to disable the Autorun functionality in Windows
 
 
 
STEP 2
 
 
Please download USBFix tool from here...make sure that your flash drive is connected to the computer.
Click on the Deletion button to scan and clean the flash drive for malware remnants (you can also open My Computer, right click on the flash drive's letter from the context menu and scan it with your installed antivirus software witho... Read more

3 more replies
Relevance 41.41%

hi girls and guys

i have a hijackthis log below which looks legit to me but i want to run it past some experts, so any comment is much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 09:54:32, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\HistorySweep\HSSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\SLEE11.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGR... Read more

Answer:hijackthis log - dunno if it's bad

7 more replies
Relevance 41.41%

Ok i dont know very little about vid cards and am looking to upgrade my piece of crap geforce4 mx440. My comp specs are AMD XP 1700+ (buying a new processor long with vid card, probably XP 2800+), 1gb DDR, 400watt power, 8x AGP motherboard. I only want to spend 100-150 and have been told to buy the geforce4 FX5700 Ultra and that its the best card in that price range although the top end of that range. Is there any cheaper or better cards for that price?? Oh by the way i think i like the geforce over ATI been told the drivers are better so if its an ATI card it would have to be quite a bit better than the 5700 ultra.

Any input is appreciated =)

Answer:dunno what to buy ?? vid cards

hey i had the 440, well my dad did, we just upgraded to a pny geforce fx 5700 LE optima 128mb ddr agp, it hasn't failed yet and my dad got it for like 110, i think it's realy some thing like 130.

9 more replies
Relevance 41.41%

Hi there!
A couple of days ago, in trying to download a torrent I think I caught a malware. I thought BitDefender 2010, my AntiVirus, had put it in quarantine but for the past two days, everytime I boot into Windows 7, before I do anything, some crash-report window appears (today they were 3!) I ran a BitDefender "deep scan" but after some 2 hrs it came up clean. Clearly there's something wrong because as soon as I boot Win7 the windows keep popping up. See picture attached.
Can anyone suggest some solution to this problem?
Thank you for your time.
P.

Answer:Got a Virus but dunno even its name!

I'm posting the DDS.txt and attaching the Attach.zip files. I also downloaded and ran gmer.exe but for some unknown reason it stops working after sometime, maybe it's the virus' effect (I first turned off BitDefender Antivirus).
I am therefore unable to post the ark.txt file. Hope someone can help me. Thanks.


Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Pooja at 17:21:25 on 2011-12-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1033.18.2046.1257 [GMT 1:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\sy... Read more

2 more replies
Relevance 41.41%

hello there Ive used you guys before and had great results hopefully you can help me again. attached is my hijack log and here is my problem: I keep getting message about my network settings and/or my computer will only start in safe mode, I also get this message: an internal stack overflow has caused system failure change the stacks in config.sys. I use windows 98. Is this a OS problem or something worse? Just for giggles I tried starting up my computer without being connected to the internet(several times) and it work just fine without any problems. I have run CWshredder, spybot and ad aware(all updated versions) and then hijack. Please help and suggestions would be great.
 

Answer:dunno whats going on

Hi and welcome,
Your HJT log has not attached to your thread, repost it and the experts will help you..

 

2 more replies
Relevance 41.41%

I have 4 USB ports. three are 1.1, and one is 2.0. I want to know which is 2.0, and which ones are 1.1 I know that one is 2.0, cause of this program i have called Karen's Computer profiler. Shows it.

Is there a program to show which one is? with tests or summt? cheers
 

Answer:USB ports I have 4, one is 2.0 dunno which is

8 more replies
Relevance 41.41%
Question: Dunno. IP related?

My friend accesses his bank account from home using Firefox with no trouble. He comes to the shop and Chase makes him jump through hoops (call Chase, get security code) which takes a lot of time. We use google Chrome here. So I said I will download Firefox so you can get around that problem. My question is this: if he has Firefox at home and uses Firefox at the shop, wouldn't that change the IP, thus triggering the banks security settings? Does that mean he has to use the same computer at the same location all the time? Thanks

Answer:Dunno. IP related?

Not necessarily, some folks are assigned 'Dynamic' IP addresses by their IS Providers (A different IP address each time they connect, or reboot their router), which would mean the bank security would be on permanent alarm status.

Most banks just use login passwords - Mine has 2, an 8-digit number and a 5-digit number, entered on 2 separate pages. Also, my 'Mozilla Seamonkey' browser offers to remember any login details, I don't know whether Firefox has that facility or not.

The only thing to remember is that the shop-PC is set to NOT remember any login details (usually a tick-box on the login page) - If the home PC is accessed by your friend alone (or folks he trusts), then the 'Remember me' tick-box can be ticked (if available).

13 more replies
Relevance 41.41%

when i start up my computer there is thing in the task bar which says "downloads" and when i double click on it it goes to the other side of the task bar. it starts off on the right.

also i there was a link to my shortcuts folder in the start menu, which wasnt there before. and in my shorcuts folder on my desktop there is a folder called gozilla downloads, which wasnt there before either.

i un-installed gozilla but the donloads thing in the task bar is still there.

the dowloads thing is NOT in the running task thing eg: ctrl/alt/del
i also had a trojen called "backdoor somthing" but my anti-viruses found and cleaned it, but wait theres more............i also got an e-mail that my isp warned me about and promptly deleted it, please help (no pun intended)
 

Answer:i dunno if its a virus or not :(

7 more replies