Tech Problem Aggregator

Not Sure If It's Malware Related, But My Computer Is Unwell In Several Ways, Can Anyone Please Take A Look At My Log?

Q: Not Sure If It's Malware Related, But My Computer Is Unwell In Several Ways, Can Anyone Please Take A Look At My Log?

Hey Guys,I'm New Here, And I've Been Looking For Someone Who May Be Able To Help With Me A Few Potential Problems. First Off, I've Found That When I've Booted My Computer (I'm Running XP Professional) As Soon As The Welcome Screen Dissappears (No Password Login, Just One Account) My Screen Goes Fuzzy For A Few Moments But Then Returns Normal With The Proper Desktop Picture Up. I've Tried Reinstalling My Driver Hardware For My Monitor As I Presumed It May Be That, But To No Avail, I've Tried A Restore To A Date Before The Problem Occured, But Once Again To No Avail. Another Problem I'm Finding I'm Having Is That My Mozilla Firefox Seems To Almost Reinstall Itself After A While, As My Settings For My Addons Are Reset And It Opens As If Mozilla Has Just Been Installed Onto My System. Also I'm Finding That Sometimes When My Computer Seems To Be Affected By Too Much Usage Of Memory By Processes, Upon Trying To Bring Up The Task Manager, My Computer Sometimes Does Not Respond To The Keystroke, And I'm Left To Use "Process Explorer" To Check What Is Running Upon My System.I'm Not Sure If Any Of The Problems And Issues Are Malware/Virus Related Or Maybe Hardware Related, But I'm Hoping That I Will Be Able To Find A Possible Solution As I'm Not Welcoming To The Fact Of Having To Reformat If It Can Be Avoided, Any Help In Advance Guys Would Be Fantastic, Here Is My Log In The Following..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:36 PM, on 19/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeD:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeD:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeD:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeD:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeD:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeD:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeD:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exeD:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeD:\Program Files\Trend Micro\BM\TMBMSRV.exeD:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeD:\Program Files\Trend Micro\Internet Security\TmProxy.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeD:\Program Files\iTunes\iTunes.exeD:\Program Files\Mozilla Firefox\firefox.exeD:\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=...;PI=QC&CT=DR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {307C2B26-A579-45F4-B52E-E70552AA4ECC} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {92BADD0D-A53F-41B5-8803-2B3854A20073} - (no file)O4 - HKLM\..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [OE] "D:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clearO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - Winlogon Notify: hgGVmJDS - C:\WINDOWS\O20 - Winlogon Notify: khfFVnMC - khfFVnMC.dll (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel? Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeO23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Program Files\Trend Micro\BM\TMBMSRV.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\TmProxy.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe--End of file - 9199 bytes

A: Not Sure If It's Malware Related, But My Computer Is Unwell In Several Ways, Can Anyone Please Take A Look At My Log?

Hello prottura,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

1 more replies
Answer Match 68.46%

hello people!
since yestersay my computer has not been running very well at all.
it all started when i was reading some stuff on a website and it kept on trying to install office 2000 premium. then i was getting loads of pop ups telling me to buy virusremover 2009 and pop ups telling me my computer was infected. and it was having system32 errors when i tried to shut it down. that was yesterday.
today i've been getting loads of pop ups with just general advertaisments in them but my machine is very unstable and has crashed a few times.
i also noticed today that my firewall had been turned off
it also won't let me do a system restore to a previous date.

i've tried having a look at it but i havn't been able to do anything about it.
in task manager their's iexplore.exe which looks suspicious (note the spelling - no final R) but i'm unable to shut iexplore.exe down.
i downloaded malwearytes antimalwear and that found over 20 infected files but it doesn't seem to have resoled the problem.
also it won't let me get the updates for malwearbytes as it says my firewall may be blocking it.

any help or advice would be greatly appriciated.
thanks in advance.

A:my computer is very unwell - please help

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 68.46%

Hello,

One of the computers in my office has a really nasty virus!

The symptoms are as follows:

1) I cannot access the internet via IE or Firefox. I get a connection problem message
2) I cannot run any anti virus software scans on the machine apart from Xoftspy Version 4.33 (for which I have no key). Either the programs do not open or the scan buttons do not work.
3) System Restore has been disabled and cannot run.
4) I cannot copy or paste files onto my computer. The only way I have found to do so is to compress and extract files onto the computer from a remote device.
5) The computer environment looks wrong. The desktop graphics (font etc) appear to have changed slightly.

The problems persist in safe mode.

I have posted a Hijackthis log below

Any help you can offer would be greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 16:47:51, on 16/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\khooker.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2... Read more

More replies
Answer Match 57.96%

To whom it may concern,

I don't exactly know how to explain my issue, only that my computer is skipping. It usually happens when I am playing a game and it affects my computer for a good length of time making the audio, video and mouse pointer skip from one point to the next. This issue only started happening yesterday and I thought nothing of it thinking a simple restart would help, but now after the third time it has happened today I am looking for a very effective permanent solution if one is available.

I did a google search on my issue and found a related thread here which was solved, I can only hope that you can help me as well.

- Xirion
 

A:Computer Skipping - Possible Malware Related.

Here is the HJT log of my computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:33 PM, on 21/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\Google Talk\googletalk.... Read more

1 more replies
Answer Match 57.54%

Hello,

I've recently been having issues where my computer will stop responding at random times. I haven't yet noticed a pattern, but the most recent issue happened when I opened Facebook. If I'm playing music when the freeze happens, it starts sounding creepy and machine-like, with high-pitched noises and other strange sounds. Other windows stop responding and I can't use my computer for about 30 seconds. I'm not sure if this is Malware related or not. I haven't been to any malicious websites or downloaded anything, but I don't know what else the problem could be.

Also, I'm running Windows 7 on an HP dm4x series laptop. I believe drivers are up to date and updates are installed to Windows.

Thanks!

Below are HJT and DDS logs. I will upload a GMER log when I can, but the scan was taking a long time.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:41:58 PM, on 2/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\H... Read more

A:Computer freezing constantly: Malware related?

Here is the GMER log:

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-01 11:30:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0003 698.64GB
Running: GMER.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kwldqpow.sys
---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]... Read more

3 more replies
Answer Match 57.54%

I originally posted this in the XP forum, but was told to try this one instead. Here is a link to the original thread, where I explain what problems I am experiencing:problem explanationBelow you will find my DDS log. I have attached the other required DDS log as well.DDS (Ver_10-03-17.01) - NTFSx86 Run by Bob Vernon at 18:19:12.98 on Sun 08/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.99 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\Apntex.exeC:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Bob Vernon\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Bob Vernon\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&... Read more

A:terrible, periodic computer lag. Might be malware related

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

12 more replies
Answer Match 56.7%

Hi, Sometime between June 15th and 18th, System Restore had stopped functioning properly. When perform a system restore, I receive the following message at the end of the restoration process: "X Restoration IncompleteYour computer cannot be restore to [insert any date here]" On June 18th, my computer experienced a BSOD. I created a topic in the Windows XP Home and Professional forum. A BC Advisor instructed me to perform a memory test and so I did - it passed. In his next reply, he asked me "What is new or different since the last time everything worked properly?" My reply included a list of software that had been installed and removed within three days of the BSOD. Additionally, my reply mentioned that I had help cleaning my computer from June 12th-15th at GeeksToGo. The BC Advisor recommended I check with the "malware folks" to make sure my computer is indeed clean so here I am. Mod Edit: XP Forum Topic Issues:- Faulty System Restore- Blue Screen of Death- When Windows starts, the computer will idle on the desktop background before loading the taskbar and desktop icons. When the computer starts loading the taskbar and desktop icons, the computer's performance seems normal (I'm not sure if this is related but I figured I'd mention it anyway). I'm unsure whether or not this is necessary but I figured it couldn't hurt. The following is a list of all tools used during the cleaning process of my computer: - OTL - Malwarebytes&#... Read more

A:Is my computer clean? Is the BSOD a malware-related issue?

On June 18th, my computer experienced a BSODJust once?I see, you ran BSV and it reports only one BSOD.

more replies
Answer Match 56.7%

Hi there, i?m new here, i?m from spain so maybe i cant explain very exactly in english so, i?m sorry!I?ve found this site in google and i think maybe you can help me, before posting in this forum i?ve read your: "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"I?m not able by the moment of making a backup of my data, i dont have now a external hd. is it sure to make this copy if my computer is probably already infected by a malware or something like this?I am using a hp pavilion dv7 lap top with 64 bits windows vista home premiumI am not very good with computers but i?ll try to explain my problemI was working with "adobe premiere" editing some videos, it began to give problem and finally this premiere archive i was working with stopped working at alleach time i try to run this archive it creates this files in the same directory i was saving it, they are:- lsprst7.dll- lsprst7.tgz- sysprs7.dll- sysprs7.tgz- tmpPrst.tgzI?ve looked in google and i think it has something to be with some kind of malware. You help some people with similar problem with "combofix" but i?m afraid it would not work with my windows.I?m not using a lot the computer now because i imagine the malware will go infecting other applications as i go using them, i?m a bit scared about it...i?ve also disabled my cd simulation softwarenext i?ve installed "dds" and this is the log:DDS (Ver_09-12-01.01) - NTFSX64 Run by Juan at 17:29:49,57... Read more

A:lsprst7.dll, some malware related to this archive and others infected my computer

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

3 more replies
Answer Match 56.28%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue is very similar to this one here http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt i had them all removed. Any help is greatly appreciated.

Here's my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:05, on 2.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 56.28%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue and symptoms are very similar to this one here hxxp://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt I had them all removed.

ZoneAlarm firewall and AVG Anti-Virus are on constantly and I try to keep my Windows update up to date all the time.

Following is a list of the programs I deleted. I got suspicious when ZoneAlarm warned me that they are trying to access internet (it was the first time they asked for rights), so I googled for them and removed them:

w.exe C:\Windows\system32\w.exe

first179.exe C:\Documents and Settings\username\Local Settings\Temp\first179.exe (removed by AVG Anti-Virus after a full system scan)

frmwrk32.exe C:\Windows\system32\frmwrk32.exe

One symptom of infection was that at first my desktop icon titles lost their transparency/drop shadow and were replaced by a "blue box" behind them. Later on, my whole desktop background became blue. I managed to "fix" this, so unfortunately I don't have a screenshot of it.

Here's dds l... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.


Quote:




C: is FIXED (NTFS) - 29 GiB total, 0,384 GiB free.




I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they... Read more

19 more replies
Answer Match 55.44%

Top Ten Ways to Get Infected by Malaware.
1. Browsing the Web with javascript enabled by default

Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Firefox, Opera, and the much maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing.
2. Using Adobe Reader/Acrobat with default settings

Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof. To use Adobe Reader (and Acrobat) safely, you need to make a few tweaks to its settings.

3. Clicking unsolicited links in email or IM

Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedl... Read more

A:10 Top Ways To Get Infected by Malware

Very nice! Thanks for posting, Rich!

21 more replies
Answer Match 54.6%

Taken from a post in the Seven Forum, this sage information

10 tips for getting rid of stubborn malware | News | TechRadar UK

A:Unique Ways to Remove Malware

It is not too bad, but I am not sure I agree with all of it. In the Construct a Toolkit Step in particular, I would not agree with telling someone who needs to use that guide to run/include ComboFix which will be outdated in a couple of days and is really quite damaging sometimes. I would also say there are some better tools to include such as OTL, but overall, I suppose the guide is not too bad.

Also, running Anti-Rootkit scanners without verification is sure to produce false positives that will stop the computer booting at all if removed. I am not a big fan of the author (though that may just be me!)

7 more replies
Answer Match 54.18%

We told you how to tell if you?re infected with malware. We told you how to clean up the infection if you get it. How about how to stop the infection from happening in the first place?

Yes, it?s possible to clean up an infected computer and fully remove malware from your system. But the damage from some forms of malware, like ransomware, cannot be undone. If they?ve encrypted your files and you haven?t backed them up, the jig is up. So your best defense is to beat the bad guys at their own game.

While no single method is ever 100 percent fool-proof, there are some tried and true cybersecurity techniques for keeping malware infections at bay that, if put into practice, will shield you from most of the garbage of the Internet.

Without further ado:

Protect vulnerabilities
One of the top delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that?s an unprotected operating system, a software program that hasn?t been updated in months, or a browser whose security protocols aren?t up to snuff (we?re looking at you, Internet Explorer).

Here are some ways you can protect against exploits and shield your vulnerabilities:
Update your operating system, browsers, and plugins. If there?s an update to your computer waiting in queue, don?t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any securit... Read more

More replies
Answer Match 50.82%

I can't log into my computer by normal mode,safe mode and safe mode with network.This started when i log into my computer and start a game and attempt to connect to my BroadBand connection.While connecting, my Local Area Network is undentified so i restart my computer and i can't log in till now.

Can anyone help me without reformating my Hard Disk?

Thanks.

A:[Help]I can't log into my computer in all ways!

It just stuck on the loading screen,where there was a loading bar.

7 more replies
Answer Match 50.82%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

More replies
Answer Match 50.4%

I have been having trouble with my laptop for a couple of weeks. I have a Dell Inspiron, Windows7 64 bit. I had an infection awhile back and assumed it was gone. I was on a chat

with a Tech from Microsoft. I was told that I have a heavy form of Polymorpic infection. I had never heard of it, have any of you? I would appreciate any help you can give me.

Thank You,
LemonDrop

A:Computer not working in several ways

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Answer Match 50.4%

I appologise in advance for the inevitable rant and will try to keep it as short as possible.
 
About 2 months ago, having had to replace the HDD in my desktop, I had to reinstall my OS, XP Pro x32, but I only had a recovery disk so I used that to reinstall thinking I'd get Dad to email me the activation key for it later, only to discover I'd been using a disk for an ancient machine which has since been scrapped/dismantled/taken to the tip/is lounging in the computer graveyard of our attic. I had about 16 days left to activate it when it stopped letting me log in so I got a copy of a friend's VLK XP Pro and tried to recover my OS with that. Which sort of worked. After 3 attempts I booted up the computer to see whether it had actually done anything and I could log in but half my stuff, including all my virus, adware and malware checkers and firewall weren't working. At all. So now I have a ton of viruses I'm sure, I managed to get rid of two adware things but haven't seen anything else. Whilst messing around pulling HDDs in and out and booting off Windows/Ubuntu 10.10 live disk about 30 times during the course of yesterday trying to recover my boyfriend's Suse HDD something in Chrome broke and I had to uninstall it. Thought it would be super simple to rectify, download the installer onto another computer, copy it across and run it. Only I can't run any installers, they just don't work. Reactivaed IE, won't work, discovered I could use the internet through the search the i... Read more

A:My computer is broken in so many ways it won't fit in this box.

Unless I'm mistaken, you have not installed a LEGAL copy of Windows on your system. You are not permitted to install using a recovery disc from another computer or using someone else's copy. Assuming I'm correct, the best and only advice I can offer is that you purchase a full copy of Windows, format your hard drive, and install the new version.

8 more replies
Answer Match 50.4%

Hi,

I Am Dual Booting Windows Vista Home Premium And Windows XP Home Edition.
I Have An AMD 64 3500+ CPU With 1.5GB RAM.

The Programs That I Use Are

On Windows XP and Vista
-AVG Internet Security
-PC Tools -- Registy Mechanic
-- Spyware Doctor
-Ad-Aware 2007
-CCleaner
-RegCure
-SUPER AntiSpyware
-Webroot -- Window Washer
--Spysweeper 5
-TuneUp Utilities.

I Do Disk Clean Up Every 2 Days, Virus Scan, SUPER Anti Spyware, Webroots Every Week, PC Tools, CCleaner, RegCure Every 2 Days.

I Run Disk Defragment Every Week.

What Else Can I Do To Speed Up My Computer?

A:Different Ways To Speed Up My Computer

Hi Jaymie !

Well, apart from the defrag and disk cleanup you haven't done much there to speed up your computer. All that antispyware stuff seems a bit overkill to me.

If you're the only user on that computer you don't need that much protection. Just make sure you don't click on every advertisement you see on the internet and you'll be fine with only your antivirus and XP firewall. Run adaware once a week to get rid of the tracking cookies and you'll be ok. The rule is "the less you have installed, the faster the computer will run".

If you do want more protection, then make periodical backups of your whole system using DriveImage. We have a good tutorial here : http://www.techsupportforum.com/arti...ard-drive.html

If you have the opportunity to do so, a good partitioning layout can also improve the overall performances of your computer. Check this discussion : http://www.techsupportforum.com/f16/...ss-160168.html
Your dual boot setup will require a little more tweaking but the basics will stay the same : systems on the 2 first partitions of the first disk and swap files on another disk, and a dedicated partition for all your downloads so that the system partitions don't get fragmented too quickly.

Here are some other tricks to get rid of things that slow your computer down :

Don't install anything superfluous. Some useless part of xp can be easily removed if you don't use them : msn explorer, windows messenger (if you use another messaging client)... Read more

16 more replies
Answer Match 50.4%

Hi

I am not sure where to post this, bu I think this place would be suitable.

Other than antivirus programs like MBAM, Superantispyware, what else can one do to protect the computer?

I ran antivirus like AVG and then its clean. I run online scanner too. But surely there must be other ways to look after your computer? What can I do to make it "clean"?

Also, What harm is there in not removing internet temporary files, history, etc.?

Thank you!

A:Ways to protect your computer

To be honest with you, I think the average end user really only needs some very basic protection. A decent AV product and MBAM plus firewall. Most infections are, it's my experience, user-initiated. In otherwords, it's something you clicked on. The best defense for the average person is to simply be careful what you do and where you go. Anything else, like adding ZoneAlarm or using the Spybot Tea Timer, tends to be more than the average user needs or wants. Now if you're securing your business, or something like that, there are LOTS of things you could/should do. But that's just my opinion.

18 more replies
Answer Match 50.4%

Simply put im looking for help on all the ways someone would know you are using your computer without psychically seeing you use it (obviously) and how to prevent it? thanks.

A:Ways someone would know you are on your computer? and how to stop it?

quietman7 has posted some good methods for finding this.
 
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2853053

2 more replies
Answer Match 49.56%

For the last 2-3 months my computer has been crashing. It started once or twice a week, wasn't a huge problem. but now it's around once or twice a day and it's very frustrating. It seems to only occur when I'm playing World of Warcraft. If I'm just watching a movie or browsing the net I have no problems.

This happens in 2 different ways.

1) Monitors go black, computer has crashed. the LED light on them is still BLUE just as if it were in use. Computer does not reboot, I have to manually press restart

2) Images on my monitors freeze up, the current sound being played is repeated over and over and over until I restart it.

I have the latest drivers, latest version if direct x. I really don't know whats going on I've never had problems like this in the past

More replies
Answer Match 49.56%

I was just wondering wondering what all I can do to keep my computer running as fast and as stable as possible. I am aware of the basics such as antivirus and spyware protection. I also run CCleaner regularly to keep my registry clean and keep unnecessary clutter from building up on various applications. Does anyone have any additional ways to keep everything running top notch? I am open to any and all ideas. Thanks!
 

A:Best Ways to Keep My Computer running Top Speed?

10 more replies
Answer Match 49.56%

My computer is now running Vista Home Basics but I also want to have XP installed as many of my music software are not compatible with Vista.

However, I am having trouble installing XP from CD boot. It gave the error "SHSUCDX can't be installed" and the installation cannot start.

Is there any way to install both XP and Vista in a computer? I have done a partition trying to have one with Vista installed and the other one with XP. However, Vista seems to always require itself to be the primary active drive and it always recognizes itself as the C drive no matter how I rename them. Is it the reason why it does not start XP installation?

Any suggestions will be greatly appreciated.

Thx in advance.

A:Any ways to install both XP and Vista in a computer?

Hello what you are trying to do is called dual booting.
Usually you need to install Xp first and then vista, but the clever people/person at the How-To Geek :: Computer Help from your Friendly How-To Geek have figured out how to do it the other way round. see the article here .
Hope this helps.

1 more replies
Answer Match 49.56%

So i was wondering if anyone could help me out with this little problem i have here.

Every now and then the computer just deides on its own that it will restart and make me go through system restore. Im not an expert at all and i just need someone to take a look at my log.

Thanks everyone.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:41 PM, on 1/22/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Ex... Read more

More replies
Answer Match 49.56%

If someone were to have physical access to my computer, but I was not logged in, could they install a virus? and two could someone install a virus or manipulate my computer if they had my wifi password?Mod Edit:Moved to appropriate forum ~~ boopme

A:Can someone install a virus on my computer by these two ways?

1) Yes, that's rather simple, unless you use full disk encryption, but in theory then it's also possible
2) Yes, but they would also need access to your Wifi (not just have the password)

1 more replies
Answer Match 49.56%

It started about a few months ago, when my computer wouldn't let me play games or YouTube videos one day suddenly, the screen would turn green and it would say a "graphic driver failed and has now been recovered" I updated the drivers and it fixed it for ages up until yesterday. I moved my computer onto a new desk and suddenly it started going weird again, it was failing to start up, crashing 2/3 times when it was on the windows logo, then crashing and emitting a annoying buzzing noise, which I fixed by updating the system and graphic drivers again, but now it's gone back to doing the "graphic driver failed and has now been recovered" error, stopping the video and or window that I'm using like MSN or Skype for instance. Also sometimes the screen will just go a bright white and it has to be reset because you cannot see anything else on the monitor. Tried with different monitor still same issues.

I really have no knowledge about computers this is just the old family one I use for my college work, and I'm just wondering if it's worth trying to salvage this thing or just buying a new one.

Any suggestions genuinely appreciated.

Thanks - Art

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 6071 Mb
Graphics Card: NVIDIA GeForce GT 230, 1536 Mb
Hard Drives: C: Total - 597454 MB, Free - 494676 MB; D: Total... Read more

A:Computer failing randomly in different ways

what psu

make
model
wattage
in the device manager uninstall the video card
reboot tapping f8 and choose low resolution mode
when windows finishes rebooting
disable a/virus
install your drivers
reboot the computer
 

1 more replies
Answer Match 49.14%

To start my computer stopped displaying about 2 weeks ago. The issue is once in a blue moon it will boot up normally and display but if i turn it off it will not display again for a few hours to a few days. At first i thought it was the psu so i replaced it and it still had the same issue. Next i did a test with a friends computer to test gpu. Both his and my gpu worked in both his and my computer. So i started using the computer again that day and turned it off later. The next day the issue came back and at this point i am stumped. Only idea i have ledt is motherboard but it seems wierd that both graphics cards worked that day just fine but now its back to not displaying. Also i tested the monitor by using 3 different monitors and it did not display on any of them. The computer is 3 years old and never had this issue before. Please give me some advice on what you think it is.

More replies
Answer Match 49.14%

Hi,
This is a rather complicated situation but a simple question.
First off, I live in a flat with some flatmates and due to us not being in good terms, I have reason to suspect that they have been accessing my files due to all of us being connected on a home wifi network, which is possible due to carelessness.
My question is, is there any way of verifying this?
 
Thank you very much for your help. This has been bothering me a bit.

A:Ways to figure out if another computer has been accessing your files?

Keystroke logging (Keylogging from Wiki) is one way to record acticity on your system.
One free keylogger is Spyrix Free Keylogger for parents, business owners, or anyone who provides PC and Internet access, with the potential liability that comes along with it.
Read more: Spyrix Free Keylogger - Free download and software reviews - http://download.cnet.com/Spyrix-Free-Keylogger/3000-27064_4-75965518.html#ixzz2rgwkzPtZ
A variety is listed here 5 Free Keylogger Software for Windows

2 more replies
Answer Match 48.72%

The only time you should not run anti-malware software or a firewall is if you need to temporarily turn them off to fix a problem that they might interfere with. Even if your computer is never connected to the Internet it only takes one infected thumb drive or copied disk to crash your system.

More replies
Answer Match 48.72%

 
Windows 10 phones home more than any other version of Windows before it. Along with Windows 10, Microsoft released a new privacy policy and services agreement containing 45 pages of legalese. If Google wrote these, Microsoft might say you were being “Scroogled.”
 
Editor’s Note: almost everything is sending back data to somewhere — for instance, if you are using Chrome, everything you search for is sent back to Google. Ad networks are tracking you on every website (including this one). Facebook and Amazon have ad systems that border on creepy. We’re not necessarily condemning Microsoft with this article, but with all the recent interest in privacy and Windows 10, we decided to build a list of all the things being sent back in Windows 10 and let you decide what you think.
30 Ways Your Windows 10 Computer Phones Home to Microsoft
 
Thanks to.
Chris Hoffman At howtogeek.com

A:30 Ways Your Windows 10 Computer Phones Home to Microsoft

Thanks for the share. I look forward to installing 10 still.

8 more replies
Answer Match 48.3%

Hi guys,

I use Windows XP, and lately my computer is very slow! Can you please help me in how to find out what is wrong?

Thanks
 

A:Computer extremely slow! Are there easy ways to check this problem?

6 more replies
Answer Match 46.2%

I need help! I'm at the end of the road trying to figure my computer out. I know some about computers, but not enough to figure this thing out. I run Anti-Spyware programs fairly regularly (mostly Norton and Ad-Aware, also have Avast and Malwarebytes' Anti-Malware). Lately whenever I try to boot up in Safe Mode to run these programs, I get a blue screen and I can't get anywhere. I can boot up in normal mode just fine, it is only in Safe Mode that it won't work. I've also tried to do System Restore, and each time I do it, it doesn't work. I have XP by the way.

Norton had been finding Antivirus XP 2008 on my computer and I couldn't get it removed. I started reading up on the virus one day, and I changed some of the registry values associated with it. That worked and Norton didn't find it anymore. I also found Microsoft Security Adviser and seemed to get that taken care of as well. However, I'm still having the same problems with Safe Mode. Apparently I didn't get it fully taken care of. I also have a new problem that started after I thought I fixed those things. Any time I try to open a picture file from My Documents, nothing happens. I can't even see thumbnails. My Desktop background is also weird. When I go to the Display options and look at the different choices for backgrounds, they all look weird and some don't even show up at all (just like the picture files). I don't know what is going on and all the programs I hav... Read more

A:I need help (Malware related)

First off; Hello!

Also, you have posted this in the wrong forum; I believe The Weatherman is changing that.

Anyhow; with your problem.
I suggest you download MBAM from either Download.com or find a link within one of our guides.
After that, install it, and complete the procedures the installation requires you. Afterwards, update MBAM.

After the process is complete, do a Quick Scan. Come back to us with a report of it, and let's see what we got here.

7 more replies
Answer Match 46.2%

Hi,

I've been having problems now for just over a week. I've had a number of different symptoms and I'll try and list them as best as I can. There may be other problems that I'm unaware of.

Operating System is Windows/XP. Version 5.1.2600 Service Pack 2 Build 2600
Internet Explorer Version 8
I/E Symptoms
I/E Popup window requesting mixed http and https content.

'Rogue' iexplore.exe processes using lots of CPU and memory. Causing performance problems. A constant problem.

'Rogue' iexplore processes only start up when an IE window is open.

iexplore processes killed using Task Manager, but restart after a few minutes.

I/E Popup window "Your last browsing session closed unexpectedly. Would you like to restore your last session or go to your homepage." flashes on/off the screen. Occurs frequently. No extra browser window appears.

Closing IE windows doesn't stop all active iexplore processes. There seems to be two left. But if killed they don't restart unless IE browser is running.

Other Symptoms
Two instances of Outlook express Create new message window opening, randomly. Outgoing addresses were [email protected] and [email protected]. I have never used either of these websites.

Some instances of AVG Resident Shield blocking something, but I don't have comprehensive notes.

Exploit Blackhole Exploit Kit Detection (type 1889). Message has occurred a few times. In one instance the further deta... Read more

A:I/E related malware. Maybe more.

16 more replies
Answer Match 46.2%

Been having some problems recently, files moving, to other folders, then having their contents deleted and i am unable to access them because they say my "Access is denied". I am unable to go to certain anti virus software sites to download free anti spyware to scan my system including kaspersky online scanner. And installers are instantly closing when i open them, i'm pretty sure it's due to a virus, but i just want to make sure that i can't savalge it before i start reformatting it.

I use Windows xp sp 3
Acer 5920g reformatted into Windows SP

This is my HiJack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:27 PM, on 5/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Fil... Read more

A:Malware related?

Anyone know anything?
 

1 more replies
Answer Match 45.78%

I went on vacation for a week, came back and my computer is running really weird, mostly when related to mIRC or any other irc based program (such as some games that I play). Over the last three days I've run all sorts of malware removers, registry boosters, anti-virus programs, and spyware removal tools looking for the problem, but yet every time I describe the problem of extreme lag and general slowness, it points to malware. I went through your steps in the stickied topic, and the Kaspersky scan came back clean. Here are the two DSS reports, any and all help would be greatly appreciated.Deckard's System Scanner v20071014.68Run by DJ Brujah on 2008-07-06 18:25:57Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --64: 2008-07-06 23:26:14 UTC - RP625 - Deckard's System Scanner Restore Point63: 2008-07-05 21:55:53 UTC - RP624 - Uniblue RegistryBooster62: 2008-07-05 21:23:40 UTC - RP623 - Software Distribution Service 3.061: 2008-07-05 21:05:33 UTC - RP622 - Software Distribution Service 3.060: 2008-07-05 18:05:58 UTC - RP621 - Today-- First Restore Point -- 1: 2008-05-08 01:05:48 UTC - RP562 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as DJ Brujah.exe) ------... Read more

A:Possible Malware, General Lag (irc Related)

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

5 more replies
Answer Match 45.78%

Hello All
 
Due to various nasty behaviours, my collegue recommended that I run combofix.  Here is the log.  I hope you guys can help me.
 
***********************************************************************
 
ComboFix 14-08-31.01 - Magus38 02/09/2014   7:56.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.8183.6497 [GMT -4:00]
Running from: c:\users\Magus38\Downloads\ComboFix.exe
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\25deed88028dae45c6a776c9a9c4df58_c
c:\programdata\MyNetDashboard.ico
c:\programdata\WDInternetSecurityAndParentalControl.ico
c:\users\Magus38\AppData\Local\assembly\tmp
c:\users\Magus38\AppData\Local\Coupon Server
c:\users\Magus38\AppData\Local\Coupon Server\repair_data.json
c:\users\Magus38\AppData\Roaming\.#
c:\users\Magus38\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Magus38\g2mdlhlpx.exe
c:\users\Magus38\ResourceReader.dll
c:\windows\system\ComHookMonitor.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))... Read more

A:Various Malware Related Behaviours

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Answer Match 45.78%

I have the exe containing the trojan in my NOD32 quarantine. I think it might be useful if examined inside a sandbox. Please let me know if uploading it would help.Also, gmer didn't find anything, but I'm not sure it ran correctly either. Attached is a picture of the error it displayed before i ran it.Thank you.________DDS (Ver_10-03-17.01) - NTFSX64 Run by Will at 17:20:13.90 on Mon 06/28/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2936 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:&#... Read more

A:svchost related malware

Hi chalkart,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessa... Read more

2 more replies
Answer Match 45.78%

Hi.

For the last week or so now, I've been facing various problems due to Malware, alot of which I seem to have cleared up, but some of these problems still persist and my anti-virus programs are no longer picking anything up.

I'm using Windows XP Pro SP2.
Remaining problems include:
- Inability to access certain programs; Such as Spybot Search/Destroy, Sygate personal firewall. They install fine, but will not run on activation. I have tried renaming .exe applications, but to no avail.

- The active window randomly loses focus

- Audio clips and advertisments randomly appear, along with an additional "phantom" iexplore.exe process in the task manager; ending this process cuts present audio stream, but reappears randomly and has no physical window.

Previously, SuperAntiSpyware and Malwarebyte's Anti-Malware were not running, but I found a program that allowed SAS to break through was stopping it, and that in turn allowed MBAM to function. They found a large quantity of malware between them (Including the fake AntiMalware pop-ups) which I was able to remove, but the aforementioned problems still persist with no further threats detected.

I have attempted System Restore, which wouldn't create any changes from the few restore points I had, asking me to restart and try again (also didn't work).

----------------------
HiJackThis! Log:
----------------------
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:18:41, on 22/12/2009... Read more

A:Various problems (Malware related?)

-Bump-. Sorry.
 

2 more replies
Answer Match 45.78%

I'm playing a game and all of a sudden my computer shuts down. This is happening if I try to play any game now. I updated my drivers and it still hasn't done anything. I doubt it's my video card because my computer has run my games fine for months. Also my computer is freezing and crashing at an alarming rate. Event viewer gives me the following message

The npkcrypt service failed to start due to the following error:
The system cannot find the path specified.

Also when I go to the "hidden devices" section of device manager I see a yellow exclamation mark next to the name npkcrypt. When I click on it I get:
This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Now I've posted this in the Windows XP section of the forum and someone replied saying that it has something to do with malware and I should post it here. I've scanned my computer using norton antivirus and no viruses popped up! So what could the problem be?

A:Apparantly this is related to malware?

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 45.78%

I cleaned up some malware on this laptop and it looked like I got it all. However, I noticed an issue when trying to install AVG that it said a program was already installing. Troubleshooting revealed between 1-3 msiexec.exe files running. They seem to be legit (located in System32). I can kill them but they re-spawn. I did manage to get them all killed but upon reboot they were back. I should mention that when it respawns it seems to create a process called ISBEW64.exe which points to Windows\Temp folder. I tried deleting everything in there but it just rewrites this exe to a new folder in Windows\temp. I have ran several scans inc. malwarebytes, combofix (sorry, read the instructions after I ran this), Kaspersky. Also some rootkit detectors but at this point nothing is finding anything.
 
Thank you
 
As requested here is DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Steve at 17:34:44 on 2014-05-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.3968 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atie... Read more

A:msiexec related malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535235 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 45.78%

I only notice two real problems so far, one is that google searches sometimes take me to abcjump sites instead, and the other is that the file "msxhuwohfn.dll" comes up as infected but when it is removed, every application comes up with the error "cannot find file msxhuwohfn.dll" multiple times.

Here's the DDS log. Thanks to anyone for the reply and help.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Poon at 12:41:25.73 on 2009-03-26
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.188 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32&#... Read more

A:Abcjump and related Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 44.94%

Hi!Not sure where to post this problem since identifying its cause should be a part of the solution I?m looking for. Long story short, something on my computer is keeping CPU usage at over 50% with 40+ processes going on at all times. Here?s the long story BTW:http://www.malwareremoval.com/forum/viewto...cc31d794b9bf9a3As you can see, malware is probably not to blame. Could it be related to graphics card drivers or mother board BIOS version? Or something else? Any help will be appreciated!My specs:OS: Windows XP Home SP3CPU: Athlon 64 3200+ (winchester)Motherboard: Gigabyte nForce 3 Ultra (K8NSNXP-939), BIOS version F6Graphics card: Asus AH4650 (AGP), driver version 9.6Memory: 2*1 GB of DDR400 (PC3200)Hard drive: 160 GB (105 GB free)

A:CPU usage problem, non-malware related

do you have alot of programs in your processes? get rid of some programs you dont need and it might lower the CPU usage?

Joe.

38 more replies
Answer Match 44.94%

The intense public interest surrounding Usama bin Laden is the perfect vehicle for Internet scams and malware, the FBI warned Tuesday, issuing an official warning to ?exercise? caution online.

One common piece of malware spreading rapidly on the Internet purports to show photos or videos of bin Laden?s killing. Clicking on these links can wreak havoc on some users? machines, the agency warned.

?This malicious software or 'malware' can embed itself in computers and spread to users? contact lists, thereby infecting the systems of associates, friends, and family members,? the FBI said in a statement. ?These viruses are often programmed to steal your personally identifiable information.?

Read more: http://www.foxnews.com/scitech/2011/05/04/beware-bin-laden-spam-malware-fbi-warns/#ixzz1LSVnb3tb
In other words watch what you click.

A:Beware of Malware Related to UBL's Death

That virus is going viral on Facebook

8 more replies
Answer Match 44.94%

Hi...I hope someone can resolve this one for me: My pc was infected with Conficker in late Jan/ early Feb. I system recovered, disinfected, and scanned with malwarebytes, AVG, Superantispyware, as well as Mcafee til everything came up clean. All I had connected was the router, cable modem, and Dell 720 printer or Brother MFC420CN--I'd alternate. Before the virus was discovered, both printers began printing blank pages, when they were working fine before.

The pc is a dinosaur--a Compaq Presario and it's running on Windows XP SP3. It is connected to my cable modem and router. My daughter's laptop, a Dell Inspiron 1200, also running WinXP SP3, was also infected, disinfected, and scanned til everything read ok.

Early last month, some of the same symptoms crept back--my security programs couldn't be opened/disappeared; ie was gone, etc...i was unable to start in safe mode and shortly after Windows couldn't be read/found at all. When first trying to start in safe mode, hal.dll couldn't be found...then more files...then finally nothing.

Disinfected...Ran all the malware removal tools again; applied all patches; etc...til scans came up clean.

Decided to reinstall printer...updated drivers...same problem...printer "printed" blank pages. Ink is ok; settings ok... That was 2 days ago.

Today my desktop icons are a lot larger and my system is running sooo slowly! I tried starting in Safe mode, but was unable to: hal.dll couldn't be found. I am able to s... Read more

A:Is this virus/malware related??? What's up with my system??

Hello sharoncrunch,

We need something to work with here. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

14 more replies
Answer Match 44.94%

G'day
Running Windows Vista on Sony Viao - Graphics card NVIDIA GeForce 8400M GT,
Norton Antivirus 2010 and Webroot Spysweeper on system.

Started seeing funny things - not sure if all are related...

DISPLAY PROBLEM
2 days ago, Text / Icon sizes became big - screen resolution went down.
Device manager - Display adaptor had Yellow exclamation mark on NVIDIA display card
Since then get Blue Screen - with memory dump - says Error in Rundll32.exe in module nvapi.dll

On system restart - get various colour bands on screen and funny text blinking.. at startup

After start up - get wavy blue and yellow lines all around screen - as if display does not refresh

Since then, can't get display to work properly - occasionally - works fine after shutdown and start up but above problems return after a few minutes

NETWORK ADAPTOR
Also noticed about 15 to 20 network adaptors in Device Manager
6to4
ISATAP
WAN Miniport etc

These network adaptors were not there 2 weeks ago.

ANTIVIRUS/FIREWALL/DEFENDER
Norton AV stopped working on Administrator login - worked on one of the user account login. Since then managed to get it to work on Admin login - Full scan revealed nothing

Unable to turn on Windows Firewall or defender in SAFE mode. (Red shield warning icon displayed next to clock)
THINGS THAT I HAVE TRIED
Norton AV - scan - no issues found

Webroot Spysweeper - scan - no issues found

Checked with Hijackthis - could not recognise...
O10: Unknown file in Winsock LSP C:\windows\... Read more

More replies
Answer Match 44.94%

Hi, I have a seemingly nasty piece of malware on my laptop, which I got on the 26 Aug. It would be great if anyone could help guide me through removing it; I am a technical person but I am aware that tools such as RootRepeal and ComboFix are beyond my knowledge! It looks like this is similar to the issues in the post entitled http://www.bleepingcomputer.com/forums/t/248694/search-sites-hijacked-in-firefox/.Thanks for your help in advance!ChrisLaptop Configuration---------------------------------------Pentium 4 2.2 GHz 1Gb RAMWindows XP SP2 with full updatesNorton AV installed at time of infection; now have McAfee as Norton had expired at start of AugInternet Explorer 6 is my main browserThe malware was installed when I clicked on a dodgy link, which took me to a blank webpage. Thereafter the symptoms below started.Symptoms--------------Iexplore.exe starts in the background (not visible to user) when I first login and attempts to go to various sitesIf I query Google, then click on the URL of a result, I instead go through to some arbitrary sitesMcAfee failed to download its updates properly, even though it was trying, and so kept reporting that virus definitions were out of dateI was unable to start many executable, including AV programs and malware scannersOccasionally another iexplore.exe process spawns itself (not visible to user, but can see it in Task Mgr) while I am doing other thingsSteps so far-------------------Installed SysInternals Process ExplorerDisabled something... Read more

A:cannot remove malware related to uacinit.dll

Here is a subsequent MBAM log, showing that problems still remain:
Malwarebytes' Anti-Malware 1.40
Database version: 2741
Windows 5.1.2600 Service Pack 2

05/09/2009 14:30:04
malwarebytes_05092009.txt

Scan type: Full Scan (C:\|)
Objects scanned: 209595
Time elapsed: 1 hour(s), 17 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\UACmsgpcpasga.dll (Rootkit.TDSS) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\UACmsgpcpasga.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

3 more replies
Answer Match 44.94%

Hi...I hope someone can help me with this one: My pc was infected with Conficker in late Jan/ early Feb. I system recovered, disinfected, and scanned with malwarebytes, AVG, Superantispyware, as well as Mcafee til everything came up clean. All I had connected was the router, cable modem, and Dell 720 printer or Brother MFC420CN--I'd alternate. Before the virus was discovered, both printers began printing blank pages, when they were working fine before.

The pc is a dinosaur--a Compaq Presario and it's running on Windows XP SP3. It is connected to my cable modem and router. My daughter's laptop, a Dell Inspiron 1200, also running WinXP SP3, was also infected, disinfected, and scanned til everything read ok. The pc's browser was ie; my browser of choice is now chrome or Opera. The laptop now browses with Firefox.

Early last month, some of the same symptoms crept back--my security programs couldn't be opened/disappeared; ie was gone, etc...i was unable to start in safe mode and shortly after Windows couldn't be read/found at all. When first trying to start in safe mode, hal.dll couldn't be found...then more files couldn't be found...then finally nothing.

Disinfected...Ran all the malware removal tools again; applied all patches; etc...til scans came up clean.

Decided to reinstall printer...updated drivers...same problem...printer "printed" blank pages. Ink is ok; settings ok... That was 2 days ago.

Today my desktop icons are a lot... Read more

A:WHAT IS UP WITH MY SYSTEM?? IS IT VIRUS/MALWARE RELATED???

I am sorry that your computer is bewitched !!
Do you know how to open the cover of your computer ??
I am suggesting that ;
1. You unplug the computer power from the back .
2. Open the case to expose the main board and the battery.
3.Be carefull and press the little tab on the battery and let it pop-up enough so it doesn't touch the socket .
4.Clean the battery with alcohol and a cotton cloth .
5.Put battery back in the computer BUT dont touch the battery with your fingers,our fingers always have some oil
on them.
Plug the computer back in the wall and turn on.
Press F1 or delete and boot into BIOS.
check that your hard drives are correct and your boot sequence is right and press F10 to save.

Many people get a virous in their BIOS and don'tever know it.
Good Luck

2 more replies
Answer Match 44.94%

The first problem I noticed with my PC is that it was all of a sudden freezing for no apparent reason and not when I was doing anything specific. Happens during games, youtube videos, or just when I am surfing the net. When it freezes like this I can sometimes CTRL-ALT-DEL and get the task manager window to pop up however the mouse then freezes, leaving me without any other option other then to hit the power button to restart. Sometimes I will hear a long beep coming from the mother board right before I hit the button to restart. This happens every few times.

Not long after the freezing issue I noticed that I started getting this weird popup as soon as I got to desktop saying "Either there is no default mail client or the current mail client cannot fullfill the messaging request. Please run Microsoft Outlook and set it as the default mail client." I have never used Outlook to send a message so have no idea where this is coming from but have since stopped it.

My windows live messenger has stopped working and I am getting an error message stating that the image icon is bad and to check it against my installation disk. Sorry didn't take note of exactly what it says but something very similar to that.

I have gotten a black screen with this error about three times in the last two days "81k/154 Hz Frequency is out of Range" This seems to go away if i restart the pc.

If I try running either Combat Arms or Rappelz, the game will run for a brief period of ... Read more

A:PC Problems; I assume malware related

you are being helped at PCpitstop so this is closed
 

1 more replies
Answer Match 44.94%

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Test1 (administrator) on RENZO-PC on 12-02-2015 17:48:00
Running from C:\Users\Test1\Downloads
Loaded Profiles: Test1 (Available profiles: Test1 & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Progr... Read more

A:Many entries that are malware related in Autoruns log

To the helper going to clean me: i realize you will be doing this during your free time, and i'd sincerely like to thank you in advance. I am looking forward to working out the steps with you! Please take your time. I will wait patiently! =)

32 more replies
Answer Match 44.94%

Hi, this is actually a problem on my dad's computer. As of recently, we have not been able to get onto the internet in any way, though all connections have remained the same (I'm using my own computer right now). Instead of making the screechy noises while its connecting, it sounds like a regular phone call with the ringing tone. We took the computer in to Geek Squad and they at first told us that it was a malware problem and that someone has been trying to remotely connect to the internet by using our computer. After a while they changed their story to it being a hard drive problem and wanted to install a new one, but my dad didn't want to since with the amount of money they were charging, he could buy a new computer, so now the computer is back here with us. The anti-adware programs that we are using have not been updated since around March, and I don't think my dad used them much anyway, but he did use the norton anti-virus(that too was last updated in March). Using the Geek Squad detection software which is obviously more updated than anything else on the computer, it shows that we have:

cws_tiny0
psguard\winhound fake alert
spysheriff fake alert

The cws thing I was not able to remove with the CWShredder and the other two I wasn't able to find without the location names.

Another weird thing is that we now had an AOL Dialer which neither my mom nor my dad remembers downloading. Every time someone went on the computer, a pop-up would ask if we want to conn... Read more

A:Connection problems related to malware?

Hi kimbatheknome

Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers. If you still need help then please follow these instructions and I'll be glad to assist you. If your dad's computer is still having problems connecting then you will need to download these programs from another PC and transfer them over on CD, USB Key or other media

Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, 2 text files will open - main.txt and extra.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also ... Read more

1 more replies
Answer Match 44.94%

Hello,I'm attempting to clean a system for a friend who has been infected with a virus which produces 3 system tray icons, randomly popping up alerts of infection on the machine and directing the user to a site to download Malware Crush.I've tried multiple variations of fixes, including automated and manual removal instructions to no avail.In all cases, these fixes did not seem to relate to whatever infection this machine has.wupeng.exe 'MalwareCrush' 'Malware Crush' and e404.dll are all not detected in the suggested places. I've done a system search and registry search for related entries, but nothing.Thank you for your time.-----------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:46:13 PM, on 2/27/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC: ... Read more

A:Malware Crush Related Infection

Please download SDFix Save it to the DesktopRight-click SDFix.zip, and select: Extract all?Follow the promptsDouble click SDFix.exe In the prompt that appears, select: InstallThe program is normally installed in: C:\SDFix~~~~Start the computer in Safe Mode:When the machine starts, tap the F8 key before Windows appears You are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys.Press Enter to boot into Safe Mode. ~~~~Now, go to C:\SDFix, and double click RunThis.batType Y to begin the cleanup process.The process removes any trojans or Registry Entries found, and then prompts you to press any key to Reboot. Press any key to restart the PC. When the PC restarts the SDFix will run again and complete the removal process It then displays FinishedPress any key to end the script and load the Desktop icons.Once the Desktop icons load, the SDFix report opens on screen and also saves itself in the SDFix folder as Report.txt.~~~~Next, download Malwarebytes' Anti-Malware (MBAM)Save the program to the Desktop Close all Windows, including this one. (Print the instructions first)On the Desktop, double-click mbam-setup.exe to install the program, and follow the promptsIf an update is found, MBAM will download and install the latest. Click OKAt the main program windowMake sure the following is checked: Perform Quick Scan Click: Scan When the scan completes, a message box appears as shown in the image below:
Click OKAt the m... Read more

3 more replies
Answer Match 44.94%

I'm using Windows Vista Home Premium - Service Pack 2So this is what happened - I turned my laptop on (Asus M51VSeries), logged in and then left it running for a couple of hours. I suspect during this time a Windows Update may have occurred which may be causing my problems. When I came back to the laptop, I noticed that the nice Vista Aero effect had disappeared and was replaced with the basic Vista theme. I restarted my computer and it was still displaying the Vista basic theme and also an error message appeared:Title: MMLoadDrv: MMLoadDrv.exe - Entry Point Not FoundContents: The procedure entry point OsThunkD3dContextDestroyAll could not be located in the dynamic library d3d8thk.dll.I then attempted to open Mozilla Firefox 3.5.3, which crashed immediately after opening. I tried this a few times which produced the same results. I was able to open up Firefox in it's safe mode though. I then decided to do a system restore as there was next to no information about my problem that I could find. The system restore was to a few minutes after I first switched my laptop on that day (15/09/2009 ) with the note 'Install - Windows Update' next to it. I completed the system restore, and found that the error message still displayed, the basic theme was still there, but I could go on Firefox without it's safe mode.I have run a full Malwarebytes' Anti-Malware scan and it found nothing.So basically I want to know how to remove the error message (which appears every time I re-boot the laptop... Read more

A:Errors occuring, none are malware related...

bump

Still having problems

17 more replies
Answer Match 44.94%

Hello everybody, and welcome to my first post! I've been unable to figure out what's going on, so I figured I'd turn here. I've used the advice as a lurker at bleepingcomputer.com many many times, so I figured this would be a good place to turn. I'm assuming that this is spyware/virus related, since it seems to be displaying a lot of the signs (slow computer, random restarting, programs that are obvious malware, etc).

On to the story. I'm working on a friend's computer. Apparantely, for the last 6-9 months she's been having an issue with it randomly shutting down, but it doesn't bother her much and she just works around it. She wanted to install Microsoft Office 2007, but whenever we tried the installation would just hang at 0%. I tried the discs on another computer, and I know that they work, so I assumed it was something on her computer. Upon looking closely, I noticed a program called "MalwareRemovalBot", so I assumed that she has spyware.

I installed Malwarebyte's AntiMalware, and did a scan, removing some 200-odd pieces of spyware, including the MalwareRemovalBot. However, the random restart problem has persisted. If I just leave the computer alone, it will stay on without any problems. I can run programs and it may or may not restart. Sometimes I've been able to do a full virus/spyware scan, and other times it restarts while I'm opening up the programs.

The restarts are not resulting in Blue Screens, and I have turned off Window's "Automatic Restar... Read more

A:Random shutdown, probably malware related

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 44.94%

The only obvious symptom was that the security settings in IE were modified in a way that prevented downloading most things. JRT and ADWCleaner found little. MBAM and MBAR found a few things and removed/quarantined them but it's clear by HJT & Farbar scans that remnants remain. Removing things with HJT does nothing, they're still there on subsequent scans. MSE found and removed a bunch of stuff starting 4 days ago and ending yesterday after I ran the above - Trojan:Win32/Qadars.A, Exploit:HTML/Pangimop.V, Behaviour:Win32/Crowti.A, Behaviour:Win32/Crowti.C, Behaviour:Win32/Vawtrak.A, Backdoor:Win32/Vawtrak.F, Trojan:Win32/Powessere.A, PWS:Win32/Zbot.gen!AP, Ransom:Win32/Crowti.A, Trojan:Win32/Qadars and Trojan:Win32/Ropest.G. Running MSE now reveals nothing, neither does aswmbr. Win7 Sp1 needs to be installed along with a newer version of Reader and probably a couple of other things I haven't noticed but I figure taking care of this is the first priority. I would appreciate any help. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014Ran by hesperia (administrator) on HESPERIA-PC on 10-09-2014 17:35:03Running from C:\Users\hesperia\DownloadsPlatform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/&#... Read more

A:Unknown malware related to viruses (?)

Hello  tantryl and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
 
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
 
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with... Read more

12 more replies
Answer Match 44.94%

I'm running XP Pro Service Pack 3 on a Pentium 4 3.00 GHz with 3GB RAM. NVidia GeForce 7800 GS graphics card. ZoneAlarm Pro firewall up and running. BitDefender 2010 Antivirus installed, but conflicts with ZoneAlarm necessitate that I run it on demand, not real-time. Started getting random system hangs (requiring hard reboots) 8-9 days ago, usually with a few windows open. Happens with Firefox or IE8. Nothing suspicious in Task Manager. I thought it might be related to a recent run of the Registry cleanup tool in CrapCleaner, so I did a System Restore to a date 2-3 weeks prior (none of the intervening points worked). No help.I'd OK'd an Adobe Flash update, too, before the troubles. When it came up again, after the System Restore, I declined it.Several runs with BitDefender 2010 antivirus, Spybot Search & Destroy, and a-squared free (both before and after the System Restore) turned up nothing. A few times, I came back to check on their progress to find another system hang.Then I ran through all the suggestions in jgweed's "Slow Computer" post. A-squared free, running in Safe Mode, found backdoor Sinowal and Trojan Mebroot and cleaned them both. Multiple runs of the above security programs since then, in both Safe and normal modes, have turned up nothing. I've done an online scan or two with Trend Micro--nothing there.The PC innards are clean. Power supply was replaced in early January '10. All Windows Updates (except today&... Read more

A:Hanging XP; Unsure whether malware related

While I waited on a response to my question over on "Am I Infected..," I thought I'd run through the scans needed for this area. Everything's taking longer to do now, since the system (Pentium 4 3GHz running XP Pro SP3) hangs after being up anywhere from 5-30minutes. But Gmer's taking the cake.The first time I ran it, it took off very quickly. I left for awhile and returned to find a system crash, with a message from Microsoft and/or Iomega telling me that the crash involved memory pool corruption and that the IOMDISK.SYS device driver was loaded in memory at the time of the crash. It requested that I install the latest driver version (there was an executable in the package for this) and then to enable driver verifier on the IOMDISK.SYS driver, which I did.The next couple of tries with Gmer ended fairly quickly in system hangs, with much disk churning going on in the background, at first (of course, dead silence as the system ground to a halt).I finally got it to run reliably by disconnecting my network (cable modem) cable. Don't know if that's significant.Anyway, it ran at light speed for a couple of hours, then slowed a bit as I went to bed last night. This morning, coming up on 12 hours later, it's chugging through the \$NtServicePackUninstall$ files at a clip of about 1 per second.Is this normal behavior? Can I terminate the scan at this point and just save what it's already done, or should I wait it out? I fea... Read more

9 more replies
Answer Match 44.94%

It started with winspyware2007 popups and adware popups. Sometimes now I can't get into IE6 (endless hourglass). Installed Firefox last night and all was well for awhile, then
got IE6 popups (hadn't opened IE), then finally winspyware and other ad popups in Firefox so I know FF is fully infected. FF when I can get into it is much slower now with frequent window open delays. Have had to crash on occasion, sometimes won't open at all.
I keep running Norton AV, AVG, SpySweeper, Vundofix. Nothing seems to work for more than a few hours.
I am attaching a hijack this log. I am in safe mode with WinXP and IE6.
Anything else you can do would be much appreciated. I am a past monetary contributor.
Thank you. Frank

Logfile of HijackThis v1.99.1
Scan saved at 12:36, on 2007-08-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD3... Read more

A:Multiple Malware Related Problems

Please be sure to note I am in Safe Mode. Normal mode is very slow/unreliable.
 

3 more replies
Answer Match 44.94%

Hello. I have a Gateway M275 TabletPC running Windows XP Tablet PC Edition 2005
- Using a school computer
- Intel Pentium M processor 1.50GHz
504MB of RAM

I was on the net & I think I had a virus install when I extracted a .rar file (which I deleted).

Here ares my problems:
1. My task manager is disabled, or grayed out, and I can't access it.
2. (this part was copied from another poster, as I'm having the same issues) Every two minutes I get a security bubble alert in the taskbar that looks like a Microsoft update alert or warning (yellow triangle with an exclamation mark inside) saying I have spyware, or someone is trying to connect to me. Its has 3-4 different bubble messages. Also, every 10 minutes I get a "Windows Security Center Warning" pop-up saying I have malware and to click here to remove it. Both of the mentioned pop-ups direct me to a page trying to sell me Spy Away and Perfect Cleaner.
3. My desktop picture has been changed to one that has spyware warnings which are also linked to Spy Away and Perfect Cleaner.
4. The desktop icons flash for about a second every two minutes or so
5. New folders in my 'Program Files' folder keep reappearing: stc, seekmo,180search assistant, zango, sysmnt, 180solutions, and 180searchassistant. Within those folders are the following files:
sac.exe
saap.exe
sais.exe
Ssmgr.exe
zango.exe
180sa.exe
sau.exe
seekmohook.dll
csv5p070.exe

I try to delete them but they keep coming back.

6. Also, I have s... Read more

A:Malware problem, maybe Zango related - please help

bump

Just an update. I've downloaded SDFix and rebooted, but I cannot login in in Safe Mode.

This may have something to do with this being a school laptop, as I am not the owner yet - but will be upon graduation.
 

1 more replies
Answer Match 44.94%

Turned on my computer today to find it infected with something. Would appreciate any help someone could give me.

1. Background doesn't load, it is solid white.
2. Cannot access the Task Manager, claims that it is infected and cannot launch.
3. System restore encounters the same problem.
4. Small red circle with a white X icon in the task bar. Seems to be where the random message that appear from time to time originate. Cannot access this program in any way.
5. DCOM Server Process Launcher error forced my computer to restart after a 1 minute timer.
Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:40 AM, on 1/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience... Read more

A:Unknown Problem - Likely Malware related HJT Log

Also, noticing that whatever has infected the computer is redirecting me from certain websites.
 

2 more replies
Answer Match 44.94%

hi, after corresponding for help on safer networking, i was told the problems im experiencing are deeper than malware related, so i hope this is the right catagory;

microsoft programs open, two seconds later error message appears saying that it has stopped working and then the program closes; this happens with saved files and new documents; the same also with internet explorer.
occasional freezing of whole pc; only solution is to turn off at wall. occasional blue screen appears with white text and then shuts down with no warning. white text as follows; a problem has been detected and windows has been shtu down to prevent damage. if this is the first time you have seen this error screen then restart your PC. if this screen appears again, run a system diagnostic utility run a memory check and check for faulty or mismatched memory. try changing video adapter.disable or remove any newly installed hardware or software; collecting data for crash dump, beggining dump of physical memory. contact your system administrator or technical support group for further assistance.

problems generally occur most often after shut down, not hibernate. certainly only the blue screen pops up after almost every shut down.

was advised to update current software, so have done so, have also Downloaded ATF (Atribune Temp File) Cleaner© by Atribune and run an Kaspersky Online Scanner.

uninstalled avg, as it was causing considerable problems with both programs, and deleted C:\Users\username\AppData\Lo... Read more

More replies
Answer Match 44.94%

hi, i'm on a dell running windows xp. i got a virus last night. i've fixed some things with hijackthis already and gotten rid of the fake program "internet security 2010" by running malwarebytes' anti-malware.but! there's still this zahuzewi.dll thing that shows up in my hijackthis scan. there was also something called kkalf.exe that i deleted, and now upon starting my computer it says "error loading zahuzewi.dll. the specified module could not be found." other symptoms include:- my desktop background being switched to a green color, but when i shut down my background returns briefly.- when I search google sometimes, i get this:'302 MovedThe document has moved here.'with "here" linking to this site, which i haven't clicked just to be safe though it looks normal: hxxp://www.google.de/search?q=yahoo+mail&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&cr=countryUShere's my dds.txt log:QUOTEDDS (Ver_09-12-01.01) - NTFSx86 Run by Liat at 15:25:25.93 on Sun 02/14/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.101 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvc... Read more

A:zahuzewi.dll malware...vundo related?

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

13 more replies
Answer Match 44.94%

I keep getting a BSOD and computer will restart by itself.
I don't know if this is the cause of hardware problems or malware. 
Will post whatever logs that are needed.

A:Can't tell if Malware or hardware related issues?

Hello and welcome to Bleeping Computer.Please run the following:Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

12 more replies
Answer Match 44.94%

I just can't figgure this one out.
Recently, svchost has been taking up 100 % of the CPU usage. It doesn't always happen, but when it does, its annoying because I my computer gets slow and hot. I don't think its a virus, because in the task manager, its listed as a system process and its in the system32 folder. I have also done online scans. I have also run sfc /scannow. It only seems to happenn when I open Internet Explorer. Any suggestions?

A:svchost 100% CPU usage, not malware related

Possible Automaitc Update problem...has it only started happening since a recent update?

Or have you installed any new software/plug ins/codecs?

5 more replies
Answer Match 44.52%

Hi i was watching a tv show using megavideo last night and loads of popups came up giving the usual crap about needing to install stuff.I thought i closed them but maybe i clicked on them by accident.

Anyway all of a sudden AVG started detecting loads of random threats...mainly .exe files being found all over the place.

I tried healing them but loads more kept coming so i turned my internet off thinking they were being downloaded but they kept coming.

I went into msconfig and found two new programs trying to run on startup so i unchecked them and restarted my computer,thinking this would stop the incessant threat detection. Probably a bad move.

Anyway, now when i turn my computer on i get a big blue screen with the following errors:

0x00000024 (0x001902FE, 0xBA4F34EO, 0xBA4F31DC, 0x8A54C889)

I cannot start my computer in safe mode or restore it to a last known good configuration

How can i get back to my computer so i can at least save some files?

I need some serious help please!

Thank you,
james
 

A:Blue Screen of Death - malware related

Hi, makihara

You should always post your Operating System, and whether is a 32bit or 64bit system.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Boot the Non working computer using the boot CD you just created.
In order to do so, the computer must be set to boot from the CD first
Note : For information click here

Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to All
Change Standart Registry to All
Under the Custom Scan box paste this in

/md5start
eventlog.dll
scec... Read more

3 more replies
Answer Match 44.52%

I'm currently working on a friends laptop. So far I have run spybot and ad-aware and they both found A LOT of things. Before I removed Norton because it was expired, it was telling me there is no TCP/IP installed. Its there under network properties though. I tried to run Ewido but it crashes when it starts up even in safe mode. I also ran LSPfix and it has a file in the remove side but I can't read the file name - it has weird characters. When I try to remove it via LSPfix, it just tells me 0 files were removed. I see nothing in hijackthis and cannot get on the internet to do certain scans and updates on specific programs such as spysweeper. Here is a HIjack log.

BTW - I put in this line - O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DD8084-B0A1-4E5B-BFEC-976761520BE9}: NameServer = 68.87.71.226,68.87.73.242 because when I plugged in the ethernet cable, it couldn't aquire an IP address automatically. So I configured it manually. The laptop also has wireless but WZC cannot configure it and there is no other program to my knowlegde that is doing so.

Logfile of HijackThis v1.99.1
Scan saved at 12:19:59 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explo... Read more

A:Internet connection problem - malware related - cannot fix

Hi, Removing malware sometimes screws the Winsock performance--you can download to any computer, burn the file to a CD or copy it over with a flash drive.

Try this to reset the Internet functions:

http://shipleysystems.com/TechSupport/WindowsXp/Running WinsockXPFix On Your Window XP PC.htm
Might try running it twice.

Sometimes takes a few minutes to kick in, you may have to Log Off and back in also.

Do you know how to use ipconfig from a command line?

If you are able to get online then, post a new HJT log
 

1 more replies
Answer Match 44.52%

Recently, I've been hearing little beeps out of my computer that sound like something is turned on and another beep after that sounds like it's turning something off. I check my Task Manager every time I hear those sounds and wmplayer.exe or wmpnscfg.exe are the ones taking up resources. I try to end the processes but they keep reappearing a few minutes later. I even tried blocking them from startup through msconfig but that didn't help. My fan goes crazy and I lag a bit every time this happens also. Help would be appreciated!
 

A:Windows Media Player related malware?

Erm... bump
 

2 more replies
Answer Match 44.52%

I was in another sub-forum but was told to come here so I will copy and paste my information if that's all right. Thank you so much for this forum and help!

Hey guys, I actually came across the forums doing a search a day or so ago and the thread I was looking at was out-of-date so some of the links didn't work. Thought I would write my own thread on my problem. Also, my IE is messing up.. not sure if that's connected to the Blue Screen or not (or part in part of the problem(s)).

I had a look at this thread http://www.bleepingcomputer.com/forums/topic375458.html so I think I've already done a few steps you might ask me to do. Here is the info:

==================================================
Dump File : 012411-25818-01.dmp
Crash Time : 1/24/2011 10:45:19 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02fbac9a
Parameter 3 : fffff880`09a7dcf0
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft? Windows? Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\012411-25818-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 274,920
==================================================

==================... Read more

A:Blue Screen of Death (Malware related?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Answer Match 44.52%

Hi. Thanks in advance for any help you can give.I have run Malwarebytes, but this finds nothing.This is a Dell Inspiron 1501, now with 1.5Gb memory, low I know but it is particularly slow to load and respond.Certain IE links sometimes do not work. Hijackthis changes don't seem to sticK and it reports it cannot write to the hosts file.I have attached a log from GMER.

A:Performance possibly related to rootkit/malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 44.52%

Hi.
I've been having some problems with my internet lately. Namely it stalls out after a few minutes and says it can't find the default gateway OR that
However, I called the cable company, and it was working fine for an hour after resetting the modem, and now I'm back to problems.

So basically I'm not sure if it's actually a problem with my internet OR if I've got something on my computer that's causing this problem.

Also, I have Micro Trend supposedly installed on my computer but whenver I start my computer it says "starting protection" and then disappears and I can't really get it to open. I never even thought about it until now.

I scanned my computer with the quick scans from Malwarebytes' Anti-Malware and Lavasoft's Ad-aware. Ad-aware found 2 problems, one being the trojan.java.blacole.b and second being backdoor.win32.cycbot.cfg -- Both of these were put into quarantine by Lavasoft's Ad-aware. I don't know if I need to do something more or if these were causing the problem.

I was hoping maybe somebody could take a look at the info and make sure there's not something else out there.

Also, I run Windows 7. (and use Firefox almost exclusively as my internet browser, with a few exceptions with some websites that will ONLY work on IE).
If any other information about my system is needed, please let me know.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at &#50724;&a... Read more

A:Problem With Internet possibley related to Malware

13 more replies
Answer Match 44.52%

I just registered at BleepingComputer. I don't think the computer I'm using at the moment has any malware or virus related problems, but verification from an experienced user would certainly give me peace of mind. I will post a FRST log below for you guys to review to check if my pc has any problems. If my pc has nothing wrong, that's great! Thanks
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Cathy (2016-03-24 23:26:40)
Running from C:\Users\Cathy\Downloads
Windows 8 (X64) (2016-03-01 04:02:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1182220091-3181907508-3606138005-500 - Administrator - Disabled)
Cathy (S-1-5-21-1182220091-3181907508-3606138005-1001 - Administrator - Enabled) => C:\Users\Cathy
Guest (S-1-5-21-1182220091-3181907508-3606138005-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D... Read more

A:Verification I don't have any malware or virus related problems.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Your addition.txt file is clean.Please post the FRST.txt file that was also created by the Farbar tool.I will review it.

13 more replies
Answer Match 44.52%

Hi all!

I'm having some computer troubles and I need guidance from one or more of you kind people. I have a related thread going in the A/V Am I Infected? forum (http://www.bleepingcomputer.com/forums/topic228133-15.html). It gives some other background information that might be helpful to read in understanding my problem.

So, to give a quick overview - currently I'm trying to rid my desktop (and then later I'll be working on my laptop) of any malware it has - which according to MBAM is quite a few nastys and they seem difficult to remove thus far. I've had my desktop for about 8 years now; never formatted, never backed up (yes stupid, I know). Obviously I want to rescue these files in the (likely) event that I need to format my computer.

I'm not sure if I've accidently set off a payload, am botted, or a hacker is directly and actively messing with my system (I *was* "borrowing" a wireless internet connection for about a week...), but my desktop system stability has gotten substantially worse - to the point that I am now unable to boot my computer. So I need help in making it somewhat usable so that I can at least save some of my 8 years worth of files.

This problem began after I had run an MBAM quickscan in normal mode after disabling my wireless connection and clicked on ok to reboot the computer - because certain files could not be deleted until reboot. It shut down normally but then windows would not load (I couldn't even make... Read more

A:Boot problem - most likely due to malware related activity

If you have an open post in any of the malware forums....you probably should not be posting issues here until your malware situation is resolved.

And you certainly should not be anticipating or making changes to your system...based on what someone other than the malware folks suggest.

Louis

4 more replies
Answer Match 44.52%

I started having problems with not being able to hibernate with the hibernate button. It was around same time I was trying to get search engines that creeped onto my system like avg search and so on. I tried registry fix apps, Microsoft Security Essentials, Malwarebytes. They didn?t help. Can somebody help me?

A:Couldn’t hibernate? Malware related? Avg search?

Hello ineedhelp2012 and welcome to Seven Forums.

It's dangerous to use registry tools. They can cause more damage than they fix. First thing I'd try is using a system restore point to return my computer to a date/time prior to when the hibernation problem first appeared.

System Restore

If that doesn't work or if you don't have any system restore points I'd run a System File Checker scan from an elevated command prompt (option two, this tutorial.) If any problems are found run the scan 3 times rebooting in between each scan.

SFC /SCANNOW Command - System File Checker

You could also try turning hibernation off, rebooting, then turning it back on. Although if you don't use hibernation you could leave it off and gain some additional hard drive space almost equal to your installed memory.

Hibernate - Enable or Disable

5 more replies
Answer Match 44.52%

I thought I would try this here in case it is malware- rather than hardware-related:

We have an Acer Veriton M460 desktop running Windows XP Home that recently started rebooting itself over and over upon startup. After starting it in safe mode we disabled automatic rebooting. This revealed a Blue Screen of Death with the error message 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA. This now occurs every time we start the machine in normal mode.

So far we've done the following:

-- Verified that PC seems to start okay in safe mode, or safe mode with network. However, every time we try normal Windows boot, the BSOD results.

-- Run memtest-86 v35 overnight for 20 passes, no errors revealed.

-- Swapped out RAM. PC has 4 GB on two sticks.

-- Run Malwarebytes Anti-Malware, AVG, TrendMicro Housecall. The first two produced no hits. Housecall gave a list of "vulnerabilities," but no details on what they are or how to fix them: MS08-49, MS08-61. MS08-63, MS08-66, MS08-67, MS08-68, MS08-78.

-- Set pagefile initial and maximum to 0, run defragmenter, reset pagefile initial and maximum to 4096 (maximum allowed).

-- Ran chkdsk, which appeared to complete normally and indicated the drive was clean.

-- Ran hijackthis. The log file is below.

Any suggestions on what to try next? Thanks much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:25 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Sa... Read more

A:BSOD/page error: malware-related?

Eventually it got to the point where we couldn't even boot in safe mode, so we pulled the drive, copied user data off it, put it back and restored the drive back to factory conditions. Not too many programs to reinstall ...
 

1 more replies
Answer Match 44.52%

I use ZoneAlarm's free firewall on my netbook...have for years. Last night a Zone Alarm window popped up that, if I recall correctly, mentioned something about updating to the latest version or download a free trial of the full version...something like that. After a long download of a 75MB file, it started scanning my system during set up. I suddenly noticed that it said "Your Computer is Infected" which struck me as VERY odd. 1) it's a firewall, not virus or malware removal 2) my computer hadn't been experiencing any questionable behavior to suggest any kind of infection.The whole thing made me nervous so I tried to kill the process. Suddenly I started getting all sorts of error messasges in Windows of various windows components or services not being available...I couldn't even open Task Manager! So I held down the power key and did a hard shutdown.Upon rebooting, Windows would no longer fully load. I get to the desktop screen where all my icons SHOULD start popping up and loading but it never happens...just hangs with only the wallpaper visible. I can access the task manager and Explorer is running. I've tried killing Explorer and re-booting it, but that didn't change anything. I've also completed a System Restore with no luck.If I boot the computer up in Safe Mode, it loads just fine, HOWEVER--and I found this particular unusual--if I try to boot in Safe Mode with Networking I get the same hanging upon loading the desktop.I've ... Read more

A:Windows Explorer won't boot! Malware-related?

As you have now posted in Malware Removal forum, I will ask for this thread to be closed -

2 more replies
Answer Match 44.52%

UPDATE: I just downloaded pandasoftware that you recommend and installed it, then restarted comp - now whenever I try to start my comp it auto shuts down!!! I can boot in safe mode however...5pm is last night I tried to download a game and spy sheriff (a program disguising itself as anti-virus software that keeps re-installig itself + other crap no mater how many times you remove it) was downloaded, as well as a crap load of other malware, onto my comp. I have run spybot and it says it has removed everything sometimes but then other times after restart items like ?FastClick? and ?AvenueA? keep appearing as needed to be removed! When running Ad-aware and doing a full system scan no matter how many times I run it I get this Windows vulnerability thing ?.?Name: Windows? ? ?Type: RegData? ? ?Category: Vulnerability? ? ?Object: HKEY_LOCAL_MACHINE:software\microsoft\windows nt\currentversion\winlogon?Shell? (explorer.exe, c:\windows\system32\xyqwi.exe)? I dunno if I should go to c:\windows\system32\xyqwi.exe and try to delete xyqwi.exe? Any1 know what this is? I also get ?to help protect your computer, windows has closed this program ? Name: Windows Explorer,? every once in a while.I have removed spy sheriff but my comp still has major problems and is running super slow!Have also done cleanmgr and run TrendMicro housecall scan- which failed to remove an infection it said. Housecall scan said one infection had to... Read more

A:Spy Sherif And Related Unremovable Malware/problems!

? Re-name HijackThis.exe to doggy.exe by doing the following:- Navigate to C:\Documents and Settings\Christine\Desktop\hijackthis\HijackThis.exe- Right-click onto HijackThis.exe and select "Rename"- Type doggy.exe and hit Enter.? Now, double-click onto doggy.exe (which is still hijackthis) and post back with the new HijackThis log.

28 more replies
Answer Match 44.52%

So for a couple of months now i've been experiencing out of the norm behavioral habits on my computer. The first being a couple months back now where my computer for some reason began awaking itself from sleep mode at exactly 11:15pm each day. This was not the case before.

I ran virus scan and also malware scan and malwarebytes detected a few PUMs (attached below). I left these for a while before deciding to remove them around a couple of weeks ago now.

Since removing them i've experienced a couple more strange things. The first being when awaking from sleep mode, on occasions, the resolution is all wrong and i must put it back to sleep and awake it again to sort it out. On most occasions it awakes without a problem but still, an issue born recently.

The third thing happened yesterday when a few folders became hidden without me hiding them myself. These folders had once been hidden by me but not for a long while. There were also desktop.ini files on the desktop. I searched google and found out that i had to tick 'hide protected operating system files' to get rid/hide these.

I've done scans with Essentials, Malwarebytes and most recently F-secureonlinescanner. The latter found a java exploit that it removed and one other (sorry do not remember the name). The other two find nothing.

I've tried using Gmer but on three occasions it failed to finish (i get a 'stopped working' message).

Malwarebytes and dds logs attached. (Malwarebytes log is old but shows the PU... Read more

A:A few issues - Unsure if virus/malware related or not

Just a couple of things that are worth noting.

One is that i recently changed from a DVI cable to a VGA (possibly a reason for the resolution issues from wake?).

I've also recently disabled 'allow wake timers'. Not tested it out yet to see whether it has worked or not.

Also, just a gut feeling, the recent issues i 'm having (ignoring the waking up from sleep problem) i feel may be related to the files i quarantined in malwarebytes. Were the PUMS i quarantined really malware?

11 more replies
Answer Match 44.52%

Hello. I am trying to fix a friend's laptop computer that has Windows 7 installed.

When he gave it to me it was infected with some assorted malware(trojans, etc.). At first, I could not open any applications whatsoever. Every time I would try it would ask me if I wanted to use internet explorer to open it.

I created a few rescue CD's(dr web, avira, avg, etc) and ran those. They cleaned up most of the problems.

Also, I installed AVG free edition and malware bytes. I ran both of those. That removed several more pieces of malware.

At that point, things were mostly good. But I noticed that almost all of the files on the computer had been marked as hidden(the desktop images were all faint, etc). So I went through and manually removed the "hidden" setting from all the PC files.

It seems like I am 99% good. However, when I open firefox browser and enter a google search, and click on a link in the search results, it sometimes redirects me to some other unwanted site. So I guess that there is still some malware lingering in the background that could not be found by AVG and malware bytes.

Any recommendations to fix this?

Thanks!

TC

A:Help needed removing malware(browser related)

A friend of mine had an issue with his browser redirecting search results, and it took me a few days to find a fix, but I found a program called TDSSKiller and that removed the problem. You can try it out for yourself to see if it will also be a fix for you, and hopefully it will.

Anti-rootkit utility TDSSKiller

Edit: Here's a little bit more info about the trojan if you need it. Backdoor.Tidserv | Symantec

9 more replies
Answer Match 44.52%

hi, first of all apologies for the lack of capital letters - it is connected to my problem.

a few days ago my pc started to act as if my 0 key was jammed in, adding a constant stream of zeros into any text input field i clicked on. i immediately assumed this was infact a stuck key so checked that out with no joy. i then tried unplugging the keyboard and rebooting using the virtual keyboard, but this gave me the same issue. i have found however that a reboot seems to clear the issue for about 10 minutes, but then it returns. therefore i have assumed this points to a software issue and as it kicks in after a successful period i wondered if there was some kind of malware doing strange things to my pc

when i press the numberlock key the zero's stop, so this is related only to the number pad. now i would be happy not to use the number pad, but as pressing shift and the zero on the number pad causes the system to paste anythin i have in my clipboard, i also have to stop using shift - hence no capitals - this is not feasible so i looked around for help.

first suggestions were running virus scans, which picked up a few unrelated issues but nothing else - i tried avg free, prevx csi and kaspersky 8.

any ideas if this is some form of infection ?

A:software keyboard error - malware related?

We can try malwarebytes...The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to displ... Read more

7 more replies
Answer Match 44.52%

I use ZoneAlarm's free firewall on my netbook...have for years. Last night a Zone Alarm window popped up that, if I recall correctly, mentioned something about updating to the latest version or download a free trial of the full version...something like that. After a long download of a 75MB file, it started scanning my system during set up. I suddenly noticed that it said "Your Computer is Infected" which struck me as VERY odd. 1) it's a firewall, not virus or malware removal 2) my computer hadn't been experiencing any questionable behavior to suggest any kind of infection.

The whole thing made me nervous so I tried to kill the process. Suddenly I started getting all sorts of error messasges in Windows of various windows components or services not being available...I couldn't even open Task Manager! So I held down the power key and did a hard shutdown.

Upon rebooting, Windows would no longer fully load. I get to the desktop screen where all my icons SHOULD start popping up and loading but it never happens...just hangs with only the wallpaper visible. I can access the task manager and Explorer is running. I've tried killing Explorer and re-booting it, but that didn't change anything. I've also completed a System Restore with no luck.

If I boot the computer up in Safe Mode, it loads just fine, HOWEVER--and I found this particular unusual--if I try to boot in Safe Mode with Networking I get the same hanging upon loading the desktop.

I... Read more

A:Windows Explorer won't boot! Malware-related?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 44.52%

Quote:
Security researchers from Panda Security warn that malware pushers have poisoned the search results for numerous Halloween-related keywords with malicious links.
...


Halloween-Related Web Searches Can Lead to Malware - Softpedia

A:Halloween-Related Web Searches Can Lead to Malware

... Whats next the santaclaus.virus or easterbunny.trojan ...

1 more replies
Answer Match 44.52%

When I say "slowdown" - I mean everything: even audio and video plays back at what seems like 1/2 speed. The XP Intro music is an interesting stuttering remix.

Malware and rootkit checks are clear. HDD scan and SMART stats are fine as well. Housekeeping has been done... and upon mentioning that, I should note that I began defrag at about midnight last night... at 7AM, it was at 35%, and still churning.

Booting into safe mode takes forever and is painfully slow as well.

I thought the problem might be related to a bad printer driver (I was testing an HP 5150 and Lexmark AIO (I forgot the model now - I did this Friday in another location) So I uninstalled those - no joy. I uninstalled my own HP driver with no luck.

I was getting errors related to my wireless card (WMP54GS ver.1.1) upon shutdown, so I uninstalled it. No change running without the wireless.

I came here before giving up and starting all over - because I HAVE been lax, and my last back up was in March. (Yes, I know - I deserve my virtual smacks)

System Info:

Intel Core 2 (6420) Sitting on a Gigabyte Motherboard (I'll crawl inside the case and get that model if you *really* need it)
2 GB DDR-2
300 GB Western Digital HDD (IDE)
NVidia 7300 GT

--Edit Start--

Running Windows XP, SP 2 (Haven't gotten around to my OWN updates)
System built 3/8/08
Used for just about everything except gaming
McAfee Security 2008 - updated today (8/3/08)

Absolutely NO previous problems until this weekend.

--... Read more

A:Solved: System Slowdown - Not Malware Related

8 more replies
Answer Match 44.52%

I (not an expert by any means) am helping my mother repair her computer and at the end of my knowlege, and was thus hoping to enlist the help of a kind soul from this forum before we just give up and reformat.

In general, the problems are related to unpredictable performance, such as unexpected freezes and shutdowns, occasionally getting stuck on "working" cursor after clicking on start menu or taskbar, freezing on blank screen when loggin off/shutting down, restarting after loading system files for safe mode (before Windows loads), getting stuck on a black sleep mode-like screen when opening lid of idling computer (sleep mode is supposed to be off), and others I'm sure I'm forgetting.

More specifically:
-Webroot scans in normal mode freeze the computer after a few minutes 100% of the time, often resulting in a physical memory dump
-Webroot scans in safe mode complete but show no results
-Upon attempting to uninstall a specific program (I can't remember for sure, but I think it was an iwin games program), the uninstaller started deleting random files unrelated to the program itself (causing Photoshop, webcam software, printer software, and others to not function properly), until I noticed and stopped the uninstall. Curiously the original program disappeared from the programs list at some point afterwards, but not immediately
-Several programs in the programs list get uninstall errors (possibly due to the missing files from the above). These include Trend ... Read more

A:Multiple issues, possibly malware related

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found... Read more

3 more replies
Answer Match 44.52%

Infected by means of a "video e-mail" according to my son who was using the PC at the time. I've removed "XP Antivirus 2007" but haven't been able to clear the below symptoms. I know there are more AV products running than I should have, this is a result of trying to fix this mess. Normally, Trend Micro Internet Security will be running (it was disabled at the time of infection).Changed Homepage to "softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"Created three (3) destop shortcuts (these reappear at reboot if deleted manually):1) Error Cleaner "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=1"2) Privacy Protector "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=0"3) Spyware&Malware Protection "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=2"Two (2) popups at various intervals:1) Spyware Alert which claims Worm.Win32.NetSky is present on the PC, when it is not, as other scans do not find it. I have also run "Netskyfix" from Symantec.2) Windows Security alert "Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware. Click here to download spyware remover for total protection."One (1) System Tray notification at various intervals: ... Read more

A:Malware Infection (xp Antivirus 2007) Related?

Hello Ocotillo and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Please follow the steps below exactly in the order they are written:Step #1Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.NOTE: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmStep #2Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files... Read more

22 more replies
Answer Match 44.52%

I share a computer with the rest of my family, we all have seperate accounts but mine is the admins. On logon the other day I found a whole lot of porn screens popping up, and hogging the processes. The process was "obd.exe", so i stopped the process and ran a search with "malwares: anti-malware", which seemed to find and delete a whole lot of malicious software.

but THEN on restart when I logged in explorer.exe was not running and I couldn't access the control panel...

So yeah, the pc is pretty much useless to my whole family atm and they expect me to fix it posthaste; problem is that I'm not too technically savy so I NEED YOUR HELP!

This is the HijackThis Log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:06 PM, on 16/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Severe virus/malware issue (obd.exe related)

bump, my computer is now infected with a load of new viruses...
 

2 more replies
Answer Match 44.1%

Hey everybody,

I've been getting this weird little window at boot it starts up all the way in the bottom corner (I moved it in the picture) so you don't really notice it at first.
I can easily close it by hitting alt+f4 and I can drag it around anywhere but it still bothers me.

MBAM doesn't find anything, Comodo doesn't find anything so I assume it's nothing really harmful but still, it's weird...

I can't find anything in the startup file list either so that's why it bothers me I think... Maybe this looks familiar to someone,

I can also post a full Hijackthis log and a full running processes log from Process hacker or something.
It's the little grey thing in the corner, the arrow and red border are obviously made by me to make it clearer where to look :P

A:Weird small screen at boot, malware related?

Hi

is it thier in safe mode?

9 more replies
Answer Match 44.1%

Hi, I've recently encountered a problem with the aforementioned malware along with other malware claiming to be virus removal software. The program will not allow me to open GMER either in Safe mode or otherwise, I've even tried renaming it as the GMER website suggests. Below is the DDS report and the attached log that came with it, but there is a lack of a GMER report, for obvious reasons. Also, I do not believe I have access to a boot disc.
Thanks guys.


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Administrator at 18:34:05.98 on Tue 01/18/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.684 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Beany\Desktop\Grahams files\Spyware Logs And Programs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = Dell Start Page
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} ... Read more

A:Personal Internet Security 2011 and related malware

Hello, and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Also, I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.
_________________________________________________
I'll go over your log then post back instructions. Thank you.

4 more replies
Answer Match 44.1%

While I was off for a moment, my dad managed to install YTD video downloader on here.
 
Now after rebooting the CPU usage would go up and things like clicking on the start bar or dragging the vertical bar in the task manager window started to get interrupted almost immediately, as if I'd double clicked.
 
I removed YTD Video Downloader but this particular issue still persisted on the next reboot. I did notice this seems to be a Chrome related issue as I had both Chrome and Firefox on at the same time and disabling one of the Chrome processes in Task Manager stopped this weird phenomenon from happening. I did notice that at about the same time I got a message on the side of the screen talking about "synchronisation".
 
I did a system restore, deleted YTD Video through the Add or Remove Hardware feature directly instead of running the uninstal from the window, then used CCleaner to delete things and block a few isolated things which may or may not be related as they seemed rather minor.
 
Now as for the things I see mentioned in relation to YTD in various forums and online tutorials, I did not find any folder with the title of Spigot in the files, nor any Searchsettings, Searchsettings64, nor Application Updater like this person for example
 
http://www.digitalfaq.com/forum/computers/4621-warning-ytd-video.html
 
As for the Toolbar, I found it mentioned in the list of Programes, as well as via UnHack Me but both tell me that the programe could not ... Read more

A:YTD video downloader related issues (Malware/Adware?)

Hello MyPancreas and welcome to Bleeping Computer.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:please follow all instructions in the order postedplease continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clearall logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checkedif you don't understand something, please don't hesitate to ask for clarification before proceedingthe fixes are specific to your problem and should only be used for this issue on this machine.please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requested===================================================Note: Please complete these tasks in the order given in the instructions. If any of these won't run, run them in Safe Mode.=================================================== Download and run AdwCleaner Download AdwCleaner from here and save it to your desktop.run AdwCleanerwhen it has finished, select Cleanif it asks to reboot, allow the rebooton reboot a log will be produced; please attach the content of the ... Read more

9 more replies
Answer Match 44.1%

Hello

I've been having a few punkbuster related issues so I created a ticket with the PB guys and after having a look at some logs, they deduced that the problem may be malware related so I thought I'd post here and see if you guys could find anything

Thanks.

I followed all the steps, here are the logs:

---------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by My Username on 2008-03-01 15:48:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as My Username.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:45 PM, on 1/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe... Read more

A:[SOLVED] Punkbuster issue, possibly malware related.

I know you guys are busy. I'm just following the instructions outlined the in steps.

Bump.

9 more replies
Answer Match 44.1%

Hi everybody,
My computer has been running very slow at least 2 weeks. I suspected malware. I have deleted my Internet files and cleared my history (yesterday). I have downloaded and run Ad-Aware Personal, Spy Bot S & D and they did not find any malware. I went to the SAF forum and they have a thread where they are posting their favorite freeware. I found Xoft (I'm not sure if it's XoftSpy or Xoft). Anyway I read the recommendation and I thought that this would certainly find any malware. It did. It found 4 Alexa related nasties. I then clicked on Remove. It took me to the site of the manufacturer to the page when you can buy a CD of Xoft. I did not want to buy one just now. However this is the only way that I could get the malware removed. I found this out when I went closed out the manufacturer's site and went back to my desktop. There was a link that said "manually remove malware". I thought I was going to be taken to a page with directions on how to manually remove the malware. Instead I received a message stating that the free trial version of Xoft would not remove anything; only the full version would so I still have malware on my system only Ad-Aware can't find it, Spy Bot S & D can't find it, and Spy Sweeper can't find it. However, I can tell that it's still there because my computer is still running slowly and the web pages are taking longer than usual to load. Does anybody know of program that will detect Alexa?... Read more

A:Solved: XoftSpy Found Alexa related malware

16 more replies
Answer Match 44.1%

Ok, I'm just happy I was able to get onto this website. Just to start off, I have Windows Vista Home Premium. So basically, a day or two ago I started getting an error message saying that "Host Process for Windows Services has stopped working". When I clicked "Check online for solutions" it wouldn't connect me to the Internet and said the page couldn't be displayed every time I tried. I just clicked ok and everything was fine, a little slow, but fine. But yesterday, everything fell apart. I don't know if any of this is related, but here's what has happened:-My computer was really slow yesteday morning and still today. When I tried to type stuff (particularly on the Internet), only a few letters show up because it's really lagging I guess and I have to type Sooooo SLOOOWLY-I started getting the host error message and my computer kept freezing-After the message, my computer goes black and my taskbar at the bottom of the screen gets weird and now it looks different. It looks older and its white and the time doesn't display. It also sometimes disappears completely until I restart. My internet is the same -- it looks like an older version-Most annoying problem: When I go on the internet, random ads pop up in the middle of me doing something (this never happens -- my computer has so much anti-virus stuff and anti-spyware, I've never had a problem! My dad's a computer guy so he keeps it up-to-date. I know I should as... Read more

A:Lots of Problems that May be Related to a Host Error or Maybe Malware?

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

1 more replies
Answer Match 44.1%

I know I'm infected with something, but I'm just not sure what it is...My PROBLEMS:+ Whenever I restart my computer, the "Wireless Zero Configuration" service is always stopped (even though it's set to Auto start). I have to manually start it in order to connect to the internet.+ The "Windows Audio" service is sometimes off and I have to start it manually even when set to Auto. When I boot up, it is usually on, but then it will just randomly shut off for no reason. Sometimes it allows me to restart it, but then sometimes it will not let me and I have to restart my computer to get it working.+ I get random pop ups when browsing the internet (I normally never get pop-ups)+ Sometimes internet browser windows will just randomly minimize, or become very very small...+ Sometimes it takes FOREVER to open a web browser.+ Sometimes I am not running any programs at all really, but my CPU performance in Task Manager shows it's working 100% when it should be at no more than 1% or 2%.+ I can't see anything particularly bizarre running in the task manager, EXCEPT usually when I'm having issues, the MSHTA.EXE process is running and there are MULTIPLE instances of it. Sometimes there are like fifteen mshta.exe's going all at once for no particular reason, and when I end them, things seem to run more smoothly.WHAT I'VE DONE SO FAR:+ I've run basic stuff like Malwarebytes and Spybot dozens of times. Spybot seems to suck and never find any... Read more

A:services stopping, popups, possible mshta.exe related malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 44.1%

Hi guys,I had a problem earlier with a malware related to the app "optimizer pro" which has now been cleaned off my system thanks to a really generous user named "gunto". Link to the thread is below:Introduction + optimizer pro issue!Although the malware is removed, I am still unable to open any page in any browser properly, for example even loading up google either requires me pressing F5 atleast 10 times or switching on/off the router or the page loads with CSS completely off.So my query is if I have another net related malware/virus?I ran the tool DDS and have the logs (dds.txt and attach.txt) and will attach/paste them below. DDS.txt:-DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22Run by Administrator at 21:26:13 on 2012-12-10.============== Running Processes ================.C:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeF:\iTunes10\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Bi... Read more

A:Web pages not loading properly (or at all) - malware/net related issue

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Lets start with these scans.Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your ... Read more

3 more replies