Tech Problem Aggregator

Infected With Safe-strip Spyware/malware?

Q: Infected With Safe-strip Spyware/malware?

Here are my log files. PLease help. I cant get this off no matter what I do. Deckard's System Scanner v20071014.68Run by Nikky on 2008-05-10 18:01:05Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 82% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-10 18:01:36Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\alg.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\explorer.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exeC:\WINDOWS\system32\hphmon06.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exeC:\WINDOWS\sysyeabdgfp.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Nikky\Desktop\dss.exeC:\Program Files\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexploreR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybizR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dllO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dllO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeO4 - HKLM\..\Run: [{F758F78B-0885-490e-AA3C-4A38D28B0240}] "C:\WINDOWS\sysyeabdgfp.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: QWERTY by pogo () - http://game1.pogo.com/applet-6.6.5.31/squa...uares-en_US.cabO16 - DPF: {0D706C01-1B2C-11D1-9566-00C04FC9DF81} (MmaFill Control) - http://www.ventura.courts.ca.gov/JCF-Web/filler/mmafill.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cabO16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/residen.../vivid_ocx.jpegO16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exeO23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeO23 - Service: RoxUPnPRenderer - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exeO23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exeO23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 10214 bytes-- Files created between 2008-04-10 and 2008-05-10 -----------------------------2008-05-09 22:50:15 2560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys2008-05-09 22:33:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia2008-05-09 22:33:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe2008-05-09 22:04:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla2008-05-09 21:51:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc2008-05-09 21:51:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities2008-05-09 21:51:44 0 dr------- C:\Documents and Settings\Administrator\Favorites2008-05-09 21:51:44 0 d-------- C:\Documents and Settings\Administrator\Desktop2008-05-09 21:51:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies2008-05-09 21:51:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data2008-05-09 21:51:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2008-05-09 21:51:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun2008-05-09 21:51:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft2008-05-09 21:51:43 0 d--h----- C:\Documents and Settings\Administrator\Templates2008-05-09 21:51:43 0 dr------- C:\Documents and Settings\Administrator\Start Menu2008-05-09 21:51:43 0 dr-h----- C:\Documents and Settings\Administrator\SendTo2008-05-09 21:51:43 0 dr-h----- C:\Documents and Settings\Administrator\Recent2008-05-09 21:51:43 0 d--h----- C:\Documents and Settings\Administrator\PrintHood2008-05-09 21:51:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT2008-05-09 21:51:43 0 d--h----- C:\Documents and Settings\Administrator\NetHood2008-05-09 21:51:43 0 dr------- C:\Documents and Settings\Administrator\My Documents2008-05-09 21:51:43 0 d--h----- C:\Documents and Settings\Administrator\Local Settings2008-05-09 19:54:07 0 d-------- C:\Program Files\Common Files\PC Tools2008-05-09 19:13:49 0 d-------- C:\Program Files\Spyware Doctor2008-05-09 19:13:49 0 d-------- C:\Documents and Settings\Nikky\Application Data\PC Tools2008-05-08 21:57:55 544 --a------ C:\WINDOWS\unt3C0.pif2008-05-08 21:57:55 224 --a------ C:\WINDOWS\unt3C0.bat2008-05-08 20:23:03 0 d-------- C:\Program Files\Windows Sidebar2008-05-08 20:23:02 0 d-------- C:\Program Files\Norton AntiVirus2008-05-08 16:15:08 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools2008-05-07 23:51:21 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\Adobe2008-05-07 23:49:53 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\Google2008-05-07 23:48:10 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\Mozilla2008-05-07 23:47:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell2008-05-07 23:44:56 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\Research In Motion2008-05-07 23:44:42 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\GTek2008-05-07 23:44:30 0 d-------- C:\Documents and Settings\Ian.ERICCOMPUTER\Application Data\Real2008-05-07 22:16:37 0 dr------- C:\Documents and Settings\LocalService\Favorites2008-05-07 22:14:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla2008-05-07 21:22:03 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-05-07 20:09:24 84032 --a------ C:\WINDOWS\sysyeabdgfp.exe2008-05-02 13:49:41 0 d-------- C:\Documents and Settings\Nikky\Application Data\Research In Motion2008-05-02 13:46:34 0 d-------- C:\Documents and Settings\Nikky\Application Data\Blackberry Desktop2008-05-02 13:45:11 0 d-------- C:\Program Files\Common Files\Research In Motion2008-05-02 13:44:40 0 d-------- C:\Program Files\Research In Motion2008-05-01 15:08:08 50688 --a------ C:\WINDOWS\system32\Mvtl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 51200 --a------ C:\WINDOWS\system32\Mvsr14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 32768 --a------ C:\WINDOWS\system32\Mvmg14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 73728 --a------ C:\WINDOWS\system32\Mvmc14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 68608 --a------ C:\WINDOWS\system32\Mvix14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 56320 --a------ C:\WINDOWS\system32\Mvfs14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:08 25600 --a------ C:\WINDOWS\system32\Mvbk14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:07 10240 -ra------ C:\WINDOWS\system32\Mvut14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:07 112128 -ra------ C:\WINDOWS\system32\Mvcl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>2008-05-01 15:08:06 0 d-------- C:\Program Files\Honda ESM2008-04-16 19:44:03 0 d-------- C:\Program Files\EZ Label Xpress-- Find3M Report ---------------------------------------------------------------2008-05-09 19:54:07 0 d-------- C:\Program Files\Common Files2008-05-08 21:08:35 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-05-08 20:26:45 0 d-------- C:\Program Files\Symantec2008-05-07 23:50:46 0 d-------- C:\Program Files\Google2008-05-07 18:57:56 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-05-07 18:57:56 56 -r-hs---- C:\WINDOWS\system32\B370DF66B5.sys2008-05-01 15:08:06 0 d--h----- C:\Program Files\InstallShield Installation Information2008-04-29 10:58:38 0 d-------- C:\Documents and Settings\Nikky\Application Data\AdobeUM2008-04-24 16:28:16 0 d-------- C:\Program Files\Java2008-04-22 09:42:23 0 d-------- C:\Documents and Settings\Nikky\Application Data\Real-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]05/08/2008 08:28 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 05:42 PM]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [01/06/2006 10:09 PM]"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [01/06/2006 10:09 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/05/2006 04:41 PM]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/01/2006 01:28 PM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM]"{F758F78B-0885-490e-AA3C-4A38D28B0240}"="C:\WINDOWS\sysyeabdgfp.exe" [05/07/2008 08:09 PM]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 06:47 PM]"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/06/2008 11:49 PM]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [1/18/2007 5:02:24 PM][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnkbackup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnkbackup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]"C:\Program Files\Dell Support\DSAgnt.exe" /startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]"C:\Program Files\MSN Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]C:\Program Files\outlook\outlook.exe /auto[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot*Newly Created Service* - ERASERUTILDRV10741-- End of Deckard's System Scanner: finished at 2008-05-10 18:03:56 ------------

A: Infected With Safe-strip Spyware/malware?

Can anyone please take a look at this and possible help me. My computer is going so slow now. Thanks

3 more replies
Answer Match 74.34%

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr... Read more

A:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.


Quote:




this is my company laptop




We are sorry but this forum is intended for the home user.

Please contact your company's IT department for help and best of luck with your issues.

This thread shall now be closed.

------------------------------------------------------

1 more replies
Answer Match 73.92%

I seem to have some kind of infection that wont let my computer boot into safe mode. This has also caused my clock to show up on my desktop as military time, although when i try to fix it it's showing it to be in normal time. This all started after one strange day when my google started to redirect me to weird search sites, and other weird things on firefox. I have ran malwarebyes, spybot, and avg internet security 9.0 and they are all finding nothing. I can't seem to remove this from the computer and I really need some help. Windows XP Media Edition Version 2002 SP3. Thank you so much for your time and help, here are the logs.DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 23:50:08.40 on Mon 01/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ============================= Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ieho... Read more

A:Infected with a virus/Trojan/Spyware/or malware that wont let me safe boot

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Run Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

10 more replies
Answer Match 63.84%

This annoying little website has infected my PC...it is supposed to remove spyware...I already tried a fix using smithfraud exe that worked to delete a similar malaware site but it didnt work on this one...help...

A:safe strip website

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 63.84%

a warning that my cumputer is infected by spywarw keeps popind up. also i can not change my wallpaper as it has been taken over by the warning. the safe strip download keeps poping up
eckard's System Scanner v20071014.68
Run by statwest on 2008-02-24 12:08:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-02-24 10:08:23 UTC - RP164 - Deckard's System Scanner Restore Point
60: 2008-02-23 14:10:48 UTC - RP163 - BricoPack Automatic Restore Point
59: 2008-02-22 17:30:02 UTC - RP162 - Application Install - Ace Utilities
58: 2008-02-22 09:21:29 UTC - RP161 - Uniblue RegistryBooster
57: 2008-02-21 14:40:39 UTC - RP160 - System Checkpoint


-- First Restore Point --
1: 2007-11-26 15:57:04 UTC - RP104 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-24 12:09:00
Platform: Windows XP (5.01.2600)
MSIE: Internet Explorer (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system3... Read more

A:problem with safe strip

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

If you have any questions along the way, STOP and ask them before proceeding.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this:

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

-----------------------------------------------------------------------... Read more

1 more replies
Answer Match 63.84%

I was Hijacked today by this software how do I clean it up:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:02:58 PM, on 7/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dantz\Retrospect\retrorun.exeC:\PROGRA~1\Dantz\RETROS~1\wdsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.ex... Read more

A:Hijacked By Safe Strip

If you still need help, please post a fresh HijackThis log...also, can you describe the problems you seem to be having?

Thanks!

10 more replies
Answer Match 62.58%

Please help me to clean my computer! Thanks a lot! You are great!
This is what Trend Micro Hijack this took out from my system:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:06, on 2007.10.04.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\WinMsg\SYSMONMS.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secur... Read more

A:safe-strip-download hijacker trojan

9 more replies
Answer Match 60.48%

Two days ago I tried to open a video and downloaded an active x program that contained malware. I instantly started receiving warnings that my computer was infected and redirects toward several different spyware removal webpages. My computer was running so slow and kept locking up. I also lost my wireless internet connection. Though I still have connection through an ethernet. It seems that many of my services were shut off. I found your website and followed your instructions for preparing my computer before I post a hijack this log, and that seems to have removed most of the spyware. Still, when I boot back up and run spyware doctor scan there is one redirect program left - though I am not receiving any popups or redirects anymore. My wireless connection is non-existant. Wireless networks are detected, but when I click on the icon none show up. Nothing shows up in my wireless properties either. Other computers in the house use the same wireless. Any help you guys can give me is greatly appreciated.Regards,BethLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:03 PM, on 11/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 ... Read more

A:Infected With Fake Spyware/malware That Redirects Me To Purchase Spyware

Hello Beth, NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. Th... Read more

4 more replies
Answer Match 58.8%

Hi guys, Not sure what happened here but basically all of a sudden i cannot run any spyware tools, i assumed this was some form of malware and tried to boot into safe mode, but this freezes while loading and wont continue. In addition i cannot install any other programs including Spybot S&D. There are also random issues when browsing, i am re-routed to various random sites when using search engines. For example everytime i click any link on Google i wind up somewhere totally different.I stupidly was running with no firewall or antivirus for a short period after a fresh XP install, hence this happening (doh!).Any advice for me?I can post a Hijack This log if it would help. ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Cannot run safe mode or any spyware tools - Malware?

Hello,due to the issue with safe mode it is probably best to post the HJT log. go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title Gnd post that complete log.Let me know if it went OK.

2 more replies
Answer Match 58.8%

HI,

I can't restart in safe mode. I know that I have malware/spyware. It appears as 3 icons on my desktop Error Cleaner, Privacy Protector and Spyware Protection - all with the url /shandler.php?id=502&aid=138&pn=5&sand=0&sg=2.

Does anyone know what files I must specfically look for in the registry to remove this trojan?

Thanks in advance.

A:Malware, Spyware - Can't Restart In Safe Mode

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Download SafeBootKeyRepair.exe by sUBs and save to your desktop.Double-click on it and follow the instructions.When finished, reboot and see if you can access safe mode.Then, if your using Win XP or 2000, do this:Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you still cannot use safe mode, then run the tool in normal mode.Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the pro... Read more

7 more replies
Answer Match 58.38%
A:How do you tell if a site is safe, and is free from all malware, spyware, viruses?

16 more replies
Answer Match 57.96%

I'm getting a lot of pop ups and redirects when on the internet. I have run my Symantec Anti Virus, and followed all the steps listed on your site to no avail. I have tried following instructions from other posts, as well as the removal instrucions on the Symantec web site but nothing will get rid of these programs. None of the programs on my computer are detecting any of the programs, but when I run the virus scan off of the symantec website it finds them. When trying to run "Hijack This" an error message kept popping up when I selected scan and save, but I was able to bypass it by scanning only, then saving. When I try to access this forum on the infected computer it shuts down the internet explorer so I had to save the file, and post from another location... Please help!!! I'm at my wits end Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:45 PM, on 7/25/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\winnt\System32\smss.exeC:\winnt\system32\winlogon.exeC:\winnt\system32\services.exeC:\winnt\system32\lsass.exeC:\Program Files\Sygate\SPF\smc.exeC:\winnt\system32\svchost.exeC:\winnt\System32\svchost.exeC:\winnt\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Grisof... Read more

A:Infected With Spyware.isearch, Error Safe, & Winfixer (and More, I Think)

Hello lmvierraI will be helping you with your problems.Please right click on Hijackthis.exe located here:C:\Program Files\Trend Micro\HijackThis\HijackThis.exeSelect rename and rename it to reveal.exePost the contents of the resultant log in your next reply.Demon Cleaner

25 more replies
Answer Match 57.12%

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
S... Read more

A:Infected with Safe and Easy malware and cannot get rid of it!

Please stick to one thread here. Thanks.

1 more replies
Answer Match 57.12%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Answer Match 57.12%

Hi there
 
Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.
 
I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found
 
I believe it is referring to the files I tried to delete earlier
 
I really am at a lose as to what to do and require some assistance!
 
Here are the DDS LOGS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
S... Read more

A:Infected with Safe and Easy malware and cannot get rid of it!

Hi Littlegreen, to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can also help.
Do not run anything while running a fix.
If you don't understand a step, please ask for clarification before continuing with any future steps.
In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.adwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where ... Read more

4 more replies
Answer Match 56.7%

I can download and run DDS, but it gets killed before I get the log. Ditto with RootRepeal and HijackThis. When I try rkill, it seems to work, but then I immediately get a "personalized settings" pop-up, which runs briefly, then (I'm assuming) undoes whatever rkill achieved. None of the malware removers I've tried (Malware Bytes, SpyBot, Windows Defender, AdAware) run to completion. I've tried exefix, which again, seems to run fine, but the tools still won't finish. Upon normal boot, Windows XP launches, then the "Personalized settings" thing pops up first, followed by "Protection System"--a virus I've been able to read about online, but none of the fixes I've seen elsewhere seem to work. Windows Defender makes an appearance, but when I try to start it, it says "Access is denied. Error code: 0x80070005." I also have some redirect problems when trying to find solutions online, but I can work around it by going to the site in question (e.g., bleepingcomputer) and searching internally for my problems. When I try and run in safe mode, I get a blue screen: STOP: 0x0000007E(0XC000005, 0x8537009, 0XF7C7B3E0, 0XF7C7B0DC).Any help at all would be greatly appreciated! I assume the first step is figuring out how to get a DDS, RootRepeal or HijackThis log, but I'm totally flummoxed. Would listing my processes help?I got D.D.S. to run! Here are the results.I'm trying RootRepeal again next.DDS (Ver_09-10-26.01) - NTFSx86 Run by Matt at 10:3... Read more

A:Infected: safe mode=blue screen, can't run any spyware removal tools

I realize there's a policy against "bumping" threads here, but my computer's getting progressively worse. Yesterday, the system tray disappeared, and today, Windows XP no longer loads; I get a blue screen no matter which configuration I try. I'm guessing that my best bet is going to be salvaging whatever I can from the hard drive and reformatting Windows XP, but before I go that route, I thought I'd give this one last shot! If any of you wonderful, overworked volunteers is able to take a look in the next day or too, I'd greatly appreciate it.

Much thanks,

Plautus

25 more replies
Answer Match 55.44%

Working on pc that that is infected with multiple spyware and malware. Thanks for any help!Steps so far:ran Ad-Adwareran Spybotran Norton Antivirusran StingerHiJack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:48:59 PM, on 11/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Kodak\printer\center\KodakSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Pr... Read more

A:Spyware And Malware Infected

Hello shmedic9,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. ... Read more

2 more replies
Answer Match 55.44%

AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 6:21:58 PM 11/22/2006 + Scan result: :mozilla.18:C:\Documents and Settings\JD\Application Data\Mozilla\Firefox\Profiles\yjhtfepw.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.19:C:\Documents and Settings\JD\Application Data\Mozilla\Firefox\Profiles\yjhtfepw.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.20:C:\Documents and Settings\JD\Application Data\Mozilla\Firefox\Profiles\yjhtfepw.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wsdho4fg.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wsdho4fg.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.83:C:\Documents and Settings\JD\Application Data\Mozilla\Firefox\Profiles\yjhtfepw.default\cookies.txt -> TrackingCookie.2o7 : No action taken.:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wsdho4fg.default\cookies.txt -> Tra... Read more

A:Infected With Spyware/malware

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I would uninstall Viewpoint Manager, but otherwise your log is clean. Panda and AVG only show cookies, which are not really malware at all.To clean out your cookies and the rest of your temp files, follow these steps:Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Is your computer running poorly? Are you having any problems?

2 more replies
Answer Match 55.44%

hey guys,I'm pretty sure I have a really nasty infection... tried cleaning it as best as I could with hijackthis and combofix but my pc is still infected...hope someone will be able to give me a hand.. so here's the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:02:02 PM, on 4/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\... Read more

A:Infected With Several Spyware/malware

Hello boltactionbob and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)O2 - BHO: (no name) - {00209b48-becb-42d9-9687-9a0e372ede49} - C:\WINDOWS\system32\hgGwWpnL.dll (file missing)O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)O2 - BHO: (no name)... Read more

7 more replies
Answer Match 55.44%

Thank You so much

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 21:18:29.48 on Wed 02/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2633 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program F... Read more

A:Infected Malware/Spyware

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

15 more replies
Answer Match 55.44%

Hey guys, well we were online today and got a malware alarm come up. wouldnt let you do anything unlessyou excepted to get their software. Well quickly found my way out of that and came to you guys to see aboutrelieving my computer of this mess. I have went through your prep. guidlines and followed every step. found tons of spyware and adware. If you could take a look at this log and see if there is anything further that I needto do to get rid of this headache.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:04:30 PM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXEC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Bro... Read more

A:Malware And Spyware Infected

Hello tufcookie,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

2 more replies
Answer Match 55.44%

Hi,A few days ago I downloaded and installed NetPumper that I think could be the culprit but not sure due to some other downloads that I cant quite put a finger on.This conclusion is because I found a few other postings with ironically similar symptoms... posted as "NetPumper Leftovers / Netsearchsoft?". Primarily noticing a Slower computer, and IE7 pop ups, which are ranging from gambling ads to Playstation3 ads. I have done everything suggested on your "Preparation Guide For Use Before Posting", and found some malicious files, which I have gotten rid of, but the same problem still persists.Please help,Logfile of HijackThis v1.99.1Scan saved at 5:44:44 AM, on 1/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared ... Read more

A:Infected With Spyware Or Malware!

Add remove programs - remove Logitech Desktop Messenger - SPywarebot========================Please Download NoLop to your desktop from http://www.thespykiller.co.uk/forum/index....tpmod;dl=item16 First close any other programs you have running as this will require a reboot? Double click NoLop.exe to run it? Now click the button labelled "Search and Destroy"<<your computer will now be scanned for infected files>>? When scanning is finished you will be prompted to reboot only if infected, Click OK? Now click the "REBOOT" Button.? A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -==================Be sure to allow these changes in teatimerYou may want to print this or save it to notepad as we will go to safe mode.Fix these with HiJackThis ? mark them, close IE, click fix checkedO4 - HKLM\..\Run: [NurbGplDashMath] C:\Documents and Settings\All Users\Application Data\Tons rule nurb gpl\Keep Once.exeO4 - HKCU\..\Run: [two math] C:\DOCUME~1\burke\APPLIC~1\THEBAI~1\AmokMeet.exeDownLoad http://www.downloads.subratam.org/KillBox.zip orhttp://www.thespykiller.co.uk/files/killbox.exeR... Read more

6 more replies
Answer Match 55.44%

Hello:

My system got infected while I was watching streaming video content (via a P2P plugin software) on a website. All of a sudden Acrobat Reader started and the CPU usage went to 100%. AVG popped up an alert saying that it found an infection. AVG cleaned the infections and asked for a reboot. I killed Acrobat coz I never opened any pdf. There was also a balloon message that indicated that the firewall has been turned off. There was another weird looking icon with a balloon in the system tray saying that "windows has detected an infection". The icon was a red circle with a white colored cross in it. I have never seen anything like that and I doubt it that it was a genuine windows warning.

After rebooting, I tried to turn on the firewall from the control panel but all options in the form were still disabled. I ran a full scan using MalwareBytes, Spybot Search and Destroy, and AVG Antivirus several times. I also tried these from windows safe mode. One time Spybot S & D found 2 infections of Trojan.Killav which it successfully removed and asked for reboot. After the reboot, my firewall was restored for just a moment but then again a balloon popped up stating that firewall is disabled. I ran all the three scanners again but nothing was reported.

I suspect that my system is still infected. I will really appreciate if the experts can guide me to remove any infections. I have attached the DDS logs:
DDS (Ver_09-07-30.01) - NTFSx86
Run by sushem at 11:04:12.56 o... Read more

A:Infected with malware/spyware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Answer Match 55.44%

I'm not sure if its need2find, or maybe even a trojan. This is the log : Logfile of HijackThis v1.99.1Scan saved at 12:21:00, on 08/04/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.ex... Read more

A:Infected With Spyware Or Any Malware ?

If this could help, I have some pop-ups about party poker and casino stuff. They always appear when im browsing. Sadly, about 2 weeks ago I never ever had pop-ups at all. Only a few weeks ago it started and now I just can't get rid of them. I have tried PLANTY of anti-spyware programs and nothing worked. I just dont know what to do now. Hopefully someone here can help me solve the problem.

6 more replies
Answer Match 55.44%

Hello,

Well I have somehow been infected with spyware. My computer is unusually slow, a few pop-ups, & programs take really long to open and sometimes don't even open at all!

Please can someone reply back as soon as possible with steps to how I can sort this out!

Thanks

A:Im Infected With Malware And Spyware!

Welcome to BC.. plese run this scan with Malwarebytes...Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to s... Read more

7 more replies
Answer Match 55.44%

so today I noticed it, I had to restart 3 times because running 2 tabs and vlc media player froze my computer, that is not an often occurance for me.

so basicly... the symptons of whatever my computer has is:

* Anti-virus won't update.
* Anti-virus scan won't run ( avg professional is my anti-virus btw )
* overall, extremely poor computer performance
* every link I follow through google etc is redirected to some abc network website
* I have to use a proxy just to talk to you people, most sites that would help with virus removal and stuff is blocked

I think I gave all the symptons, and advice on what to do would be much appreciated

A:I Think I'm Infected With Malware/spyware

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

6 more replies
Answer Match 55.44%

Hello,

I am currently running Windows XP--Media Center on a Toshiba Satellite.

My PC has been running fine for 3 years, then all of a sudden:

Last week, I turned on my computer and a pop up appeared at the bottom right of my screen which said something like:

"Warning! Your computer is infected, we recommend you use spyware tools to clean your computer....Windows will now download and install the latest antivirus equipment." *Note (I can't remember the exact wording of the error message, so this is not exactly what the message said)

When I saw that it was about to install "PC Antispyware" I immediately cut the connection because I had previously heard of this rogue "fake" spyware agent. So I prevented PC Antispyware from being installed, but that warning message remained on my screen, and my computer was significantly slower afterwords.

So I immediately thought to do some scans with antispyware software.

(1) I did a Norton Scan, it found a few agents and eventually the warning message disappeared.
(2) I tried to do a Malawarebyte's AntiMalaware scan, but after about 4 seconds of the scan, the window just disappears (!).
(3) I tried to do a Adaware Scan and same thing, the window simply disappears during the scan.

So I thought to uninstall all this software (using REVO uninstaller), and reinstall them, hoping they would work. I actually downloaded them from a separate computer and renamed the install files (as suggeste... Read more

A:Malware/Spyware Infected CPU (I think)

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 55.44%

Hello. After scanning this computer in safe mode with Nod32, Makwarebytes, SuperAntiSpyware, and TFC I got rid of around ~700 infections. But still I believe that there is something left because malwarebytes sometimes finds some folders infected. I scanned again with all those programs and non of them found anything. Can you please make sure that this computer is clean now?DDS (Ver_10-10-21.02) - NTFS_AMD64 Run by UMID at 14:53:56.61 on 10/25/2010Internet Explorer: 8.0.6001.18975Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3962.2118 [GMT -7:00]AV: Windows Live OneCare *On-access scanning disabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Windows Live OneCare *disabled* (Outdated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system... Read more

A:Still infected with some spyware/malware. Help!

Hello g3nXWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Under the custom scans and fixes area paste in the following.

C:\PROGRAM FILES (X86)\CUSTOMIZED PLATFORM ADVANCER\4.1.0.1960\*.*
/md5start
explorer.exe
winlogon.exe
/md5stop
Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

1 more replies
Answer Match 55.44%

sometimes it will automatically shutdown by itself i think i got a really mean spyware it even says so on my BG heres a scan of my comp with hijack..heres a pic of wat error im getting it is a pic off of google but its the same error...this is a new comp barley put new windows in it 1 week ago and now i got a virus ne help? its getting worse by the minute =/

http://blog.support.com/photos/sampl...7/425x319.aspx
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:10 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\Vs... Read more

A:infected with spyware or malware plz help

any one at all???
 

2 more replies
Answer Match 55.44%

please help. ive run an avg scan in safe mode. deleted what i found but im pretty sure there are still some nastys there as i get popups ieexplore.exe crashes, freezing, and loads of svchost.exe running.

heres my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:10 p.m., on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost..exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost..exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodServi... Read more

A:infected with spyware/malware, again =-(

bump, please help

1 more replies
Answer Match 55.44%

I think i have a malware/spyware problem, please some one help, it keeps popping up several different win32 and it wont let me get to the the start up screen of my computer when i turn it on. I ran super Anit Syware and it found nothing, but my old norton antivirus kept showing virus found and supposedly quarantined it, it ran ok for a few seconds but then started again with not letting me get to the main screen, my DDS Log is posted below:
DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Compaq_Administrator at 11:05:30.87 on Tue 11/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.706 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sv1.exe
C:\WINDOWS\system32\lsm32.sys
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com... Read more

A:Infected with Malware/Spyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

10 more replies
Answer Match 55.44%

Everything that we download from the internet comes up with a warning that it is infected with a virus and it has been deleted. I even tried following these instructions: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
 
But DDS tool download and clicked on "download now" I immediately get the message that it contains a virus and it was deleted.
 
Computer is so slow now too! This is my husband's business laptop so I need help! Already saved everything on portable harddrive. Hope to hear from someone who can help me. Thanks in advance!!!

A:I think our pc is infected by Malware/Spyware. Need Help please! :(

Hello mrsb08 NOTE** download using another computer or if you have it installed use ChromeI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer ... Read more

8 more replies
Answer Match 55.44%

I was infected with a Malware/Spyware I was assisted by another moderator on here with removing it and he advised me to post my DDS info because my computer was working a little better but was still running slow to turn on, and crashing, it also remained at a black screen after i logged in, only showing the mouse on the screen before my screen appeared: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/241167/i-think-my-computer-is-infected-with-malwarespyware/ ~ OBDDS (Ver_09-06-26.01) - NTFSx86 Run by Melissa at 20:48:09.78 on Wed 07/15/2009Internet Explorer: 8.0.6001.18783Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.894.214 [GMT -4:00]AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system... Read more

A:Infected with Malware/Spyware

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

30 more replies
Answer Match 55.44%

Hi,
I am at my wits end please help. Initially i was infected with the TrojanDownloader.XS virus. I tried loads of spywares to just learn that the virus is not affected or detected. Then i manually tried searching for junk processes and cleaned up the invalid exe's and dlls in the system32 folder. After that, i stopped getting all the popups and warnings with regard to the usual symptoms of the TrojanDownloader. But still there are some viruses left and i cannot detect nor remove them. Please advice what needs to be done.

Note: i have already run combofix and generated the logs. Also i have run hijackthis and also generated the logs. Please let me know if i should post the logs.

More replies
Answer Match 55.44%

Hi! 
 
I am needing help to see if my computer may be infected with malware and or spyware.
I added a picture and link to the exact specs of my computer. 
 
Lenovo C54010110 AIO Non-touch screen
https://shop.lenovo.com/ISS_Static/WW/wci/products/us/desktop/essential/c-series/c540/c540-datasheet.pdf
 
It has done some different things  over the course of the last four months. It would have all of these processes running and some programs and applications always going. I know that Intel has several now on new computers to do with licensing and other various things. There was one particular program that would run constantly it looked like a normal Intel program. At the end of it was " WILLIAMETTE.EXE" and it was not located where most programs are in the programs folder or x86 one. It was in C:\Windows\System32 folder. I unplugged my computer from the internet and wiped everything off of it. Did a clean install of windows and, the program listed above is not present anymore. But it still has tons of dll things, like it has tons of things going on in the processes. One time it had 3557 or 35537 background processes going. It would not do anything but just freeze up. Since then my gmail passwords have been changed, not by my doing. It has stated under the devices that I have logged on from and iPhone. I have not now or ever owned and or ever owned or used one. I look at the location to see if there was any dependencies and there  was. It is say I... Read more

A:How do I know if I am infected with malware or spyware

Welcome, please do these next....MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential confli... Read more

1 more replies
Answer Match 55.44%

I downloaded HijackThis so I could remove Surf Sidekick (success on that), but I still think I've got some other bugs in the computer, & I don't know how to fix it. Here's what your program log says when it scans the computer:Logfile of HijackThis v1.99.1Scan saved at 6:50:51 PM, on 7/19/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Aspire Arcade\PCMService.exeC:\WINDOWS\System32\VTTimer.exeC:\Program Files\Launch Manager\LaunchAp.exeC:\Program Files\Launch Manager\PowerKey.exeC:\Program Files\Launch Manager\HotkeyApp.exeC:\Program Files\Launch Manager\CtrlVol.exeC:\Program Files\Launch Manager\OSDCtrl.exeC:\Program Files\Launch Manager\Wbutton.exeC:\WINDOWS\AGRSMMSG.exeC:\PROGRA~1\YAHOO!\browser\ybrwicon.exeC:\Program Files\2Wire\2PortalMon.exeC:&#... Read more

A:I Think I Might Be Infected With Spyware/malware/etc.

Hello SingingStar7, and welcome to Bleeping Computer. My name is Charles and I will be helping you to clean up your computer.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Charles

5 more replies
Answer Match 55.44%

hi i managed to infect my computer with rogue antivirus softwares. ive been able to find information about two (Antimalware guard and XPantivirus) but the other two im unable to ifnd any information regarding them. the other two are Adscleaner Trial and (the)SpyBOT Tray agent. im not really sure if these are rogue antivirus software but they do lead to a website indicating to purchase the product and also dispay false resutls about viruses. should i go ahead and follow the instructions to remove the other malwares.

thanks

A:Infected With Malware/spyware?

Hello,please run this scan for us.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, ... Read more

3 more replies
Answer Match 55.02%

I have tried 8 different spyware removal tools, browser hijack removal tools,virus scanners, registry cleaners, malware detectors and each one keeps finding new trojans, backdoors,spyware every time I scan. Says deleted and I reboot and they all come right back again.Im lost and dont know what to do next.Here is my Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:42:35 PM, on 12/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ATKKBService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\siswlsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exeC:\WINDOWS&... Read more

A:Infected: Malware,Spyware,Trojans

bump for helpanyone?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member... Read more

4 more replies
Answer Match 55.02%

I'm fixing a computer with windows xp on it.. And ther person hasnt had a virus scanner, spyware scanner, or a firewall since she had gotten the pc. I clicked on windows update from the start menu and it came up page can't be displayed.. I tried getting there everyway possible. Its set as a trusted site. (Almost all other websites work) I then installed norton internet security 2009 and it wont let me connnect to the server to update. I then went to install spysweeper and it wont let me update the definitions on that either.. And when i double click registry mechanic, the wizard doesnt come up to install it.. oh and I also tried installing mcafee 2009 and it wouldnt allow me to click the scan button.. System restore does nothign when i click the restore button either.. PLEASE HELP I WILL LOVE YOU FOREVER!!!!! =[
i dont have the log with me right now =[

A:(infected with spyware/malware or virus i think)

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.

2 more replies
Answer Match 55.02%

I need help in getting rid of malware and spyware on my laptop. I tried windows Safety Scanner from windows site but it did not remove 3 infections.

Please help me get me laptop clean.

I see the fake windows security alert pop, and recently IE and firefox both started showing messages that my machine is infected and i need to nstall some spyware remover software.

I don't no what to do so please help
 

More replies
Answer Match 55.02%

My friend's laptop keeps getting infected which I have to routinely remove with Spybot. I've run all the steps suggested - panda says I'm free but Kaspersky & bit defender say I have something. AVG 8 doesn't pick anyhting up. Also, since I've added the restricted sites my IE takes ages to start is this to be expected?

Deckard's System Scanner v20071014.68
Run by Alex on 2008-05-27 19:57:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:30, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more

More replies
Answer Match 55.02%

Running Win XP Home Edition Version 2002 SP3. Something called STOPzilla was saying DrgToDsk.exe is infected with W32/Blaster.worm. Was able to remove STOPzilla, as well as the Roxio programs, including Drag to Disk. Updated logs attached and dss.txt pasted below were run after removing these programs via Control Panel Add/Remove Programs. Now there is something called Spyware Protection that is claiming multiple infections. Note updated gmer run did not find anything so ark.txt is empty.


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Administrator at 20:57:10 on 2011-09-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1793 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc7... Read more

A:Malware - infected with Spyware Protection

Hi tamaru, was there any reason you ran our tools in Safe Mode? If you're able, please re-run DDS in Normal Mode and repost DDS.txt.

GMER will usually produce a log, even if no malware is found. Please try running GMER again using the following instructions, if you get a blank ark.txt again please let me know and we will try a different scanner.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
First, gmer will run a short, initial scan.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

------------------------------------------------------

19 more replies
Answer Match 55.02%

I discovered my computer to be infected last week, and my office computer department provided me with a disc to assist me in removing the virus. I used malware bytes, super anti-spyware, ATF cleaner and spyware blaster. The virus is disabling my windows firewall, and when i run super anti-spyware, it cleans out some of it, but the virus keeps coming back. It reads:

Globalroot/systemroot/system32/hjk............. is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." Once I click ok on the error window it disappears and the program I was attempting to access will open. This occures every time I try to select a program.

After i ran Super Anit-Spyware and reboot in normal mode, a black screen comes up for about 15 min, with the mouse only showing, and then when my regular screen appears, it doesnt allow me to click on anything, i tried to run symantec but couldn't so i shut it off and ran super anti-spyware and it finds a little bit more sometimes, and it stops popping up for a couple of hours but then reappears. I dont know whatelse to do, please help.

A:I think my computer is infected with Malware/Spyware

So i am not sure,can you run programs now/If so run ROOTREPEALNext Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Go HERE, and download RootRepeal.zip to your Desktop. Tutorial with images ,if needed >> [email protected]@K.Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner. Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.DriversFilesProcessesSSDTStealth ObjectsHidden ServicesNow you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there). Please copy and paste that into your next reply. If you cannot use the Internet,you will need access to another computer that has a connection.From there save the applicationto a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

12 more replies
Answer Match 55.02%

The problem started two weeks ago with a spamming virus which froze all programmes except internet explorer,saying my computer was infected and which kept sending me to a site offering to supply anti virus software which would 'cure' my problem. Needless to sday I declined and took the laptop to a guy I have used previously, who removed the virus and everything seemed ok. When I next went to my office I was unable to log on to the network,(internet, printers etc). Our IT guy who manages the system at the office, soon got me on to the system, but said that the server IP address had been changed and one or two other settings. We decided that this was probably due to the virus and left it at that. However when I returned home I was unable to connect to the internet via my home wireless router, although the router was saying connectivity was excellent.After much fiddling around I managed to connect with the ethernet cable supplied with the router. I have since removed AVG anti virus and installed avast, which immediately found a trojan though I neglected to note which one before deleting it. I then ran Malwarebytes Anti Malware programme, super antispy free, ad aware, and spy bot. When I then tried to go to Microsoft Update, when it came to viewing updates available I got the Internet Explorer is unable to display the web page message, which I read somewhere was a classic sign of a malware infection. When I ran the malwarebytes programme earlier which I did on thorough, there wer... Read more

A:Laptop infected with malware/spyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 55.02%

Good day.

I believe I am infected by a virus or spyware/malware.

Please help

Here is hjthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:43:56 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\PLANET\ACU.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program File... Read more

A:infected by a virus or spyware/malware

Hi Sinan,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let?s do this first.

Go to Start -> Control Panel -> Add/Remove Programs and remove any of the following that are listed:

DAP (Download Accelerator Plus)
PandoBar
Pando Networks


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Too... Read more

11 more replies
Answer Match 55.02%

Hello,I hope someone can help me,I am infected with spyware, Ive been getting popups telling me if your computer is infected with spyware, with a browser opening showing that it is scanning my computer. A popup tells me everytime i startup "You have a security problem!" (If you click it, the things that i just said popup", and my computer randomly turns ff when i turn it on. I have a.exe and ACMON.exe running in my processes when I startup, i've never had them before and are suspicious. Anyways right now im now on safe mode, because I cant use my computer on normal mode, it keeps shutting off.Here is my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:20:16 PM, on 12/12/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla Firefox\firefox.exec:\PROGRA~1\mcafee.com\agent\mcagent.exec:\PROGRA~1\mcafee\msc\mcuimgr.exeC:\Windows\explorer.exeC:\Users\ASUS\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Micr... Read more

A:Infected with Spyware/Malware/Virus

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stallNEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post these logs in your next reply..1. ComboFix2. A fresh HijackThis log3. Attach GMER reportRegardsfenzodahl512

7 more replies
Answer Match 55.02%

Hello, I was wondering if anyone could help me out, my computer has been dead for a long period of time, due to video card failure, so i just got it back up and running, ran a hijack this, and this is what iv'e found..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:34 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\dllhost.exeC:\Documents and Settings\justin\Local Settings\Application Data\CCP\EVE\c_program_files_ccp_eve_tranquility\cache\eveclassictopremiumpatch51200.exeC:\P... Read more

A:Infected By Lots Of Spyware/malware Xp

ofyjustin

Sorry for the delay. Could you post a fresh Hijackthis log please?

16 more replies
Answer Match 55.02%

About a week or so ago I noticed my computer was infected with what I presumed was spyware. Ads were popping up like crazy and it just got progressively worse. My computer would freeze and run extremely slow. I have Verizon FIOS and the connection is usually very quick. I use Mozilla Firefox as my explorer and sometimes when I would go to Google to search for anything, 20+ Firefox windows would just pop up immediately. Now, my computer freezes routinely and often takes a good 6-10 times to restart in order for me to just get onto the internet . My wallpaper displayes a flashing "WARNING Dangerous Spyware" message that says, "Many viruses were found on your computer such as: Trojan horse, Pass Capture, etc. Your personal information can fall into third hands." I assume this is just another part of the whole spyware/malware/virus thing. In addition, when I am online, the links that are usually highlighted in blue are now in red and at the top of my explorer window are messages such as, "Warning your computer is in Danger please perform quick scan," or "You have 18 trojans that need scanning immediately," and so forth. I really have no clue what I'm infected with, but I hope someone can point me in the right direction. I'd appreciate any help greatly!!! DDS (Ver_09-01-07.01) - NTFSx86 Run by Bob at 14:06:09.10 on Thu 01/08/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033... Read more

A:Infected with spyware/malware/virus?

Hello Muscles00GT and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Download LSPFix and extract it to your desktop.Don't use it yet.A tutorial on the use of thsi tool can be found here : http://www.bleepingcomputer.com/tutorials/using-lsp-fix-to-remove-spyware/3. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in... Read more

1 more replies
Answer Match 55.02%

I began having antivirus software messages pop up as well as my desktop screen changed indicating I had a virus and needed to purchase antivirus software. Computer running very slowly and constant pop ups.DDS (Ver_10-12-12.02) - NTFSx86 Run by Administrator at 11:50:36.95 on Wed 02/09/2011Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.84 [GMT -8:00]AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTU... Read more

A:Infected with undetermined spyware/malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 55.02%

Hello,

This past week I started having trouble with my computer.

Some of the symptoms include:

-multiple iexplore.exe pop-ups and audio clips in the background
-sometimes the links to my Google results lead to other advertising sites
-when my desktop is loading, my command prompt pops up with a few ".exe"s like "command.com" and "lsass" which never occurred before
-my desktop doesn't fully load. I can only access programs and applications via task manager
-when I try to open certain applications, my computer freezes and/or shuts-down
-there is also a process called "hlimnlnk" that runs sometimes. However, when I looked it up on Google, absolutely nothing showed up on it.
-Also, on occasion two "rundll32" processes will run simultaneously.

I've ran multiple spyware/malware removers but it seems that they aren't really helping.
One of the programs says I have a Win32Rootkit.TDSS. I told it to fix the infection but it shows up again...

I also searched through my computer files and I found I have a few of weird "dll" files.

At this point I have run out of ideas and in need of desperate help.

Thanks in advance for any help you may provide.
Here is my DDS log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Owner at 20:15:41.26 on Mon 03/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.172 [GMT -4:00]

AV: AVG Anti-Virus Free *... Read more

A:Infected with Virus/Spyware/Malware and can't get rid of it.

Hi,It is normal that, when you don't update your Antivirus, visit questionable sites and download questionable programs, that you get infected.In your case, Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. * Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will dow... Read more

13 more replies
Answer Match 55.02%

I originally posted this in the Windows XP/Home forum, and I should have put it here. Sorry.So I did have several of these trojans including good ol' Vundo, and yes, I know it was my fault for becoming infected.However, I have cleaned and cleaned for several days now (including following all the steps in the "preparation guide") and just want to make sure its all gone, so I would appreciate any help I can get with my Hijack this log...Logfile of HijackThis v1.99.1Scan saved at 17:24:25, on 01/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\QCONSVC.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\TpKmpSVC.exeC:\WINDOWS\system32\ZoneLabs&... Read more

A:Infected :( - Trojans And Malware And Spyware Oh My

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jynxcraft My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

7 more replies
Answer Match 55.02%

Hello All,

I am an upcoming IT Manager still wet behind the ears.. I have a user that has a Laptop and it is infected (seems to be pretty infected).. It caused McAfee to stop working and when i tryed to re-enable McAfee it would tell me that the services couldnt start.. So I downloaded Avira Boot CD and ran that and it was unable to clean the trojans that it found.. So i downloaded NOD32 and installed that and ran it and it couldnt clean the Trojan.. So I downloaded Kapersky Boot Rescue CD and it couldnt clean it.. So here I am with my first post on this forum.. I have MBAM, OTL, and HiJackThis on a cd and ready to go if someone thinks i should run those as well.. The only trojan name i have so far is the OLMARIK trojan..

For every 10 times i boot i can log in 1.. and IE will just pop up with some random site on it.. also out of nowhere it will just start playing a NBC ad... anyways I need help and look forward to everyones wonderful knowledge..

A:Infected with Trojan, Malware, and Spyware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 55.02%

I've downloaded hijack this and combofix. Below is my original hijack this log, my combofix log, and then my second hijack this log. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:20 AM, on 1/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo!... Read more

More replies
Answer Match 55.02%

Hello good people of Bleeping computer, i have recently been trying to fix my girlfriends computer and i am at my wits end. google randomly redirects to multiple different sites and windows, telling me to update java or my browser or my media player, and it is sometimes impossible to navigate away without closing the browser from the task manager. every page i go to is also covered in ads by CloudScout, yet i am unable to find that program anywhere.  also, occasionally i will "lose control" of the computer, as in it will start opening programs, usually word or chrome, without me touching the computer. i hope my description is detailed enough, and thank you all so much for your time 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by Yvonne at 19:36:42 on 2015-01-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.1816 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k... Read more

A:Infected with unknown malware and spyware

Hi. I'm checking your logs now and will reply with instructions soon.

14 more replies
Answer Match 55.02%

Please help! Computer has been infected with spyware/malware. I've been trying to clean it, but seems as though there are a few things lingering ...
Logfile of HijackThis v1.99.1
Scan saved at 11:41:44 PM, on 9/3/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
C:\Users\mollymathew\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Te... Read more

A:Computer infected spyware/malware

Hiya

Download Security Check from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.


Download and scan with SUPERAntiSpyware Free Edition for Home Users
Double-click SUPERAntiSpyware.exe and use ... Read more

1 more replies
Answer Match 55.02%

hello. As of recently my laptop has been constantly been infected with what I think is malware and spyware and each time I "get rid" of it to the point where my computer is no longer telling me i am infected. I'm only 16 so i'm not quite sure what the problem is. Usually I get the false Internet Security 2010 problem, and I follow instructions to remove it every time, but it keeps coming back and I do not know what to do. I've followed these instructions http://www.bleepingcomputer.com/virus-remo...t-security-2010 and it doesn't work.I was thinking of clearing the hardrive because I believe it would clear infections as well, but I do not know how to do so and I am unsure whether doing so will delete my OS too. If it does, i'm not sure how I would reinstall it. I'm not sure what information is needed, but I have an Acer Aspire One with Windows XP, AVG is installed onmy computer, as is Malwarebytes and Ad-aware.

A:Constantly infected with spyware/malware

Welcome to BC, TygerTyger Let's see what we can do with your malware problem .... Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. Please download Malwarebytes' Anti-Malware and save it to your Desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Qui... Read more

21 more replies
Answer Match 55.02%

The other day I was attempting to find copy of CS3 Flash 9 and after downloading and opening and .exe file get a warning from my Avast! that I'm infected with a few trojans and Malware. And stuck with a blue screen and a twin box of yellow says "Warning! Spyware Dectected on your Computer!" and the bottom half in blue that says "Install a Spyware or Virus Remover to clean your Computer" it also acts as if my desktop is non-existant. But I can still access most things except shortcut through Ctrl + Alt + Delete. I have a list of the files of what I was hit with, what Kaspersky Online found and will also send a copy of the Hijackthis.log . I really hope that this helps out, thank you. The list of Spyware I was hit with - what type of infection they are.tt7.tmp.vbs - VBS:Malware-gen.tt1.tmp.vbs - VBS:Malware-genagpqlrfm.exe - Win32: Vassup-BQ[Adw]clbdll.dll - Win32:Vundrop[Drp]kgxmotapktx.dllA- Vapsup-EB[Adw]kvxqmtre.dll- Win32:Agent-LTS[Trj]qndsfmao.dll- Win32:Trojan-gen{Other}xpa.exe- Win32:Fraudo[Trj]xpa_2008[1].exe- Win32:Fraudo32[Trj]Hijackthis.logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:12:32 PM, on 7/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS&#... Read more

A:My Laptop Has Been Infected With Malware And Spyware! Please Help!

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.Post the fresh HijackThis log and the uninstall list in the bo... Read more

2 more replies
Answer Match 55.02%

OK I have some very annoying spyware/viruses running on my comp. I've run all sorts of anti-malware and virus scans to no avail. Encluded are some screen shots of the pop ups I've been getting.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:18:53 PM, on 11/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\explorer.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\bdkhvkmq.exeC:\PROGRA~1\MOZILL~2\FIREFOX.EXEC:\WINDOWS\system32\mspaint.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\... Read more

A:Infected With Obnoxious Spyware/malware

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

13 more replies
Answer Match 55.02%

Hi All,My laptop has been infested with Malware\spyware. I am not sure what. Can you please help me in restoring it. When i click on the link in google results page, it goes to someother websites. Can you please fix this. I ran the DDS scan, but it doesn't work. It says The system cannot find the file specified. Can you please help me.I have posted the contents of the HighJack this log file again...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:28:17 PM, on 6/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2009\vsserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Ap... Read more

A:laptop infected with Malware\spyware

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 54.6%

When I hit the Start button on the lower left and hit All Programs it say EMPTY. The only way I can locate my files is when I hit the search button - files and folders - then show hidden files. My desktop is also blank it seems that all my folders have been hidden. Also, my internet is very slow now.....5-11mbs. Normally it was 54mbs. Help!!!
.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11
Run by Sara at 19:10:11 on 2011-08-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.486 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51... Read more

A:Not sure which virus/spyware/malware my comp is infected with?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

14 more replies
Answer Match 54.6%

I believe I have been infected with XP Antivirus Protection virus/spyware/malware.

I have downloaded and ran HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Applicat... Read more

A:Infected with XMP Antivirus Protection malware/spyware - Help please

11 more replies
Answer Match 54.6%

I was recently infected by some sort of spyware/malware/virus and was wondering what I should do next. I've already taken some steps to resolve/relieve the problem, as I have some experience with these sort of things. I already fixed some of the problems myself by going into safe mode and disconnecting from the internet, turning on/off system restore (as most of the files were infected anyways), running Mcafee antivirus, running sdfix, combofix, malware bytes, spybot, and a few other tools. I have the logs and can post them, but I read in the instructions not to post the log until instructed to do so. At first I had problems doing just about anything, exe's wouldn't work, internet addresses were redirected, shady processes running in the background (as witnessed in task manager), unable to use certain system tools such as regedit. I fixed all of those problems, however I'm still unable to: install certain programs (Such as SuperAntiSpyware due to administrative "policies", which leads me to believe that this program would be able to combat the infection), reactivate windows firewall (ICS service won't start), and some exe files that were originally installed are notifying me that they are "corrupt". Although I believe I'm going to have to reinstall these programs, as Mcafee shows that they are infected with a virus. I believe the immediate threat to be gone, as I originally contracted the malware it was definitely installing more b... Read more

A:Infected with a spyware/malware/virus and need assistance

Since you have run all the tools you have, and have not seen any relief, I would recommend posting to the HJT/Malware forum.Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far. If you need any help with the guide, please let me know.

2 more replies
Answer Match 54.6%

can someone please give me some info as to how I can remove all of this bad stuff that is slowing down my computer.

Thank YOu

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:13 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Java\jre1.... Read more

More replies
Answer Match 54.6%

I believe there is some sort of advanced Malware harboring in my system, as well as some definate
Spyware.

Odd things started happening a day or so ago.

I would get repeated "Windows No disk" errors constantly (currently have a CD in my only
removable disc drive, which is currently keeping the error at bay).

My clock switched to military time without my doing (fixed at the moment using Roguefix).

I Would be directed to random advertisement links when I clicked on google links. (I only use
FireFox because I believe that IE is just bad business in general)

I was not able to launch my Malwarebytes' program in order to do a maleware scan. I currently
have this issue under control by renaming the "mbam.exe" to "mbam.com", however, upon the
completion of the scan, none of the symptoms have disappeared.

I cannot launch Spybot. I have tried reinstalling both versions 1.4 and 1.6, neither of which
will launch. I currently have 1.4 installed with the Tea Timer off so as to not get in the way of
any fix.

When I try to update my Windows Defender, I get the error - "Error found: Code 0x80070422".

When I try to run SmitfraudFX in safe mode (with no network connection) it encounters a problem
and prompts to send an error report, and then close.

My ThreatFire program is always running. When I try to run a quick rootkit scan, it is successful
but finds nothing. When I try to do a full system scan, it freezes after one second of s... Read more

A:Badly infected and can't find the fix! Spyware/malware

Let's run a scan with rootrepealhttp://rootrepeal.googlepages.com/Select the file tab at the bottom, scan and save the report and post here

9 more replies
Answer Match 54.6%

I have my Laptop Dell Inspiron N4010,Windows 7 Home Premium got infected by malware's few month ago.I used Malwarebyte's to Remove it.But around 1 month the same thing occur again.I scan it again with Malwarebyte's but it didn't found anything.I also noticed that my External Hardisk cannot be safely removed.I want help to determined either the virus,Malware's or Spyware is still infecting my Machine.

A:Am my Computers still infected with Malware,Viruses,Spyware?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

19 more replies
Answer Match 54.6%

Hello -- I too need help fast with a trojan virus infecting and affecting my system. I tried to download spyware removal software but it doesn't work - it just keeps coming back! I am overloaded with popups and IExporer keeps opening windows asking me to download software to fix it and I cannot uninstall iexplorer either. My system speed is compromised as well. Can someone please help? Thank you in advance!

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:29:03 AM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:... Read more

A:Trojan virus-malware-spyware infected!! Need help!

I downloaded and ran combofix -- here is the log, but I am still infected. My system is ridiculously slow and any reboot takes a VERY long time - 20 mins to come back up fully.
 

1 more replies
Answer Match 54.6%

My computer is infected with a virus or spyware program that no anti-virus or anti-spyware program seems to be able to remove or detect. First a message box comes up that is titled: Message from Webpage. Then it says, Warning!!! Your system requires immediate anti-viruses scan! Total Security can perform fast and free virus and malicious software scan of your computer. This is followed by a page that pretends to be scanning my computer. The heading says, "My computer Scanner - Microsoft Internet Explorer". It tells me, "Your private data is under attack!" "Your Computer is Infected!" and then goes on to pretend my computer is infected with 97 trojans, etc. I have tried Ad-AwareAE, Spybot, Spyware Doctor, Malwarebytes Anti-Malware, WebrootSecurity (Trial), Avira-antivir, and Spyware Terminator. None of them have been able to locate and remove this virus. PLEASE NOTE: I WAS UNABLE TO CREATE A ROOTREPEAL REPORT. EVERY TIME I CLICK ON "REPORT" "SCAN" I GET AN ERROR: "COULD NOT INITIALIZE DRIVER. PLEASE CONTACT THE AUTHOR."HERE IS MY DOS.TXT FILE.DDS (Ver_09-10-13.01) - NTFSx86 Run by Randy at 18:39:59.51 on Fri 10/23/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.128 [GMT -5:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: Webroot Internet Security Essentials *On-access sc... Read more

A:Infected with false Spyware Warning malware

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a cl... Read more

43 more replies
Answer Match 54.6%

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

A:Infected with Virus, Trojan, Spyware, and Malware

Hi, I ran the scans. the 1st two reports were good. They are posted here. The rkunhooker would not load or scan. Driver invalid and would not let the program load. Let me know what I need to do.DDS (Ver_10-11-10.01) - NTFSx86 NETWORK Run by User at 12:37:19.31 on Sun 11/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.696 [GMT -6:00]AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\User\Desktop\Defogger.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\User\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Settings,ProxyOverride = <local>uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\too... Read more

60 more replies
Answer Match 54.6%

Hey guys i recently got hacked by an RAT (from what i heard from google) i was browsing normally and suddenly my webcam light pops on and a chat box pops up with some random person telling me the layout of my room and the features of my face (WTF RIGHT?) also my desktop backround was changed to something disgusting i ran windows defender and trojans were found and a file called "backdoor" which is associated with RATs ive heard 3 files total and i removed them.... also my windows task manager is running adobe reader (i dont know if this is by default or what cuz i havent noticed) but i noticed 2 odd programs running. one called services with a little raincloud next to it and the other was called Visual command line compiler or something close to that. also my browser automatically loads search.conduit again and again no matter how many times i set my homepage to google it keeps going back to it. Also when Alt+Tabbing two mysterious windows are present. when i land on them my tab stays the same and nothing else pops up like a normal window. ive ran through a couple of similar reports on this forum and the programs i have ran are
SecurityCheck
ComboFix
Tdsskiller
OTL
The logs are attached thank you for any response

A:Infected with malware/spyware trojan and RATs

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (N... Read more

2 more replies
Answer Match 54.6%

Hi! I think my laptop may be infected with some spyware...or malware X_X I'm not too sure..I've been getting a bunch of popups from 2 different Chinese sites >_< I've never seen them in my life :\Anyways, I've done everything here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ and i think I still have some infections..if you could me out, i'd reeeeeally appreciate it ^^Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:42 AM, on 10/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\Install... Read more

A:Spyware/virus/malware Infected Computer

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Buggie My name is Richie and i'll be helping you to fix your problems. You have a Backdoor Trojan present on your pc A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card instituti... Read more

9 more replies
Answer Match 54.6%

hi thier, could some one please tell me the process for getting rid of all this spyare that has attached itself to my laptop.

i constantly get pop-ups when im connected to the internet, at least 1 every 30seconds,
and also when booting, it takes a while when all the programs are loading in the system tray, its being very sluggish.

before this started happening, i had done a defrag and general clean up.

any help would be very much appreciated. here is a HJT log.

thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:30 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.ex... Read more

A:help wanted pls, malware spyware trojan infected, (HJT inc)

16 more replies
Answer Match 54.6%

I was recently infected by some sort of spyware/malware/virus and was wondering what I should do next. I've already taken some steps to resolve/relieve the problem, as I have some experience with these sort of things. I already fixed some of the problems myself by going into safe mode and disconnecting from the internet, turning on/off system restore (as most of the files were infected anyways), running Mcafee antivirus, running sdfix, combofix, malware bytes, spybot, and a few other tools. At first I had problems doing just about anything, exe's wouldn't work, internet addresses were redirected, shady processes running in the background (as witnessed in task manager), unable to use certain system tools such as regedit. I fixed all of those problems, however I'm still unable to: install certain programs (Such as SuperAntiSpyware due to an error "The system administrator has set policies to prevent this installation", which leads me to believe that this program would be able to combat the infection), reactivate windows firewall (Windows cannot start the ICS service), and some exe files that were originally installed are notifying me that they are "corrupt". Although I believe I'm going to have to reinstall these programs, as Mcafee shows that they are infected with a virus. I believe the immediate threat to be gone, as I originally contracted the malware it was definitely installing more bad programs onto my computer and from what I can tell this has stopped. So the situation ... Read more

A:Infected with a spyware/malware/virus and need assistance

Hmm...so I guess I'm not getting any help. Well that's ok, if a mod see's this you can go ahead and close this thread. I just reformatted my computer...so much for fixing it .

2 more replies
Answer Match 54.6%

ok i have been haveing some kinda of malware lately or spyware or something ok well after 3 days of not able to get a hijackthis log i finally got my cure! first i have a balloon popping up saying your computer is infected with spyware blah blah blah. Then it wants me to download a program to get rid of it obvioulsy fake. Also i have 2 fake icons on my desktop that are windows update and support center that take me to some website. I also get poppups all the time of errors while im working on the computer and starting up i get about 20. When i try to run hijackthis or Avg or spybot i click them to run and nothing happens and have tried to reinstall them a couple of times. here is the logLog created by WinPatrol version 14.0.2007.1:14.0.2007.1Scan saved at 7:49:52 PM, on 3/01/2008Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)MSIE: Internet Explorer (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32\SMSS.EXEC:\WINDOWS\SYSTEM32\WINLOGON.EXEC:\WINDOWS\SYSTEM32\SERVICES.EXEC:\WINDOWS\SYSTEM32\LSASS.EXEC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\spoolsv.exeC:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXEC:\WINDOWS\explorer.exeC:\PROGRAM FILES\ANALOG DEVICES\Core\smax4pnp.exeC:\PROGRAM FILES\2Wire\2PORTALMON.EXEC:\PROGRAM FILES\MICROSOFT XBOX 360 ACCESSORIES\XBoxStat.exeC:&#... Read more

A:Balloon Saying "your Computer Is Infected With Spyware" Most Likely Malware

What you've posted is a log from Winpatrol. WinPatrol is a great application, but I'd like to work with HijackThis itself.Please do the following to download and install the latest version of HijackThis v2.0.2:CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.Double-click on HJTInstall.exe to run the program.By default it will install to C:\Program Files\Trend Micro\HijackThis.Accept the license agreement by clicking the "I Accept" button.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.Click "Save log" to save the log file and then the log will open in Notepad.Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.Come back here to this thread and paste the log in your next reply.Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

35 more replies
Answer Match 54.6%

I am having trouble with my computer and it seems to be a spyware/malware infection, possibly the Virtumonde virus. When I first turn the computer one, the background of my desktop is blue, and in yellow writing it reads: "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats. Click here to scan your PC for spyware..." I have not clicked on that message due to fear of it actually making things worse. I have also noticed several other unusual things that I suspect may be related to a virus. One, there is now a shortcut link on the desktop for "Internet Security Suite", which I do not know what it is, nor did I intentionally download it. Secondly, there are two other programs that appear when I select "Start" and "All Programs" that I am not familiar with - "Internet Speed Monitor" and "Outerinfo". Finally, when using the internet typically with Mozilla Firefox, I frequently am bombarded with random pop-ups as well as dialog boxes in the lower right corner of the screen that typically say there is a spyware threat and to click on the box to fix the issue. I have never clicked on any of those boxes. I read the Preparation Guide For Use Before Posting about your ... Read more

A:Infected With Malware/spyware, Possibly Virtumonde

Hello there Mike and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.Thanks,Charles

18 more replies
Answer Match 54.6%

Hi, I seem to have picked up something.It causes my browser to redirect me to different sites if I click on google results.it comes up with "www99.bussisnesssite.net" or something similar brieflyIt would like some help with getting rid of this, or some info on what exactly these 'google redirect viruses' do.naturally I'm worried about internet security, my passwords, bank account, etc.If I can just have a moment of your time to help a bro out.thankyouHere's my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:21:17 PM, on 12/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32LEXBCES.EXEC:WINDOWSsystem32LEXPPS.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesLexmark X1100 Serieslxbkbmgr.exeC:Program FilesLexmark X1100 Serieslxbkbmon.exeC:Program FilesESETESET NOD32 Antivirusegui.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exeC:Program FilesLogitechQuickCamQuickcam.exeC:Program FilesJavajre6binjusched.exeC:Program FilesiTunesiTunesHelper.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exeC:Program FilesK... Read more

A:Infected with internet browser spyware/malware

Problem solved, used ComboFix from a malware/spyware removal guide I found on a site. Thanks no-one

2 more replies
Answer Match 54.6%

Hello,I have been having a problem out of my computer for the past month. I keep finding this folder "WebSearch" in my program files and everytime I delete it, it keeps coming back. Some service has been downloading everynight, "Software Distribution Service 3.0". This is not a service/update from Microsoft because I have checked. My computer is running at 100% CPU usage; I can't restore my computer even in safemode with command prompt; I can't download new software using my DVD/CD drive; for some reason, the appearance of my screen and resolution has changed and I am unable to change it back. I even tried going into the properties page of my display settings to set the monitor, but it won't allow me to do that either. I have Ad-Aware 2007, but my compuer won't allow me to use it. I also used Backlight, and found that I have 16,661 files that were detected. Unfortunately, I do not know which files to delete or keep. Please help, I truly appreciate it. Thanks, Mrs. Bland.Here is a copy of my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:35:52 PM, on 2/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Syste... Read more

A:Infected With Websearch, Spyware, Malware And Other Viruses

Hello slbd78,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 54.6%

Hey all,

Recently, I let my son on the computer and it's now running very slowly, certain programs won't open, and pop-ups keep...popping up. I ran an AVG scan and it found a ton of trojans, spyware, and a virus (called Cryptor I believe). Anyway, I ran the DDS log scan and here are the results (Attach.txt is attached, however it wouldn't let me upload a zipped version so it's in .txt format).
DDS (Ver_09-03-16.01) - NTFSx86
Run by Brandon at 16:50:21.43 on Mon 03/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2690 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic A... Read more

A:Computer infected with virus, spyware, and other malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

11 more replies
Answer Match 54.6%

I have tried alot of guide, and still I am infected. Yesterday I used Panda ActiveScan Pro, and the report said I had 6 Hacking Tools installed on my computer in C:\, 1 SpyWare in my cookies in C:\ and finally 1 in Quarantine in my E:\ Folder. (Only D:\ seems unaffected, for now...)

I asked on Microsoft Newsgroup, and what all the people told me to try failed. Viruses keeps coming back like mad, I am doing another scan with ActiveScan Pro it's at 15% of scanning, it already found 2 Hacking Tools (These are tools used by hackers to attack systems from a remote computer.)

Any suggestions on how to finally deal with that? SOMEONE GET ME OUT OF THIS NIGHTMARE!!! PLEASE!!!

A:Been Infected With Viruses, Malware, Spyware For 2 Days, Someone Help, Please!

Oh the ActivaScan Pro, is at 50% and it only found 2 Hacking Tools so far ^^ (it's good cause yesterday, it wasn't like that). How can I get rid of those before I see more of those respawning (again!) on my computer?

8 more replies
Answer Match 54.6%

Can you tell me what to do with these files please.


1. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP532\A0154381.exe
2. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP532\A0154383.exe

1. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP518\A0153895.exe
2. C:\Program Files\Common Files\Microsoft Shared\DAO\PCD\SVCHOSTE.EXE
3. C:\Documents and Settings\Owner\My Documents\...9_FE77DF402A8D4138B88098AB090833A7]


1. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP536\A0154467.exe
2. C:\Program Files\TClock\tclock_install.exe[tclock.exe]

1. C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe

1. C:\Program Files\TClock\tclock_install.exe

1. C:\WINDOWS\system32\msmapibx32_pt2.exe
2. C:\WINDOWS\msmapibx32_pt2.exe

1. C:\Documents and Settings\Owner\Desktop\Photo...mples\EZ-Emoticons.exe[SHNT288.exe]
Low danger level (21)

1. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP524\A0154225.EXE
2. C:\System Volume Information\_restore{F2681A7...8B-015335799DC0}\RP518\A0153899.exe
3. C:\Program Files\Common Files\Microsoft Shared\DAO\PCD\SVCHOST.EXE
4. C:\Documents and Settings... Read more

A:My Pc Is Infected With Password Protected Malware And Spyware.. :(

OK run this then Update and run MBam again,post new log.. Some infections are in the Restore files also.Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

6 more replies
Answer Match 54.6%

Hello,I am repeatedly getting Google going to other sites, sometimes even when browsing other sites, today I continually have been sent to avabon.com for example when browsing Sky.com. Stopsign has not stopped it nor has Malwarebytes. anything you can do to help me remove this dreaded infection. Hopefully I have followed all your instructions properly. Thayou in advance.DDS (Ver_09-11-24.02) - NTFSx86 Run by Jamester at 17:45:29.79 on 25/11/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.119 [GMT 0:00]AV: StopSign Antivirus *On-access scanning enabled* (Updated) {3E1D4556-3240-40c8-BBED-64A8690A3FB4}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exesvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\DRIVERS\dcfssvc.exeC:\Program Files\eAcceleration\Framework\eac_productsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Microsoft\... Read more

A:Help - infected with malware/spyware? Google hijack.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 54.6%

Hello. For the past few days I have been having some problems I see many others have on this forum. My anti virus expired a few days ago and then all hell broke loose. My wallpaper turned black saying I am infected with spyware and gave an IP address.. I have had pop ups... websites have been blocked am unable to access any email account.. no hotmail yahoo mail aol nothing..I am unable to download windows live messenger.. at one point I couldnt even ctrl +alt+ del...it was saying acccess denied by administrator my adobe flash player doesnt work and am unable to install anything. am unable to create a new user for the computer... am unable to run some programs... certain buttons on websites for example facebook have been disabled.. When I try to get to hotmail... status bar reads runone... and the page never loads.. there is a strange clicking sound whenever I press a button.. e.g start button... programs...etc.. I have followed steps given to others and have cleaned out some of the problems for the most part..I used hijacker, combofix, SDscanner, Killbox, suspicious file packer.
I no longer have popups, I have downloaded AVG anti-spyware, Kapersky anti virus.. and I basically still have problems with that strange clicking sound and being unable to go to emails. and certain buttons are still disabled on some websites. I am willing to run all afore mentioned programs at your request.
please respond
casper

A:Computer Infected With Spyware Malware And Viruses

her is log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:21, on 2007-11-06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\hphmon04.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\a-squared Anti-Malware\a2guard.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\a-squared Anti-Malware\a2se... Read more

29 more replies
Answer Match 54.6%

I have attempted to remove this malware several times using your removal guide here, including in safe mode, and the program keeps reinstalling itself after removal.Thanks ahead of time.Log.txtLogfile of random's system information tool 1.04 (written by random/random)Run by Aaron at 2008-12-08 16:37:39Microsoft Windows XP Professional Service Pack 3System drive C: has 7 GB (17%) free of 40 GBTotal RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:37:53, on 12/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Razer\Copperhead\razerhid.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Creative\SBAudigy\Surroun... Read more

A:Infected with Spyware Guard 2008 malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

3 more replies
Answer Match 54.6%

getting a lot of popups asking me if id like to install AntiSpywareSuite, malware alarm..also seeing ads on myspace being changed to malware protection advertisements, and also receiving AreaConnect popups i have ad-watch, avast!, and windows defender and while they detected and removed a few items, im still having issues. not having problems so much with firefox as i am with internet explorer, however for a while i was having trouble connecting to amazon.com and ebay.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:50 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewp... Read more

A:spyware/malware. im infected! hijackthis log included.

dont mean to pester but it seems the edit option disappeared so i had to post a new message...

now im getting ad.yieldmanager.com crap coming up..its just getting worse and worse.

1 more replies
Answer Match 54.6%

I was infected with Spyware Removal 2009 Malware. so I had the Spyware Removal 2009 malware somehow got installed on my computer. As some forums said I installed malwarebytes to remove it. I think I got most of it out but I thought I had it all removed before and it came back. So here is my hijackthis file to see if everything is off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:33 PM, on 3/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS... Read more

A:Infected with Spyware Removal 2009 Malware.

Hello pdeals917,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

4 more replies
Answer Match 54.6%

I run spy bot and super antispyware religiously but I think it is not catching the problem.

Firefox shuts down irregularly, and sometimes when I shut down I get this countdown thing before it does so. In any event it seems you may need my HJT log so here it is:

Please advise.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:22 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\Qui... Read more

More replies
Answer Match 54.6%

there is an icon on toolbare and a message saying that my comp. is infected. something cold bloodhound.w32.ep // also oleext32.dll. I need help please.

A:My Laptop Infected With Virus, Spyware & Malware

Welcome to Bleeping Computer, karo.Please follow the steps of this guide:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

1 more replies
Answer Match 54.6%

Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 15:15:55Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:59, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Fil... Read more

A:Infected By Various Unknown Virus/malware/spyware

Hello Mabok and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, ... Read more

6 more replies
Answer Match 54.6%

I downloaded something that gave me a bunch of junk. I was getting IE pop ups and browser help objects that i could not disable. My automatic updates kept getting turned off. McAfee didnt even see half the stuff on my computer. Some of the main files i found were:zrfgwu.dllurqOeDSi.dllfccbBRJb.dllPblxfx.dllI ran AVG internet security, malwarebytes', ccleaner and vundofix. I got rid of most of the problems but I still wanted to post up my hijackThis log to see what you think.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:24 AM, on 7/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\PROGRA~1\McAfee\MSC ... Read more

A:Infected With Spyware, Trojans, Malware, Vundo!

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

12 more replies
Answer Match 54.6%

I have a laptop that has been infected by several viruses. I have been reading through several posts here, and I have tried many things so far, including:
1. Trend Micro Internet Security 14 (was on the computer from the beginning)
2. Hijack This - cleaned up some of it, but obviously didn't get it all.
3. Ad Aware - found some issues, cleared them, but can't get rid of all of them.
4. Malwarebytes' Anti-Malware - installed (had to rename it to get it to run). It found many issues also (300+), but couldn't get rid of some of them either.
5. SuperAntiSpyware - installed (also had to rename to get it to run). Found many issues here too, but couldn't clean them all.
and finally 6. Kapersky Online Scanner - ran and it only found 5 threats. When I clicked on all of the issues it found, there was NO record of them on the Kapersky Virus Lists.

I downloaded the Combofix program seen in many of the posts here, and actually tried to run it yesterday, but it wouldn't even start running. I haven't attempted it again - I need more advice here before I go there....

So, the problem is that when I start running Internet Explorer, it first gives me an error saying that my last browsing session closed unexpectedly, and I have 2 options - restore the last session, or go to my home page. If I choose go to my home page, it does actually go to my home page, but I still have 4 instances running in my list of processes in the task manager. If I choose restore, it opens a wind... Read more

A:Spyware/Malware infected Internet Explorer

One additional notification that just came up in Trend Micro - TROJ_TDSS.WP. Not sure if this is the same as the other viruses or not.

5 more replies
Answer Match 54.18%

Sorry ahead of time - I'm not sure what the actual malware is.I cannot reach gmail (or if I can, it is very sporadic) - the page displays with the following error:Not FoundThe requested URL /accounts/ServiceLogin was not found on this server.Apache/2.2.3 (Red Hat) Server at www.google.com Port 443I am also not able to get to google reader - it brings me to google itself, and the header image doesn't load.Search results in google and yahoo do not resolve either, but redirect to another site with ads (such as searchclick8.com/....)Finally, if I try to reboot into safe mode, the system reboots again, so if I continue to go to safe mode, it's just a loop of failure and disappointment.I have downloaded combofix but have not yet run it, and I'm including my DDS and GMER logs in this post. Sorry I couldn't give more information, but I'd be happy to look into anything that could further clarify the issue.Thanks!Sorry! Forgot my DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Kowalski at 20:38:18.28 on Wed 02/17/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.231 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) Copyright Information 5============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files... Read more

A:Infected with malware - no gmail, search results do not resolve, and safe mode loop

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

17 more replies
Answer Match 53.76%

I have tried everything I have done in the past on other systems, but to no avail, I am still infected with something. I Still can't figure out how I contracted this 'TidServ" Spyware issue. It is draggin down on latency with my home network.You can see what I am running in the attached files, but I have tried the following so far:1. Followed all instructions from symantec.com for removal process2. Ran many-many Full Scans with Symantec Endpoint (I am attaching a file log from my Symantec Risk Log - hopefully it helps)3. Ran Super AntiSpyware Pro - nothing found! (except cookies)4. Multiple reboots (no restore points) multiple scans, showing nothing, but I am still receiving the pop-up from Symantec that is shown in the attached.A couple of notes I thought might be pertinent:1. gMer locked up my computer during the first scan. I noticed an extreme amount of network activity for no reason, so I pulled my LAN plug off the router that lead to the computer. BSOD!2. Received 2 TidServ HTTPS attacks from the same IP Address during the this process3. I have attached a PDF of the print screen of my desktop showing these IP Spams I am receiving4. I also attached the Symantec Log of what has been found during my scans. None of the latest definitions from Symantec are obviously working since I am still receving these IP Spams.Added OTL Reports for detailed information that I saw from several other posts. Additionally, I will not be allowing this computer to b... Read more

A:Infected Malware/Spyware (HTTPS TidServ IP Spoof)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

16 more replies