Tech Problem Aggregator

I found an unknown files called myfile.exe, origin unknown.

Q: I found an unknown files called myfile.exe, origin unknown.

I loaded up explorer and opened up my C:/ drive to start a game in my program files, accidentally pressing "Downloads" finding this file there, my operating system is Swedish so the folder should be named "Hämtningar" (Swedish for downloads). The file is 93 kb in size and was created on the 27th january, there is also an account named "Unknown account(S-1-5-21-a bunch of numbers)" with total control, I also have no ability to remove it. I would like some help with this, malwarebytes also doesn't react on it. I've also noticed I'm unable to visit Bing (not like I use it, but still weird) with the access denied error.

A: I found an unknown files called myfile.exe, origin unknown.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click "Next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt""system-log.txt"NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit. Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.Do NOT use spoilers.Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

23 more replies
Answer Match 101.64%

Following a recent virus purge of my daughters desktop PC (using Malwarebytes), that terminated in a reinstall of Windows 7. When I came to reinstall the contents of the Toshiba external 1TB 2.5" HDD that had originally been formatted NTFS and used for backup purposes, I was confronted with an inaccessible array of ADI files that Win7 OS could not access.
In order to cut a long story short, I installed Linux Mint 16 (32bit) on an old (ex-Windows XP) Acer Aspire 3000 having replaced the XP operating system completely. I can now open the file which displays in binary form only. I would therefore appreciate any help and/or assistance in order to download the contents of the Toshiba backup HDD onto the desktop hard drive. Thanking you all in expectant anticipation.

A:External HDD backup files of unknown origin?

Hi Brink thanks for the information supplied by yourself and Jacee dealing with the inability to access various file formats. It is possible that this could be the solution to my recent enquiry :-http://www.sevenforums.com/backup-restore/378582-external-hdd-backup-files-unknown-origin.html
Unfortunately I did not receive any response to my query which sadly could be due to my poor explanation of the necessary details required by you experts. The file format that I am having trouble with is "ADI" or .adi & would therefore like to know if this will be added to your list in due course. If there are any further questions appertaining to my query then I will be only too pleased to respond.
Thanking you in advance for any information you are able to proffer.

3 more replies
Answer Match 100.38%

I am having from 5 to 10 log files created every day within 3 hours of boot time. These files are formatted as ULS Tracelog files. Each file has the same header record and similar data. The files vary in size from 3 kb to 150 kb. They are named [actual machine name]-date-time.log. They are created in C:\windows\temp. A sample follows:

Timestamp Process TID Area Category EventID Level Message Correlation
12/28/2015 07:42:49.017 OFFICEC2 (0xb90) 0x1574 Click-To-Run Telemetry aqkhc Medium
{"MachineID":"c0e31bfd8a32094b8350e329a1ad333d","SessionID":"c80ce970-e7df-4cda-ad72-
a7bbcd6db4b3","GeoID":"244","Ver":"0.0.0.0","ExeVer":"15.0.4771.1000","SecuritySessionId":"0","Modul ePath":"C:\Program Files\Microsoft
Office 15\ClientX64\OfficeC2RClient.exe","CommandLine":"/update SCHEDULEDTASK
displaylevel=False","Bitness":"64","IntegrityLevel":"0x4000"}
12/28/2015 07:42:49.017 OFFICEC2 (0xb90) 0x1574 Click-To-Run Telemetry aqkhe Medium
{"MachineID":"c0e31bfd8a32094b8350e329a1ad333d","SessionID":"c80ce970-e7df-4cda-ad72-
a7bbcd6db4b3","GeoID":"244","Ver":"0.0.0.0","OSVersion":"6.1","SP":"1","ProductType":"1","ProcessorA rch":"9&... Read more

More replies
Answer Match 87.36%

HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST

SuperAntiSpyware keeps detecting above

Help please in fixing this Trojan Unknown Origin

In Vista Ultimate I foolishly allowed something to run when I didn't know what it was!

I was warned!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:26:27, on 23/06/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Thomas\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Softw... Read more

More replies
Answer Match 87.36%

Well,

yesterday i began using google only to notice that when i clicked on any link, it went to a random redirected link where they would be selling something etc.

with that i went to avg and tried to update to test for viruses and the connection to updates was completely unavailable, i uninstalled avg and installed bitdefender for the same outcome.

today to address the problem i went on a forum much like this one and it tod me to use malwarebytes anti-malware, i did this and whatever i have also refused to allow me to even open this.

i then changed the names of all the .exe files in the program folder and was able to open and run the programs, i removed the threats as the forum advised me to do and now when i restart my desktop i am getting recurring svchost.exe application errors.

I attemtped a system restore but it appears to have gotten their to as it assures me that i need to restart my computer which inevitably leads me back to the same error message.

if anyone could talk me through the repair of my pc in terms that i am an outside chance of understanding that would be absolutely brilliant.

forgive my naivety in advance as i may struggle.

A:big problems of unknown origin

where exactly in your start-up process do you get this error? Before or after the desktop loads

1 more replies
Answer Match 87.36%

When using SUPERAntiSpyware to scan for virus, trojan, spayware, etc.... It finds 6 items in the registry and 1 file under Unclassified.Unknown Origin.5 of the registry keys start with:HKCR\CLSID{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} and the other one is:HKLM\Software\Clasess\CLSID{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}the 1 file's path is:C:\WINDOWS\SYSTEM32\CBXXQIAY.DLLIt also finds one more registry item under the name of Rogue.Component/Traceregistry key:HKU\S-1-5-21-1777893114-209237723-344832790-500\Software\Microsoft\FIAS4018 This is a problem because SUPERAntiSpyware is not able to get rid of it. SUPERAntiSpyware prompts me to reboot so that it may delete the viruses on reboot but when I run the updates and re-scan the same items pop up. Unfortunately re-installing is not an option anymore so now I am asking for help. If I did not present my request properly please let me know so that I may learn from it since this is my first time posting.other tools that I used are:Symantec AntiVirus 10.1.4.4000Sysclean kaspersky

A:Unclassified.Unknown Origin

Thank you for moving this to the proper forum Orange Blossom. I was not sure where to post it at first, makes sense now.

1 more replies
Answer Match 87.36%

I have used SmitFraudfix, Malwarebytes, and Superantispyware to successfully quarantine over 100 trojans, adware, malware, viruses. However, after rebooting and rescanning with Superantispyware, there are 6 trojan.unknown origin that will not quarantine. The 6 items are:

HKLM\SYSTEM\CurrentControlSet\Services\asc3550p
HKLM\SYSTEM\CurrentControlSet\Services\asc3550p(ErrorControl-AAAAAA==)
HKLM\SYSTEM\CurrentControlSet\Services\asc3550p(Group SCSI miniport)
HKLM\SYSTEM\CurrentControlSet\Services\asc3550p(Start AgAAAA==)
HKLM\SYSTEM\CurrentControlSet\Services\asc3550p(Tag-KgAAAA==)
HKLM\SYSTEM\CurrentControlSet\Services\asc3550p(Type-AQAAAA==)

My HijackThis log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:48 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analo... Read more

A:Trojan.unknown Origin

Hello sara08 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional... Read more

11 more replies
Answer Match 87.36%

everytime I run superantispyware it comes up with about 6

Unclassified.Unknown Origin.BHO

I quartentine and delete them then reboot and they come back this is what comes up when I ran HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:22 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\run... Read more

A:Unclassified.Unknown Origin.BHO

everytime I run superantispyware it comes up with about 6

Unclassified.Unknown Origin.BHO

I quartentine and delete them then reboot and they come back this is what comes up when I ran HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:22 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\run... Read more

3 more replies
Answer Match 87.36%

Everytime I run a SAS scan, it always detects something in one of the registry keys. It's labeled as "Unclassified.Unknown Origin". I don't know what that is. I always let SAS quarantine it everytime it is detected.Exactly what is it, and is it something that I should worry about?? Here's a screen cap below of my last SAS scan...and I have it highlighted so that it will stand out...

A:Unclassified.Unknown Origin....WHAT IS THAT?

Hi can you copy/paste that full string out of the log?
Have you run the scan from safe mode to see if it doesn't reappear?

11 more replies
Answer Match 87.36%

I have an infection of unknown origin. Problems just started to appear when I logged in this morning.
Attached are the requested reports from the Preparation guide. (attach.txt, DDS.tct and RootRepeal report.txt

My system was already equipped with AVG antivirus, Malwarebytes, and SpyBot Search and destroy.
However, this morning my computer was acting extremely sluggish so I started Malwarebytes. As was killed as soon as it started. I tired to start it again but is received the windows message stating that I do not have permission to run this program.
The same thing happened with Spybot and AVG.

I uninstalled Malwarebytes and reinstalled. Then I rebooted in safe mode and ran malwarebytes which found a bunch of problems that were quickly fixed.

I rebooted into windows (not safe mode) and installed Spybot S&D. After install it will not run Update. I manually update from safer-networking web site download. Spybot did not find any problems.

Then I try to reinstall AVG free 8.5 (build 409 - 8/7/2009) but I get and error during installation..
Error: Action failed for file avgwdsvc.exe: starting service....
Error 0x8007041d

Then I tried to install 30 day trial of Kaspersky but after installation the software will not run...
From Event Viewer:
EvenID: 7000
The Kaspersky Anti-Virus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Currently my computer is running... Read more

A:Infection of unknown origin

It's been 4 days since my original post and no one has replied.I ran Trend Micro's Online House Call virus scan http://housecall.trendmicro.com/ and found that I had the PE_PATCHEP.A virus and it attached itself to 2 system files... explorer.exe and winlogon.exeI was able to recovery those files by booting from the WinXP CD and starting the recovery console.Everything is fixed now. AVG installs and runs properly. SpyBot S&D can do updates.If I could only figure out how this Trojan got past my defenses in the first place then I could close that door also.This problem is solved. Thanks to me!

2 more replies
Answer Match 86.1%

Here's my original post;http://www.bleepingcomputer.com/forums/ind...id=1152510& Brief synopsis; helping a friend's cousin. Old machine, xp sp1 with no antivirus. I cleaned as much off as I could and have updated to sp3. it runs much better, but slow and oddly still, and there are some registry values that Trend and Kaspersky and Superantispyware and Dr.Web and SDFix and some others all have pointed to, copied below, that will not delete. I don't know if this is relevant but they use AOL and have a lot of aol proggies and 'stuff'. I know aol used to take over a machine pretty much. I just ran DSS, here is the logDDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at 15:32:17.97 on Thu 02/26/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.41 [GMT -5:00]AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)FW: Trend Micro Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Java\jre6\bin\jqs.exeC... Read more

A:Unclassified, unknown origin; referred here

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Download and Run DDSIf you already have a copy of DDS, there is no need to download a new one.DDS is a tool that gives us a general overview of the condition of your machine.Download DDS by sUBs from any of the links below:DDS.com, DDS.scr, DDS.pifDouble click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".When the scan is finished, two logs will open.Post DDS.txt directly into your reply. Attach Attach.txt.F-Secure Online ScanPlease run F-Secure Online Scanner.This scan is for Internet Explorer only.It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.Go to F-Secure Online ScannerFollow the instructions here for installation.Accept the License Agreement.Once the ActiveX installs, click Full System ScanOnce the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.When the scan completes, click the Automatic cleaning (recommended) button.Click the Show Report button and copy the entire report in your next reply.Be sure to re-enable any security programs.Please post back with:-the DDS logs-the F-Secure scan logPlease give me an update on the symptoms. Also tell me of any changes you have made to this computer.With Regards,The P... Read more

22 more replies
Answer Match 86.1%

Hello,
 
Windows 10 machine on home wired 'Powerline' network.
 
I was recently trying to start my streaming software (Universal Media Player) to stream a video from the Desktop PC to my PlayStation 3 via wired network. I had various issues connecting when I noticed that the IP address of the application broadcast looked odd. The IP address was 169.254.99.243. I started searching around the network properties and found that I had two network adaptors. One I don't recognise: "Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64".
 
I immediately disabled the adaptor and the media server began working again.
 
I re-enabled the adaptor and restarted the computer. I checked the 'Network' section of My Computer to find a 'Phone' called 'angler' listed the properties of which stated it was a Nexus 6P - and my household doesn't have a Nexus 6P in it. I presume this could be related, or it could be another problem with an intrusion into my wireless network. The phone disappeared within a minute of me spotting it in the network and double clicking on it.
 
I haven't heard of something elaborate like this before - but at the moment something feels very off with this. To the best of our knowledge we have never used Cisco VPN software and we cannot trace the source of this network adaptor. There is no Cisco software installed on my machine.
 
Have I been hacked/infected with something?
 
 

More replies
Answer Match 86.1%

I have both a desktop and laptop for use in my Home Network and believe both are infected. Both computers will freeze-up at start-up and show continued nonsense pop-up messages, i.e., "installing sonic updater", or "your computer is at risk from firewall being turned off, click this button to correct". The icon shows red to symbolize it being off, but when I go into the Control Panel the firewall is On.I've done the following steps as per your site's instructions:1. Run "cleanmgr" and removed Temporary files, Temp Internet files and the Recycle bin2. Run Lavasoft's Ad-Aware program and removed infections3. Run Spybot's Search and Destroy program and deleted problems4. Tried to run "Housecall Anti Virus" and "Bit Defender" malware removal programs but both freeze up the computer before they complete their scans.5. Tried to run McAfee AVERT Stinger and also had the computer lock up.6. Tried to install Zonelabs Zone Alarm and got message I didn't have the right permissions7. Tried to install Sygate Personal Firewall and got a message the program was terminated before installation8. Did do a windows updateI have various security and malware programs installed that may be causing conflicts with one another. They are as follows:Windows FirewallAVG anti-virusMailFrontier - anti-spam program for Outlook ExpressRegCure (supposedly a malware removal program - I did look at reviews of this before installing it, but now wonder if this is... Read more

A:Probable Infection Of Unknown Name Or Origin

Hello mayo_win_teiWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Answer Match 86.1%

My computer is running unbearably slow - so slow that I cannot even download email without it timing out. Hopefully I'll see a reply to this message on your website since no guarantees of getting to email (I had to go to a neighbor's house to send back initial registration email). This all started with a persistent and consistent address suddenly appearing in the Automatic Configuration option under LAN settings in the Internet Options portion of Explorer. I copied the address, googled it, and was directed to your website. Despite my best and repeated efforts, I could not complete all of your prep suggestions - some programs (adaware and antivirus and macafee stinger) would not load. I was successful in getting spybot to run and the specific address has since dispappeared from Automatic Configuration option but my computer continues to be slower than molasses.Any help would be immensely appreciated!Thanks, DebLogfile of HijackThis v1.99.1Scan saved at 11:34:03 PM, on 4/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system... Read more

A:My Computer Has Serious Issues Of Unknown Origin

Welcome to the BleepingComputer HijackThis forum DLA First of all i don't see any signs of any virus protection installed.Download\install one of the following free options below.Once installed update its virus definitions and run a full system virus scan:AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeActive Virus Shield There's a nice setup tutorial Here:http://www.activevirusshield.com/antivirus/freeav/***************************Also i don't see a firewall,the reason for that is you may be using the Windows Firewall or you could be behind a hardware firewall.Either way you'ed be well advised to install one of the following free firewalls:Sygate Personal Firewall Free Edition:http://www.filehippo.com/download_sygate_personal_firewall/Zone Alarm Free:http://download.zonelabs.com/bin/free/1001..._737_000_en.exeComodo Personal Firewall:http://www.personalfirewall.comodo.com/***************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt,and a new Hijackthis log into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/h... Read more

2 more replies
Answer Match 86.1%

I've tried SpyBot, MalwareBytes, and SuperSpyware to no avail. In a recent phenomenon, my computer is having trouble running more than one application at once. I had ad pop-ups in IE and my "new tab" function was hijacked in Chrome, although I seem to have dealt with both of those issues.
 
Hijackthis log is below. Thanks in advance for your help.
 
 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:09:42 AM, on 5/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
 
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\pnssosvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
... Read more

A:Possible Malware Infection of Unknown Origin--Please Help!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the... Read more

2 more replies
Answer Match 86.1%

I was instructed by someone who was helping me on here on how to produce this log so that someone can help me out.Everytime I run a SAS scan, it always detects something in one of the registry keys. It's labeled as "Unclassified.Unknown Origin". I don't know what that is. I always let SAS quarantine it everytime it is detected.Here is the exact registry key that this infection always occurs in...HKU\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{E312764E-7706-43F1-8DAB-FCDD2B1E416D} It appears that only the SAS scan is the only scanner program that detects it each time. After it's detected, I always allow SAS to quarantine/remove it, but it keeps appearing each time I run SAS. Obviously it's not quarantining/removing it like it says it is. I don't know how to prevent it from constantly appearing. I really need help with this.Here's the DDS.txt log below, and I have attached the attach.txt log...DDS (Ver_09-02-01.01) - NTFSx86 Run by ME at 21:07:43.92 on Wed 02/18/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1631 [GMT -6:00]AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvch... Read more

A:Unclassified.Unknown Origin infection

Hi -KiKi- ,Welcome to Bleeping Computer. I'm m0le and I will be helping you with your log. We apologise for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.Please avoid changing anything on your computer (ie, downloading software) or taking unsupervised steps to remove any malware as this can make helping you much more difficult.
Please also try and reply regularly as long waits between instructions can make the fix much more difficult. I will bump the topic after 2 days without a reply and will close it on the third day.So give me some time to go through your log and, in the meantime, let me know if you have already solved the issues or no longer need my help.Thanks.

26 more replies
Answer Match 85.26%

I'm trying to fix my moms friends computer and i'm currently doing my second virus scan now (running in safe mode).

On the first scan i found 3 different trojans, but they were quarantined sucessfully. But now, on the second scan i found a trojan i found before again.

The name is:Trojan.Unknown Origin

I've been googling a bit and some other forums says it's a false positive. I just want to be 100% sure it is.

Any help appreciated.
-Nike

A:False Positive? - Trojan.Unknown Origin

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 85.26%

Hello,
My name is Devin and I have several years of tech support experience, I've done everything I can think of and I can't pin down what virus/malware/rootkit it infecting my system. I've wiped all externals with formats, I've flashed Bios as the thing came back after a reformat. I have my main system on an SSD which I secure wiped with PartedMagic. At this point, I just don't want to lose anymore of my files, I want things to work.
 
Please help, I've attached logs. I can't interpret them. I've never seen an infection like this. Everything save for GMER and DDS and HijackThis comes back clean. I'm near a breakdown as I've never been so stumped, and did this sort of thing for a livng for years in college.
 
Attached a DDS log per instructions and staggered  Hijackthis,Combofix and GMER logs in the post itself
 
As  a side note: I had though I had cleanred it, but when restoring files onto a new 2 tb drive I bought as an emergency replacement (alarmist and overkill, I know), the popups came back. Usual flash download popups. I flashed the bios again, but I doubt that will help in the long run...
I thank you for anything you can do.
Where does a rootkit in the bios lie? In the extreme do I need to chunk my mobo and get a new one altogether and/or replace my RAM? Do I need to low-level format/DBAN my drives? Only two are internal with boot sectors, both not MBR but the newer standard of GUID (which I'm sure I'm mangling as I write this)
 
Again,
T... Read more

A:Rootkit/Bootkit of unknown origin. Please assist!

Let's hope CLoudflare let's this through. Not a duplicate. Format no go on last issue. Bios flash no good, secure erase ssd no good. Diskpart clean on Hdd for storage no good. Switch to linux?! Frustrated.
 
Devin
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Devin Vertigo at 10:43:10 on 2014-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16351.13232 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Sk... Read more

4 more replies
Answer Match 85.26%

I was really excited at first to buy this brand new HP Pavilion 23 AiO. I have owned and administrated a lot of computers in my life. I love my laptop for personal use, and i thought that upgrading our home PC to this All-in-One was going to be great investment. It removes the need for both a tower and bulk montior, by combining the two into a nice flatscreen stand alone featuring the "tower" built in.  Over the time of owning it,  It has gone from the family computer to just my wifes because at first i thought i our teenagers were the ones at fault for it having so many problems. It is now on its 3rd HDD, and 2nd set of RAM. It got its new RAM and final HDD just last week, and is already returning to its random spuratic crashing and boot failures. It lasted a while in the beginng never having any problems like this, but once it started that very first time they have more common and frequent.  Sometimes the computer will out of no where get a BSOD and state the computer has ran into an error and that it is collecting things and going to restart. Other times your using it and everything would be fine, turn around for one second to work on something else and spin the chair back and your now looking at a boot error stating "No Boot Disk has been Detected" and messages in that nature, always pointing to the HDD. Well last week i gave it a 3rd BRAND NEW HDD because the 2nd HDD stated that it had "Eminent Failure" along with a new stick of RAM because it wo... Read more

More replies
Answer Match 85.26%

I've been getting the BSOD sporadically for quite some time now and I am finally fed up.

Here is the STOP error information:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 4e
BCP1: 0000000000000007
BCP2: 000000000021DD10
BCP3: 0000000000000001
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\011112-30654-01.dmp
C:\Users\Dustin\AppData\Local\Temp\WER-54600-0.sysdata.xml
I've attached the dump file referenced above.

Here are some details on my machine:
Gateway DX4300
AMD Phenom(tm) II X4 810 Processor 2.60 GHz
8GB RAM
Windows 7 - 64-bit, full-retail
Hardware purchased in 2010, Windows 7 upgrade occurred early 2011
Not sure what the cause is, any help is greatly appreciated.

Also, there are a ton of files in my minidump in addition to the one attached, is this normal?

thanks in advance,
Dustin

A:BSOD unknown origin, error 0x0000004e

I've updated my thread to include the files requested in BSOD requirements page.

6 more replies
Answer Match 85.26%

Greetings to all.

First time poster so hope you are all well. Since I'm not sure what specificly is causing the problem I've posted it here, so hopefully that is alright!

I am having a spot of bother with trying to get my microphone to work. A couple of months ago I bought the Logitech Easycall desktop keyboard because of it's wireless capabilities and the advantage of using the microphone on the dock provided.

When I first got it she worked grand, no problem at all. At this time I was using Vista. Since then I've reformated my computer and this time returned to having XP as an operating system. But when I try to setup my microphone I'm getting nothing but static from it with even added more static if I try to talk. This happens if I try to set it up through the Audio Wizard provided or by going into Control Panel/Sound Devices. I have tried the microphone plugged into the Easycall dock and into the ports provided on the computer and got the say result. I also tried the microphone in my laptop and it worked fine so I know it's not something wrong with the hardware.

Hence the reason I'm here. I am at a loss. I've tried re-installing drivers, plugging it into different places and such but to no avail. Something obviously isn't set up right but I don't know what it be. What's got me stumped is that it worked before and doesn't work now. If it helps, I got SoundMax HD Audio drivers for the onboard soundcard. They work grand and it's only through the microphone that I ... Read more

A:Microphone static issues of unknown origin..

hello & welcome to TSF,

this is what i want you to do

steps
--------------------------

with the pc started select (start / then select (control panel /then select ( sounds & audio devices / then select from the window that poped up (device volume/ now there will be a selection for (advanced )select it

now you will get a bunch of volume controls / you will want from the tool bar of that popup window select (options ) then you will get a drop down menu / select (properties ) you will then get another popup window

here you will have the chioce to add or remove volume controls / if your box for (microphone ) if it is not selected

now select (okay ) then you will want to go back to the tool bar & select (options) again

now this time you want to select (advanced )

now the volume controls will flash (good ) now go to your volume control for the microphone select (advanced) now is the (boost) options checked / if it is uncheck it then close that window / now look to see if the mute is checked / if it is uncheck it / then set the volume slidre bar to about half volume

then close all windows except ( sounds & audio devices properties window ) you will then need to select the (audio tab)now look to see if your device is named under the microphone section / if not check to see if it listed as a device / then choose it

then select the (voice tab ) and check to see if it is listed also

you will have to select apply befor closing ... Read more

12 more replies
Answer Match 85.26%

Okay, the title sounds vague, but I can give more information.

I am currently running Windows Vista on my HP Pavilion laptop. About a month ago, I started having an issue when Vista launched. After all of the pre-load process had finished executing, I got a message that said that Windows Explorer had stopped responding, and was restarting. Then a whole slew of programs and Windows services went through the same process. Everything from McAfee to my touchpad management software either restarted or stopped all together, and then the computer rebooted.

Now whenever I start up the computer, I still get the same problem with the following two processes: Windows Explorer, and Task Scheduler Engine. The computer does not go into a forced reboot anymore.

Certain programs have not worked properly since. The most notable are IE, Windows Live Messenger, and Yahoo Messenger. IE behaves like I have no active connection, and I can't sign into either of the messengers. Oddly enough, Firefox works just fine - no problems connecting to the net and opening pages.

As I am the only one who uses this computer, I have no idea where this could have come from.

If anyone has any suggestions, please let me know.
 

More replies
Answer Match 84.42%

I continue to be plagued by BSOD's. There doesn't appear to be any consistencies (programmatically) that I am able to identify as the culprit.

Attached are the necessary files.

System details:
Gateway DX4300
AMD Phenom II X4 810 Processor
2.60 GHz
8 GB Ram
Windows 7 64-bit OS, Retail

If you need any other information please let me know.

Thanks, in advance, for your help!!!!

A:BSOD unknown origin. BCCode: 24, multiple ocurrences

Norton contributed to your crashes.

Symantec is a frequent cause of BSOD's.
Remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
http://us.norton.com/support/kb/web_...080710133834EN

Microsoft Security Essentials - Free Antivirus for Windows

9 more replies
Answer Match 84.42%

I'll make a timeline so this is easier to follow

1. Picked up some sort of virus/malware/(I don't really know the difference)
2. Scanned with superantispyware, had 7 results, including one fishy "Unclassified.unknown origin"
3. Rebooted upon request (windows automatically updated something on that reboot as well)
4. Log in screen looked fine...and then a blank screen. My wallpaper is usually yellow with a picture on it. So my whole screen was yellow and I had a cursor.
5. Task manager wouldn't open. Ended up pressing shift five times so something came up and I was able to open an explorer window, run regedit, and enable windows task manager. No idea why that was disabled
6. Used task manager to run explorer.exe and everything looks fine except I don't have an internet connection
7. Googled an answer, someone said to run cmd: cd c:\windows\system32\winevt
8. "Access is Denied"
9. Opened msconfig and disabled UAC
10. Repeat step 7
11. Cmd: ren Logs Logs_bad
12. Cmd: mkdir Logs
13. Rebooted. Everything the same as step 4.
14. Enabled UAC

I don't know what else to do. Also, the unknown origin thing is located at "HKUS\S-1-5-21-2791125010-2061037798-2193384331-1000\Software\Microsoft\Windows\CurrentVersion\Run (userinit - C:\Users\rubadub\AppData\Roaming\sdra64.exe"

More replies
Answer Match 84.42%

I have noticed extremely strange activity on my computer lately ,
(1) my computer has this application that is running without my permision ,i cannot locate the souce of where it is running from it is called "oasis exe."
(2)my other programs are also opening as if someone else is giving my computer commands(ex:2 dif applications began for no reason,it's like they are being opened but without the administrative command,pretty much on their own.
(3)I was not even hooked up to the internet and found when i scanned my com using avg that a knew set of javascript viruses found there way onto my computer,I think somehow there is an application that is reopeneing itself and causing a repeat effect of the same virus i have just wiped the last time i was online(even not hooked up online i am getting these over and over again)
(4)i have tried the following spy,addware removal tools,bug tools:
xsoftspy,,trend-micro antispy,,pc bug doctor,avg free,,
 

More replies
Answer Match 84.42%

I noticed my system running unusually slowly while installing a few new Firefox add-ons. The browser itself was working fine, but whenever I would open a menu to change any kind of settings on Firefox or an extension it would stop responding for a minute and the screen would flash as if it was going to ask for a permission, then the menu window would take forever to close even if I didn't change anything. I thought I had just installed something that used more memory than I expected so I switched to IE (which I almost never use but FF was taking too long) and looked at the task manager as well to see which extension I needed to uninstall, and noticed that random system services as well as Firefox (which I had shut down several minutes before) were using more than half the memory on what should have been an idle system. I started looking through event logs and found that a bunch of unknown user id's had managed to log in remotely. I know very little about programming and was still able to follow it around as it made registry changes and inserted weird instructions (in more-or-less plain English) into executables in the directory. It was as if there was another person doing it in real time, but I had the (windows) firewall locked down and my wireless adapter switched off manually, so there's no way I can think of where that's possible. We had a duel over file and directory permissions for a while as I was able to regain ownership of some directories and kick it ... Read more

A:Rootkit/Hijacker of unknown type or origin (Vundo?)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 84%

Could anyone help with understanding exactly what this file is. It's running from notepad and located in 'program files'

-------Application Run Starts--------------------------------------
-gC
Instructed to search generically for 200.
Running application - Parsed CMD line
OS Version--Major 5 Minor 1 Build a28
Guessing failed, trying SPTI
SPTI Access Mode Activated to Scan for Drives.
Found something -- Type MAXTOR 6L040J2 ?`?w Bus 0 ID 0
Not a CD, DVD, or CD-RW drive. Skipping profile check.
Found something -- Type TEAC CD-W516EC ?`?w Bus 0 ID 0
SPTI Pass-through Successful
ATAPI Return Code: 0/0/0
Returned data 0 2a 1 0 0 0 0 0 2a 22 7 7 71 77 29 23
Matching against 200. Profile found: 707
Found a Winner!
--------Application Run Starts--------------------------------------
-gD
Instructed to search generically for 8.
Running application - Parsed CMD line
OS Version--Major 5 Minor 1 Build a28
Guessing failed, trying SPTI
SPTI Access Mode Activated to Scan for Drives.
Found something -- Type MAXTOR 6L040J2 ?`?w Bus 0 ID 0
Not a CD, DVD, or CD-RW drive. Skipping profile check.
Found something -- Type TEAC CD-W516EC ?`?w Bus 0 ID 0
SPTI Pass-through Successful
ATAPI Return Code: 0/0/0
Returned data 0 2a 1 0 0 0 0 0 2a 22 7 7 71 77 29 23
Matching against 8. Profile found: 707
Open Adapter Failed.
Open Adapter Failed.
Open Adapter Failed.
Open Adapter Failed.
Open Adapter Failed.
Open Adapter Fai... Read more

More replies
Answer Match 83.58%

I am running a dual-boot machine with Windows XP MCE 2005 & Fedora Core 6. The problems I am experiencing are occuring within the WinXP environment.

When my daughter logged on a couple of days ago, her desktop was different. The background was gone and her icons had been rearranged. In addition, when she tried to go to "My Documents," it was empty. I have two HDD, and she has a partition where I had redirected her documents and most of the application data. So I went into the registry, and found that all of the changes I'd made to redirect her documents, her application data, her desktop, etc. had been changed. They were going in random places, including the system 32 folder. I tried to edit them so they'd go back where I had them. Every time, I'd get a message that said, "Cannot edit [key name]: Error writing the value's new contents." I closed regedit and reopened it. Now, all of the keys were sending her data to the C drive under the %USERPROFILE% variable, but I still could not edit the registry to send her data to the second HDD where it had been going for the past 6 months. Note, these particular issues are not affecting the admin account.

So, I decided to run a virus scan using AVG 7.5. First, I went to update the program. Each time I tried, I'd get an update error informing me that the update could not be completed. So, I tried using Kaspersky's online scanner. Here, I also got an error during the process of upda... Read more

More replies
Answer Match 83.58%

Lately my computer been slowing down freezin up at time and unfreezin.Everytime when i acess ie i get these ads about computer being infected and its scanning,also all these weird popups. I use Superantispyware,panda activescan,ATF,avg anti-spyware to scan and had gotten rid of most the adwares.I am not sure if they are completely gone.Here are the logs:SUPERAntiSpyware Scan LogGenerated 01/30/2008 at 03:36 PMApplication Version : 3.6.1000Core Rules Database Version : 3391Trace Rules Database Version: 1383Scan type : Complete ScanTotal Scan Time : 00:34:00Memory items scanned : 566Memory threats detected : 1Registry items scanned : 6071Registry threats detected : 12File items scanned : 27284File threats detected : 3Adware.Vundo Variant C:\WINDOWS\SYSTEM32\VTURP.DLL C:\WINDOWS\SYSTEM32\VTURP.DLL HKLM\Software\Classes\CLSID\{88E12424-5DAB-4E57-966C-EC610F959122} HKCR\CLSID\{88E12424-5DAB-4E57-966C-EC610F959122} HKCR\CLSID\{88E12424-5DAB-4E57-966C-EC610F959122}\InprocServer32 HKCR\CLSID\{88E12424-5DAB-4E57-966C-EC610F959122}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88E12424-5DAB-4E57-966C-EC610F959122}Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F} HKCR\CLSID\{98663E21-9CCE-4CF6-863C-91... Read more

A:Infect With Adware.vundo Variant,unclassified.unknown Origin,

Welcome Dangit to the BleepingComputer Forums.

Since it has been a few days, please post a new HijackThis log.

Please do not attach your log, as that makes it hard to read. Thank you for your patience.

2 more replies
Answer Match 81.48%

So Before 7:00 PM my computer had nothing, after it finished it's first general scan, it does another an hour later to be sure. Well according to my computer between then, something put itself inside data1.cab and search5.api_NON_OPT. Heres an HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:46 AM, on 1/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\AntiVirus 2007\TAVScan.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Inter... Read more

A:Trend Virus Scan Found 2 Suspicious Files, one unknown (HJT LOG INCLUDED)

Still wondering if this is a problem...
 

3 more replies
Answer Match 79.8%

Hi, just found while running the tools section of counterspy to see what was running that there was a program called camerafixer.exe running. Also a program called LightScribe by Hewlett Packard. I do not remember installing anything like this and am worried they are spyware programs. They are both running at startup and dont appear in my list of programs that I am able to remove ~Mod Edit: Topic moved to more appropriate forum~ TMacK

A:Unknown Program Called Camerafixer.exe

"LightScribe Frequently asked questions""CameraFixer.exe"Should be located in C:\WINDOWS\CameraFixer.exe. If you right click on the file you should get:CameraFixer.exe -The version is 1,0,0,2Copyright © 2005Company - Its emptyProduct name - CameraFixer ApplicationDo you have webcam or digital camera software installed? It could be related to that.To ensure its not malware related, you can submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Post back with the results of the file analysis.

1 more replies
Answer Match 79.8%

I've been getting this windows popup recently, it's called Locker v4.22 It forces me to pay bitcoins to unlock my files. What the hell is this?

A:Unknown software called Locker v4.22

Here is the screenshot

5 more replies
Answer Match 77.7%

Hi, can someone please help as EA aren't helping me!

Origin was working fine until yesterday. Then it came up with this error code:

The procedure entry point _except1 could not be located in the dynamic link library C:\Program\Origin\Origin.exe.

So I uninstalled Origin, several times and followed EVERYTHING they told me to do, manual uninstall, do it with no anti virus etc. I even tried to download from a third party website, which did progress more in the installation but still failed with even more error messages!

I have had Microsoft access my computer and they have also tried everything and have confirmed that nothing at all is wrong with my laptop (which is what EA was trying to say).

Its really frustrating now and I hope someone can help please!

I have a Toshiba laptop and I am running windows 10.

It was compatible with windows 10 as it was working for a week or so. It did keep crashing but I changed screen resolution and was fine.

I will appreciate any help, Thanks!
 

More replies
Answer Match 77.28%

tried things suggested here but cant find anything similar, search my phone but cant find call id option anywhere

A:called a few people today, and im showing up on their phone as unknown now. (lumia 550)

Phone > ellipses (...) > settings > Change more settings for phone > Show my caller ID to > select options from the drop down menu
If you need additional help or have more questions or details to share, please join the site so you can reply in this thread. See this link for instructions on how to join Windows Central.

0 more replies
Answer Match 76.02%

Hi guys,

Basically I've acquired an old PC from a friend, I don't really know a great deal about the computer except that it is an Winfast motherboard with an AMD 64 Athlon processor.

I've been trying to fix the PC but when I try to do a clean install of Windows 7 Ultimate from a disc the computer repeatedly crashes and shuts down after copying files reaches 100% or before.

I have also tried to load a Windows 8 installer and a Ubuntu live CD, but it still seems to crash after running for a while.

I have feeling that it may be an error relating to the graphics/video card, (which is intergrated into the motherboard). Because sometimes the screen shows just lines. I tried playing with the bios once (pheonix bios) but this stopped it from booting and gave the post beeps to tell me there was a problem with the video card. However I reset the CMOS on the motherboard and it now boots but still crashes when trying to install windows 7.

Are there any other ways around this? i.e. disabling the video card manually, or any other solutions? Kinda hoping this isn't a hardware related problem.
Thanks in advance!

A:Boot error, unknown origin, ideas to make this computer boot?

Is the Windows Ultimate disc a retail copy? Or a burned disc? Or?

Is it a 64-bit disc?

I have never heard of the Winfast motherboard brand. It may be too old to support this version of Windows?

9 more replies
Answer Match 74.76%

I have an Athlon 2400 running under WinXP SP3 with 900MB RAM.The free versions of AVG Antivir and ZoneAlarm protect my PC.I recently got a warning stating a new version of ZoneAlarm was available (standard message with possibility to immediately download the update or be reminded in X days). After downloading the zaSetup_en file, I went through the whole install process and chose the free version update (the other choice was a 15-day trial Internet suite version). After update and re-boot, I immediately noticed that everything was ultra-slow. The CPU was indeed at 100% all the time. I could not even open a folder as it took for hours to open (it actually never opened). I re-booted twice to be sure that everything was installed correctly.Also, a Windows message warned that the firewall program was deactivate. I tried to open the ZoneAlarm setup page but it ignored all my attempts to start/open ZoneAlarm. After waiting over 10-15 minutes for any folder/program to open/start, I had to realise that my PC was most probably infected by a virus. These last few days, I noticed that my PC was a bit slower than usual, but attributed it to an intense use with too many Internet pages open simultaneously. This slowness was however nothing to compare with the current situation where I can actually do nothing.I am not 100% sure that current ultra-slowness is due to the ZoneAlarm update. I noticed though that the update file was not as usual, as the file name did not contain any re... Read more

A:Probable virus infection, origin of virus unknown

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

20 more replies
Answer Match 69.72%

Win xppro, sp3. ie8

I REALLY WILL STOP SURFING PORN NOW

pops up new ie windows (not tabs) that link to random sites, often unknown search engines showing results for last string searched on google, often for other random things (news 6 live, adfat, sals barbershop). seemingly benign.

After some time of this, more serious infections occur, including antivirus soft, many others.

Malabytes will knock out what it brings in, but not kill the initial infection.

have run malabytes in safe mode, safe mode + neworking, and mutiple times after knocking out later more malicious infections in both safe mode and regular. Sometimes picks up a few stragglres, sometimes not. But in all cases I still have the original thing which pops up a new ie window to some odd thing and presumably opens the door for the rest.

Any help greatly appreciated, and, really, despite any other sex life to speak of, sad though that may be, I will leave the porn sites alone after this.

A:unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems

Ok let's do this and see some logs please.*************************************>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new ... Read more

15 more replies
Answer Match 69.72%

I've been trolling the forums here for a while. Lots of great info but now I actually have an issue where I need some assistance.

When I was booting one day last week I got a nasty BSOD when Windows was trying to load. Then on the next reboot Windows 7 said it couldn't load and needed to do the recovery OS option from the Windows 7 repair on the CD. Well, before trying that I did a cold reboot and it got back into the OS fine so I didn't think much of it. Now, I noticed Ghost shows the C: drive status as "Unavailable" and it can't back it up anymore. It does give me an option to restore from one of my old backups. I'm thinking the MBR got hosed up somehow or something like that. But I'm skeptical to run an MBR repair since I have that 100MB partition on my SSD where my OS resides.

Ghost Shot>

This was about a week ago my Windows 7 started acting up right before the big patch Tuesday. I've been running it for over a year now and it's been solid. When I first set it up I installed it on my SSD (Intel 510 120GB) drive. One of the qualms I had with the install is Windows created a separate boot sector on the disk drive where it stored my boot files. This is known the the "system reserved" operating system files 100MB partition. Apparently the way to avoid this is to use a third party partition tool before doing the windows install. That way it will keep the Boot sector files on the same partition which is how I would of liked it for doing resto... Read more

A:Windows Recovery disk shows operating system: Unknown on (Unknown)

Note, I just went into my Disk 3 where my SSD resides in DISKPART and did some commands if this helps. It shows both the 100MB and 111GB Partitions on the Intel SSD as "Active".


Code:
DISKPART> list partition

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

DISKPART> detail partition

Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 System Rese NTFS Partition 100 MB Healthy System

DISKPART> select partition 2

Partition 2 is now the selected partition.

DISKPART> detail partition

Partition 2
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 105906176

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 111 GB Healthy Boot
Thx again for any/all help!

5 more replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Sha... Read more

A:Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it
 

3 more replies
Answer Match 69.72%

My laptop is a HP Pavilion dm1, and has become extremely slow in the past few days. Also, there are some unknown processes shown in task manager, and some extensions in chrome that random pop-up tabs suggesting I may also like t read the following etc. This usually comes on Google results, YouTube, and other news articles.

I don't have access to the boot cd unfortunately.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by hp at 21:18:08 on 2014-03-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1641.256 [GMT 3.5:30]
.
AV: AVG Internet Security 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:Slow computer + unknown processes + unknown extensions in chrome

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Object Browser<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Object Browser

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks: Please download CKScanner? by askey127 and save to your desktop.
Double-click on CKScanner.exe and click Search For Files.
After a very short ti... Read more

12 more replies
Answer Match 69.72%

Please help me folks, I'm on borrowed time today.

I had to reformat my computer thanks to a handful of Trojans and of course, I am missing the Ethernet driver to connect. In the past, I had a friend set me up, but he never told me how to do it and he's gone in basic training so I can't ask for his help today.

I have a custom-built Compaq HP
I will have Windows XP HOME installed when I get the cash.

What I need is help figuring out where to look to find the model number to install the correct driver. I have tried the HP website and it does not work; My driver is built into the motherboard.

I currently have Windows XP Professional for English Students, it's my father's OS
 

A:Unknown Ethernet Driver - Compaq HP (model unknown) Windows XP

"I have a custom-built Compaq HP"...

Custom built by HP or a friend? See if you can tell us the model of the motherboard. Give us any name or numbers you find
 

9 more replies
Answer Match 69.3%

During Win2k startup I get an unknown screen called 0 with content also 0 that I have to accept by clicking on 'OK' before Windows will continue loading. This happens immediately before the Logon identification panel. Same thing in safe mode or on diagnostic startup from MSConfig. Virus scanning is OK. There are no files or folders called '0' and I can't find a reference to '0' in the Registry. Any ideas on how to troubleshoot this further?
 

A:Unknown screen called "0" on startup

This sounds like it may be an unhandled exception error for an applet or device driver that Windows itself needs to start at bootup.

What does the event log say about this event? Have you looked for an avent at about the time that this crops up? That may give you some clues on where to start looking. You may also want to try SFC and see if something has been changed that shouldn't have been.

I have come across similar windows on W2K machines where there is nothing but an OK box and nothing else. If you have lots of time on your hands you may be able to track it down by removing and reinstalling all of the software and hardware in your machine.

The quickest and easiest solution is probably to format and reinstall. Reinstalling over the top may not get rid of the error.
 

2 more replies
Answer Match 69.3%

Found this after running Spybot - S&D: qrtuvwa.exe. Spybot simply showed it as being in the registry. I've searched for it at various sites and I can't find any info on it. I'm running 98SE and just recently installed MailWasher. Not sure if it is related to it.

Any ideas?
 

A:Unknown app found by Spybot

6 more replies
Answer Match 69.3%

Device Manager has an unknown device listed. I used Unknown DeviceIdentifier 8.0 and other search methods and this is what I got:

Windows Device Manager
Device type: Universal Serial Bus Controller
Manufacturer: Standard USB Controller
Under Details I found:
Location Port: Port_#0002.Hub.#0004
Driver Provider: Microsoft
Driver Date: 6/21/2006
Driver version:6.1.7601.17586
Physical Device object name: \Device\USBPDO-6
Device Instance path: USB\VID_0000&PID_0000\6&29E6B3C2&0&2
Parent: USB\VID_8087&PID_0020\5&203162ce&0&1
Container ID: {228ca907-7860-11e2-8dc0-806e6f6e6963}
Driver node strong name: usb.inf:Generic.Section.NTamd64:BADDEVICE.Dev:6.1.7601.17586:usb\unknown

Unknown DeviceIdentifier 8.0 lists it as:
Unknown device
Vendor Microsoft
PropID: usb\unknown

From another website I did a Google search for USB\VID_0000&PID_0000\6&29E6B3C2&0&2 and produced no results. I then went to: the PCI database website and still no results.
Considering that everything points to Microsoft I find this odd and don't know what i should do about it. Any suggestions?
Thanks

A:Truly unknown device can't be found anywhere--what to do

Hello pintree,

The device is your "Universal Serial Bus Controller".

You should be able to install the USB driver from your computer manufacturer's download page for your computer's specific model number.

If you like, post back what brand and model your PC is, and we'll see if we can help find the USB driver for it.

9 more replies
Answer Match 69.3%

Could someone please help me figure out what this path means?

c:\program files\support.com\client\backup\RU

Under Run, Search, Files or Folders and entering Rundll32.exe, it found 2 items.
The first appears legitimate with Windows logo and appropriate location.
The second is a manilla folder. When I click on properties, it shows that (above) as the location and in the window it is called 24576_5b1361b85_ and that is also shown as the 'Description'. It's 3,022 bites and was created on Monday, January 8, 2001 and modified the same date one second later.
I'm having problems with Rundll32.exe and popups, VX2, and ads1.revenue, and no telling what else. I have posts in the HJT forum also but this file/path is new info and I'm not sure what it means.
Any ideas???

~67~

A:Unknown File Found

From what I am reading it looks like an automated backup of some sort. Does not look dangerous. But looks can be decieveing I will look into it a little more. I never ran windows me ... LOL.. RunDLL erors? what kind of video card do you have? Also download shoot the messenger from my signature (hijack this and other programs) And unplug and pray. They keep "WINDOWS" messegner closed and off (not to be mistaken with msn messenger. Post back about the video card. Some vid cards have rundll.32.exe running You can download a free trail of this program! Its great I just bought it and it will tell you everything that is running even the hidden crud!!http://nct.digitalriver.com/fulfill/0138.002

11 more replies
Answer Match 69.3%

I did some scans because some folders started crashing. Every time I went into the folders windows would end process on window explorer.

Avgfree 8.5.409 found nothing, but superantispyware and mbam found and removed a trojan.

I went through all the old logs but could not find the name of the trojan.

I then went into safe mode and deleted some file a ran the scans again, all found nothing

Now everything says I'm clean but my computer keeps running slower and slower. Applications are loading the slowest I have ever witnessed on my computer.

Followed the first steps but root repeal could not scan, every time I tried my computer completely frooze.

---

DDS

DDS (Ver_09-07-30.01) - NTFSx86
Run by cc at 10:59:40.40 on Thu 09/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.340 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes... Read more

A:unknown trojan found

BUMP Please

4 more replies
Answer Match 68.88%

I'm running Vista Ultimate 64 on a 500 Gig hard drive with 3 partitions.The problem is I marked one of the partitions,not Drive C, as "active" by mistake.I done a Command Prompt to make it "inactive", but when I started the system up again it wouldn't boot.I used the Vista disk for the recovery process, but I got a message "Operating system unknown on (unknown) local disk" i tried fixing the problem with a command prompt "bootrec/fix boot" ,but nothing happened.When I look at the info in Command Prompt it doesn't show the disk partitions, just Disk 0.Also I can't repair because no Disks are listed to be repaired. If I look at the drive in "My Computer" it is full with a file system marked as "Raw" and it wants me to format the drive.I used "Recover My Files" software and it shows some of the documents that are on the drive, but doesn't show any recovery.I looked at some internet post about the message I got and partition and boot problems like I have, but at this point I don't to try any else to make it worse.I would do a reinstall ,but on one of the drives I have some stuff that wasn't backed up.I never thought about backing it up because it wasn't on the C drive.Any help to solve this problem would be appreciated. ..........Kumpie

A:Operating system (unknown) on unknown local disk

Welcome!

Try marking the C partition as active again, using the Windows method in my post here.

Then run Startup Repair from the repair disc. Hopefully it will see your installation.

~JK

6 more replies
Answer Match 68.88%

I've just installed Windows 10 and experimented with the Groove music player. It finds all the songs but they are tagged Unknown Artist and Unknown Album. The songs appear fine in iTunes with the correct details and album art.

I reset Groove and made it scan the music directories again but the problem remains. Any solutions?

More replies
Answer Match 68.46%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:40 PM, on 2/19/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\AIM6\aim6.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\AIM6\aolsoftware.exeC:\Program Files\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Softw... Read more

A:Unknown Trojan Found on Computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

25 more replies
Answer Match 68.46%

I get a message found new hardware device unknown. This leads to a search for the correct driver which repeats as a loop. The following is the message I receive before this starts. I am operating on Vista and am wondering if this has something to do with Constant Guard that Xfinity is providing?

C Windows System32 newdev.exe"00000001".pipePNPDeviceInstallPipe1.b578af625098468fa1."RootISATAP0211"
 

A:Found New Hardware Device Unknown

newdev.exe is a Device driver software installation.

This file is part of Windows Operating System. It&#8217;s a system and hidden file. Newdev.exe is usually located in the %SYSTEM% folder and its usual size is 76,288 bytes.

-----------------------------------------

Have you installed any sort of hardware recently?

Even plugging in a microphone, flash drive, etc?

-----------------------------------------

Try performing a System Restore to a point before the error message began appearing.
 

1 more replies
Answer Match 68.46%

Hi Guys, hope you all are fine,I have an old HP DV6000 Laptop but since I installed Windows 8.1 on it there is a driver called 'Unknown device' in my device manager I googled a lot for unknown device driver for HP D6000 but cannot find It I had Windows Vista on it previously and did not have this driver missing. My laptop is also compatible with the Windows and meets the requirements but still can't figure this driver out even the webcam is working, It does not affect my laptops performance or anything it is just in my head that I need to fix that missing driver. I installed Driver pack solution 2015 online and in Driver pack it finds the driver but when I press download it says 404 error not found :|. I would appreciate a lot if someone can help me in solving this issue. Thanks in advance.Note: I am new to this forum and this is my first post so admin if any mistakes forgive me. This is from where I got the driver installing software driver pack: http://www.filesmag.com/2014/12/driverpack-solution-2015-drp-15-free.html

A:Unknown Device Driver Cannot be found please help!

The "Unknown device" is probably the laptop's IR Receiver. IR is a relatively niche tech that isn't used very often when it comes to laptop communication. Even in it's heyday it was a pain in the *censored*.Also, "Driver search" Style software is useless at best.

2 more replies
Answer Match 68.46%

I have this thing called HTREE\ROOT\0 on my system. I used tweaking.com's hardware identifier to find it. I am really at a loss here on what to say because I have had my vehicle stolen and I was moving and had valuable documents ie birth certificate....address's ect. ect. I know I need to report this all to financial institutions but whoever has been messing with me on the internet has cost me tons of dollars. They are somehow able to steal my data (i have to use mobile data b/c I lost my home) and waste countless hours of just frustrating that heck out of me. it's to the point I have almost lost my sanity. So ya can anyone shed some light on the HTREE\ROOT\0 thing?

A:Found Unknown hardware device

You have an open existing Am I Infected topic, http://www.bleepingcomputer.com/forums/t/612199/hidden-locked-process-totalexe-process-and-some-power-thing/ .
 
Please continus puruit of that topic.
 
This topic is now closed to avoid confusion.
 
Louis

0 more replies
Answer Match 68.46%

After every boot my computer shows found new hardware although nothing new is installed. But few days back I had updated the system. I don't know if that's the reason because there is few days gap between these events. I have vista 32bit, Intel core 2 Duo processor 2.10 Ghz.
Device manager shows an unknown device but when I click on reinstall driver windows cannot find anything.

A:Found new hardware - unknown device

Hello,
Are there any external devices connected to the computer?
If yes, disconnect the device and check if unknown device there or not.

7 more replies
Answer Match 68.46%

Tonight I received a dialogue box indicating that another computer on my network has the same IP address as my computer. I am using my computer in a hotel and it is connected to the Internet via a cable to a router. And, to my knowledge, no other computers are on this network. I checked an in addition to my computer, COMTREND Is also showing up. I am wondering what this is? I am thinking that it might be the router to which my computer is plugged into but I don't know for sure. Any, information regarding this will be greatly appreciated.
 

A:Unknown Device Found on My Computer:

I get this from time to time on my home network with only our computers connected to the router. I just ignore it.
 

8 more replies
Answer Match 68.46%

I'm having this serious problem about my computer. I'm sure it is caused by some kind of virus. Yesterday when I turned on my laptop, there was a weird sound on the speakers. Although I absolutely didn't have any programs on at that time, there was the sound of a woman moaning, pretty much sex sound. I swear I have never watched porn or anything but I have no idea how this sound just appeared on my laptop. I got very frustrated because I don't know how to fix this, except for turning off the speakers. I tried to use virus detection and scan my whole laptop but it found nothing. Every time I turn on my laptop for a while it happens again--the moaning sound just pops up out of nowhere. I hesitate to tell people because they would think I went to nasty websites, however I did not. Well, sometimes I do go on websites to download music but that is all I do. I guess the virus or whatever comes from those websites.
Can anyone please please tell me how I can fix this? I really appreciate your help.

A:Unknown sound found on speakers?

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

1 more replies
Answer Match 68.46%

I have a service that I dont understand. I was wondering if anyone else has it in their services list. It's called PAExec.

When I search the internet for PAExec that it's a program by Power Admin. Well what the heck is it doing installed on my machine and why? Please someone tell me that this isn't a standard Windows 10 Pro Anniversary service. I never installed the service and need to know what I should do if it doesn't belong there.

A:Unknown program found in services

Originally Posted by craazziee8


Please someone tell me that this isn't a standard Windows 10 Pro Anniversary service.



I don't have it on any of my machines so no I guess it isn't.

You could download autoruns and see what program it is starting (click on the services tab and look under image path). That might give you some clue. If you wanted you could then delete the .exe and delete the service (right click on it in autoruns and select "delete").

From Google though I'd at least disable (probably delete) it as it seems to be designed to allow remote commands to run.

PAExec from Power Admin LLC?

1 more replies
Answer Match 68.46%

Hi everyone,
So first I'll give you basic information about my computer and then I will tell you the rest. First my computer when bought came pre installed with Windows 7. As soon as Windows 8 came out I upgraded to Windows 8. My system is BIOS not UEFI. I have about 3gb ram and 500gb hdd drive 2.20 ghz processor. Windows 8 runs really smoothly. So recently 2-3 days ago I decided to dual boot Ubuntu with Windows 8. Before when I had Windows 7 I dual booted it with Windows 8. So now I thought about dual booting with Ubuntu 12.04 LTS. The Installation process was fine until I take out the installation usb with Ubuntu and whenever I try to restart it the PC would hang on the oem screen for a while which is ridiculously long. Then when I would boot into Windows 8 and sign in I would get a notification message saying the last storage device you plugged in isn't found. I went to the device manager in Windows and it would say an unknown device has been found and even if I tried to Uninstall it would come back again. I tried searching for updates but nothing came up. I googled it and got no results. If you guys can get me the problem solved it would be great. What annoys me the most is the PC hanging on the oem screen. Right now I fresh installed Windows 8 so it's the only OS running at the moment. But I want Ubuntu 12.04 LTS because of git, ssh and all the server side stuff. I have also posted the error screenshot for more info.

Thanks,

Gurinder Hans

A:Windows 8 unknown device found

I would take the ISO download and make a bootable DVD with it.

What software did you use to put the ISO on a bootable USB drive?

10 more replies
Answer Match 67.62%

Did a quick search but could not find an answer...
Earlier this week, my wife found four unknown computers in the local network located in my network places.
We have a broadband internet connection but there is no router and there should not be any other computers linked to mine. The computers we found are all labeled "ShareDocs" and the a computer name like "blank family computer". My questions are...

How did this happen (my broadband company or possibly a file sharing program?)
How much risk am i at
How do i stop this and prevent this from happening again.

I'm running XP home w/ SP 2. I am using zonealarm for a firewall and have very strict settings.

Thanks for taking a look,
Jeremy

A:Found Unknown Computers In My Network Places

Hi lenrokWe have a broadband internet connection but there is no router How are you connecting?

3 more replies
Answer Match 67.62%

Hi. I found two unknown computers on my network (using Explorer). I have a wireless setup at home (private) with a desktop (wired), two laptops and a phone (wireless). The encryption is WPA2/TKP with a hard to guess password. The two unknown computers were connected this morning and a few minutes after I tried to access them and do some checks, they dissapeard -- could they have been watching me? I didn't check the router page until then and of course, they weren't there.

Also, yesterday I was at a coffee place, so could it be that this is nothing and those two computers are from people at the cafe?

Is there anything I can do to make sure nobody can access my network, unless it's the computers I want. I haven't manually set up a home network yet.

Here's more infor if that helps. Thanks.

--------------------------------------------------------

Microsoft Windows [Versin 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.

C:\Users\Claudia-Lappy>ipconfig/all

Configuracin IP de Windows

Nombre de host. . . . . . . . . : ClaudiaLappy
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : hbrido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de bsqueda de sufijos DNS: domain.name

Adaptador de Ethernet Conexin de rea local 2:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS especfico para la conexin. . :
Descripcin . . . . . . .... Read more

A:Found two unknown computers in my secured network...

6 more replies
Answer Match 67.62%

I apologize first off. I cannot be as descriptive as you would like me to be.Symptoms: at most a little slowing down of my computer, constant connectivity issues with my internet (which may not even be related)Alerts: I don't have any alerts or error messages, its just something I noticedPossible Problem: Let a friend borrow the computer and he did what he calls "fixing it" which I didn't ask him to. Being curious I decided to browse through my systems processes (I had about 79 of them at the time) and found something with no description: stllssvr. I tried to look up if this is something legitimate by researching it through a search engine. It actually led me to find your site, became a member. And I am left with a question as to whether sstllsvr is safe or not.Other: There are also a number of questionable entries (not like i know what's safe anyway) that I do not know about. I was hoping someone could review my log and tell me whats keepable/not. I know this doesn't seem at all like an urgent problem so I don't expect to get a reply soon, please take your time.Actions Taken: ran CCleaner, SBSD, Ad-Aware, Stinger (I could not seem to get any of the bitdefender or panda or housecall progs to work). All I came up clean EXCEPT for Stinger which found something in a supposed music file i had downloaded. I forgot to take note of what that virus was, but it was the only one and stinger had deleted it on the spot. Also, I tried to browse the Startup List Section and... Read more

A:Stllssvr - Unknown Object/process Found. (and Other)

Hello MomoChan,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 67.62%

First off, I'm going to be honest, I've already asked for help on another forum BUT they found nothing and said my HJL was clean. The topic there should be closed. And I already posted this on the web browsing issues section because when the other forum said my computer was clean, I figured it had to be an error on my laptop, I got no replies so I've asked for that topic to be closed. As crazy as it might sound, I know that there's something affecting my computer. This is the jist of what I posted on the other section: "A few days ago I noticed that some of webpages weren't loading correctly. It was shortly after updating Java. Web pages that I visited like Yahoo, Adobe, and Facebook started to load plain text (no graphics of any sort). The Microsoft site wouldn't load at all until I read instructions somewhere on this forum about enabling secure sites. Most other sites loaded perfectly so I figured it had to be some sort of malware that was blocking me from certain sites. I ran a lot of scans using several anti-malware and anti-virus programs. I ended up finding about 3 trojans that were removed. That didn't solved my problem though. I got fed up and decided to reformat my computer hoping that whatever was wrong with it would get fixed, it didn't. Since I formatted my computer I tried updating Windows but I kept getting an error: "WindowsUpdate_8024402C". Wouldn't work in Normal mode even after I followed the instructions g... Read more

A:Found unknown hidden processes in my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

12 more replies
Answer Match 67.62%

I was perusing Disk Management and an unkown, 3.5 GB, FAT32 partion was listed. Partition Magic showed a name: CP/M, Concurrent DOS, CTOS. What the H*** is this? Can I delete it?
 

A:Solved: Unknown partition found on C: drive

Its probably a recovery partition that you do not want to delete. I'm guess this is a big brand name computer.
 

3 more replies
Answer Match 67.62%

What am I missing here? I bought a Mitsumi external usb floppy drive on eBay. Plug it in either an Intel or nVidia chipset desktop machine with XP SP-2 and I get the Found New Hardware and Unknown Device boxes at the toolbar. This is confirmed in Device Manager. The enclosed floppy is a model D353G. The enclosure is marked "Generic USB FDD (UD-376)." The software known as "USBDeview" can tell me little about it, but it does see the firmware as "1.03" and lists vendor and product ids.

Since I shouldn't need USB drivers for XP with SP-2, am I missing the obvious, or have I been screwed by a zealous seller? tia

Merry Christmas! btw

tj
 

A:Solved: Found New Hardware. Unknown Device.

10 more replies
Answer Match 67.62%

Hi guys have been having various problems recently mostly crashes BSODs. When looking for problem found the following named file in C:\Windows\SysWOW64

??????????????????????? ????????????*??????????????????????????????????????????????????????????????????????????????????1

34.1k dated 11 May 2015

Have scanned with Comodo Anti-Virus and MBam pro both came up clean. What the hell is it? and is it a problem?

Windows 7 Home Premium (x64) Service Pack 1 (build 7601)
Board: ASUSTeK Computer INC. M4A88T-V EVO/USB3 Rev X.0x
3.20 gigahertz AMD Phenom II X4 840
8192 Megabytes Usable Installed Memory
AMD Radeon R9 290X

A:Unknown file found in C:\Windows\SysWOW64 ?

Corrupt file.

Try to delete it. Might need to use a utility if Windows says it can't be removed.

Regards,
GEWB

3 more replies
Answer Match 67.62%

I have just upgraded my pc with an ASUS %5N-E SLI motherboard and an ASUS GT8600 graphics card. However my usb ports are not working. When i plugged in my usb devices the power comes on but windows xp does not detect them at all. I read somewhere that it could be the creative sound blaster audigy card that i have that could cause the conflict and i removed the sound card but it's still the same. I checked under device manager and the usb controllers are working properly. I tried reinstalling the usb drivers but it doesn't help. Also i have been getting "unknown hardware detected" everytime windows starts up. I have no idea what hardware it is refering to. I checked device manager and it is on PCI standard ISA bridge. The device status is "This device is not configured correctly. (Code 1)". Anyone who knows please help. I have been spending the past 2 days trying to solve these 2 problems but nothing works. oh forgot to mention. I have tried updating my chipset driver as well.
 

A:usb port not working + unknown hardware found

7 more replies
Answer Match 67.62%

I am using Windows 7 Ultimate x64 SP1. I ran HijackThis as you do and saw the following line which I removed.
Internet Settings, ProxyServer = 127.0.0.1:19876When running DDS in the dds.txt file I found these settings which may be unrelated but I cannot explain them.TCP: Interfaces\{5D969EFE-1A71-4BC0-950C-B6214B4FC1DD} : DHCPNameServer = 88.82.13.60 88.82.13.60When I found these items I ran CCleaner just to lighten the amount I needed to scan. Then I ran ComboFix and Malwarebytes Antimalware and found nothing. I then used GMER and removed a virtual cdrom that had been sitting on my computer long after Deamon Tools had been removed. 
It is the proxy server that worries me. Doing a quick search of it there does seem to be a Trojan keylogger that will listen on that port.
 
OP: http://www.bleepingcomputer.com/forums/t/484443/possible-virus-unknown-proxy-was-set/
 
DDS Log
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.11.2
Run by User at 8:31:46 on 2013-02-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16375.13969 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\ls... Read more

A:Unknown proxy was set. Unknown network adapter.

Ignore. Double post.EDIT: Merged with original post. -etavares

13 more replies
Answer Match 67.2%

Upon booting to the desktop I get two messages1. Error loading C:\WINDOWS\System32\ycuwhrwl.dll2. Error loading C:\WINDOWS\System32\xpdrrths.dllI have googled for these as dll items and have found nothing..They may be items which were removed from the registry by a previous malware repair attempt.3. there is also a desktop popup.Light blue background with bold red letters saying 7 spyware found and Your PC is infected.Three items are listedWild TangentISTBar.SlotchImesh.v7Along with the message:spayware can be a reason for popups that violate your internt activities and may result in slow work of your browser.Their is also a large red rectangular button at the bottom of the popup labeled in white letters with REMOVE SPYWARE.a pic is attached.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, June 16, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, June 16, 2008 14:33:21 Records in database: 872820--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\Scan statistics: Files scanned: 76013 Threat name: 3 Infected objects: 4 Suspicious objects: 0 Dura... Read more

A:Not Found ( Possibly False .dlls ) And Unknown Popup

Hi and Welcome to the forums.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

1 more replies
Answer Match 67.2%

I have a LaCie external hard drive which works fine on other pc's running Windows 7 Ultimate, but on this one it is an "unknown device". I have tried it in different ports but with the same result. I've checked with Windows Compatability and the exact model is listed there as being compatible. I've been to the manufacturer's website but there are no drivers available.
I have the same problem with any USB device I plug into any port. I have tried a complete Windows re-install from a different CD but it made no difference.
The only USB devices that work are the keyboard and mouse.
I have given the LaCie HD as an example because I am hoping that if I can get a specific device to work, I may be able to solve the problem with others.
I've done the upper and lower filter removal thing in Regedit, and have uninstalled and reinstalled the USB drivers numerous times but nothing works. I've also updated the BIOS.
Any ideas please?

A:External hard drive found as unknown device

NOT a pro ! but i think after what u have done the only thing faulty would be your ports <<<<

I had the same problem with my pc and after a hell lot of time waste i came to know that my ports are out ......

Am not sure whats the case with yours ........

5 more replies
Answer Match 67.2%

Hey. I recently reloaded an old gateway computer with XP home edition (used to be media center). With all drivers installed and computer working correctly, every start-up I get 2 windows of Found New Hardware Wizard. Any help?

-Kenny
 

A:Found New Hardware wizard keeps popping up in XP, although no unknown devices?

Access BIOS and in the POWER menu see if Intel Quick Resume Technology or it may be Intel QRT is there. If so if it is ENABLED, DISABLE it, save and exit and see if the problem continues.
 

1 more replies
Answer Match 67.2%

I was just completing an upgrade of my system when I noticed an item I had not noticed before (but was probably present before the upgrade, I just had not checked these variables for some time).

Under Environment Variables, in the user variable section I have 3 items.

The first 2 are the stand definitions for TEMP and TMP.

The third is UD_DISABLE_USAGE_TRACKING with a value of 1

Google returned 0 results for this string (which is VERY unusual), so I wondered if anyone might know what it is for or how it got there?

Thanx

A:Unknown Environemnt variable found UD_DISABLE_USAGE-TRACKING

It may be a "Do Not Track" flag set by a browser, but I would be surprised for it to be stored as an environment variable. It may be set by your antivirus/internet security package?

I think it is more likely it was set in Microsoft Management Console.
Microsoft Management Console - Wikipedia, the free encyclopedia

9 more replies
Answer Match 67.2%

Ive had to post new thread ,cant find old one.My IE keeps closing and freezing.Ive completed first 5 steps and attached log notes. I would appreciate it if one of you'se guys could have a look and offer advice. Activescan found unknown spyware in the INTEL MATRIX STORAGE MANAGER AND ASKED THAT IT BE SENT TO THE LAB.Cheers

A:Activescan Found Unknown Spyware Asked To Send To Lab

Hello and welcome to TSF.

If you still need help, please post a fresh Main.txt from DSS (do not attach it please) and I'll be happy to help you.

Thanks for your patience.

11 more replies
Answer Match 67.2%

Hello all,It seems that I have skipped ahead a little bit as I have run ComboFix prior to posting. [That's why you are supposed to read the manual first right ;-)] The symptoms were our internet connection being very slow to the point most pages would time out and not show. Also there are continual port scans coming in that my router is thankfully denying. I have hooked other computers up to the same network and found the bandwidth to be fine on them.I ran Symantec AV, MalwareBytes AM, ClamWin AV, and TrendMicro's online scanner. They all came up empty - that's when I resorted to ComboFix.Sure enough ComboFix found some issues and quarantined files, but I do not know what the viruses are - is it listed in the log somewhere?. Could you please give me some insight as to what to do next?Thanks!!-hosEdit: Moved topic from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal to the more appropriate forum. ~ AnimalEDIT2: Please do not post your log to this topic unless requested by someone helping you. See the blue text at the top of this forum. ~ Animal

A:Unknown infection found with ComboFix - Recommendation on removal

Update mbam and run a FULL scanPlease post the resultsThen run ATF and SASATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS,may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-... Read more

6 more replies
Answer Match 66.36%

Hi there,
 
Usually any computer problems I can fix myself but this one has me stumped. The virus scanner I am using is Avast and the firewall I'm using is Windows Firewall. My operating system is XP Service Pack 3. Yesterday with breakfast I clicked into my "Downloaded" folder on my external hard drive to find the folder was empty except for a file called "myfile.exe." Where this has come from and how it was not picked up or recognised as a virus is unknown. I used these forums to try and solve the problem trying everything from "unhide.exe" to the recommended malware programs and followed pretty much every procedure but to no avail. The space from the files has still be taken up on the harddrive and show hidden files is checked etc. It only seems to be that folder that has been effected. The contents of the folder itself are all video files, tv shows and movies. If anyone can help it will be much appreciated!
 
 
RegardsEdit: Moved topic from Windows XP to the more appropriate forum. ~ Animal

A:myfile.exe virus deleted files in only one folder on external hard drive?

I seem to have found the files, they were moved from the original folder into a neibouring folder. It still doesn't explain the myfile.exe however. *edit* I have however also noticed that the computer is taking longer on start up along with the general speed of the computer and firefox is hanging regularly.

11 more replies
Answer Match 66.36%

My system speccy's should be in my profile bit, please let me know if you need more information.

Thanks

A:Driver not found for unknown 'ethernet controller' in device manager.

Hi You need the Realtek Ethernet Utility .. In the Link below ..
Motherboard - P8H77-M - ASUS

9 more replies
Answer Match 66.36%

I have an acer laptop running Windows 7. I did a windows 7 update in the morning that afternoon I had problems re-starting the computer. Internet Explorer wasn't working saying page could not be displayed and Norton was playing up as well. I have completed a startup repair and got this error message;
Root Cause Found
Unknown bugcheck f4 Parameters = o x 3, oxfffffa8007efe230, 0 x fffffa8007efe510, 0 x fff800033d70do.

Repair Action: system files integrity check and repair.
Result failed. Error code = 0 x 45d.
Time taken - 1569027ms

I have now tried to start windows normally and it has taken about 20 mins so far and just a black screen.

Can anybody help please.

A:Startup fault Root cause found unknown bugcheck f4 parameters =0x3

Hi and welcome to the Forum
See if you can boot into Safe Mode. If you can try a system restore to a point before the update took place!

4 more replies
Answer Match 66.36%

Earlier today one of your members was kind enough to help me remove the DNSUnlocker malware that has infiltrated my system. Previous to that I had run AdwCleaner, Malwarebytes, Junk Removal, eScan, and others, removing a lot of junk in the process. This morning while browsing through my temp files I found an entry with the file type "DealEExpress", which looked very much like the names of some of the malware I had just nuked.
 
On a whim I decided to run a search for that name, and it brought up 40 entries of that file type (see screencap), all of various sizes and in all sorts of innocuous places like iTunes, Photoshop Plugins, and The Sims 2.
 
Would it be safe to just manually delete these? None of my virus scans picked them up, but they don't seem right to me.
 
Thanks very much for your help.
 

A:DealEExpress, Unknown File Type found in many folders on System

Or run TFC...Empty your temp folders using TFC (Temporary File Cleaner)Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

3 more replies
Answer Match 65.94%

Hi- TPlease help me with my laptop.

The computer has been acting weird lately. Everything runs SO slow. I have run a few scans but did not do any repairs or any quarantines. I did a System Restore 3 days ago and the problems continue. In Jan 2014 I had a tech site help me with the following problemsossible malware/virus=Websearch. Searchnewtab, keyword Hijacker, safesaverBHO, searchwebs, statcounter, zedo. I changed my internet provider and didnt have service for over a month so the site didnt help me finish the troubleshooting. Im not sure if these things are still on the computer.

1. MBam showed this in registry files: PUP.Optional.Tarma.
2. HijackThis showed 9 of these files: Unknown file in Winsock LSP c:\windows\system32\wpdsp.dll

3. Windows Update - When I check for updates, it does a 5sec check and comes back with a message saying . "Updates can't be installed while Windows is running so you should save your work, close any open programs, and then restart your computer to finish the update process. The computer will reboot and 10 sec later a notification pops up saying that I need to update. Nothing ever updates. The process repeats over and over."
The only Windows updates that show since 8/13/2013 are: Definition Update for Microsoft Security Essentials, which never used to show in Windows Updates! It shows Most recent check for updates: Never and Updates installed: Never. I know there has been updates and something is blocking them.

Problem Re... Read more

A:Windows will not update, 25 suspicious host files, 9 unknown files in Winsock LSP, PU

BUMP

I'm sure you are really busy and I know my system has A LOT of issues, but I would really appreciate any help.
Thank you.
 

1 more replies
Answer Match 65.52%

Hi.
 
The otherday when I was trying to edit user settings on my 64 bit windows 7 laptop I found that it kept freezing when trying to access the options in the user accounts. This caused me to start looking into the user folder on the C drive where I found an uknown user wangzhisong. upon searching the net I ended up at your forums and coming to the conclusion that I have some malware on my machine.
 
I am running AVG as my standard anti-virus/protection software but also installed Malwarebytes Anti-Malware last night to try and detect and fix the problem (It does not seemed to have worked)
 
I was hoping you could help verify that this is the case and if so help remove the threat.
 
All the best
 
David

A:Found a unknown user on laptop - wangzhisong - suspect as a result of malware

You said you installed MBAM but doesn't seem to work. Did you complete a scan using it? If so, please post the results
of that scan.

wangzhisong....seems to be related to  Mobogenie software for use with an Android device.
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars.
You may see a Google Tool Bar being offered.
CCleaner - PC Optimization and Cleaning - Free Download
 
download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Download Junkware Removal Tool to your desktop.
Shut down your protection ... Read more

13 more replies
Answer Match 65.1%

I turned on computer today and I saw that I have two mouses on screen. My main mouse is movable and I can work normally with it, but second one is stuck on top left corner and it's copying my main mouse icon (hand, arrow, typing icon).

And then I don't know why but I have looked into System Resolution control panel and I saw that I have a third monitor that weren't supposed to be there. Resolution is 640x480, and it's number 1, and my primary monitor is number 2.

I can't turn off that monitor ("Show picture just on 1" (my primary monitor)) like I had it before.
I am posting screenshots.

I am sorry for my English, because English is not my primary language.

A:Unknown third monitor and unknown second mouse

Simple restart solved both problems

1 more replies
Answer Match 65.1%

I have Norton (on windows 8.1) and the only file Norton doesn't list a Trust level (shows Unknown) is the file app2.ini.exe (also app2.ini.exe.aux) and the only info I can find on the net is that viruses sometimes are named this to Hide.
    Does anyone know what this file does?  Can I delete it?  Is it safe?
 I called Microsoft and they said that these files aren't one of theirs (???).
Norton also lists this file isn't on a lot of peoples computers, which is a red flag.

More replies
Answer Match 65.1%

PC specs:
Vista Home Basic Sp2
Toshiba
Satellite L355
CPU: Genuine Intel® CPU 585 @ 2.16Ghz
Ram: 3GB
System 32 bit
 
(I know this pc is outdated. It should be recycled, but it serves a purpose)
 
I accidentally deleted my main and only admin account, which created a ton of permission problems. So, I decided to lose all my files, and do a clean install of vista. (or so I thought).
 
After re-installing vista, I installed all windows updates first, then installed java, adobe flash, adobe reader, mozilla firefox, ccleaner, Malwarebytes, and AVG free.
 
I updated and ran a full scan with MBAM, and it found nothing.
 
Then I closed MBAM, and ran a full AVG free scan. It found this:
Severity: HIGH
Trojan horse Patched_c.ADKY
(C:\Windows\System32\DriverStore\FileRepository\kr10n.inff8c77270\KR10N.sys)
AVG Removed This Trojan.
 
So, I disabled AVG and ran the following online scanners:
 
I ran TDSSKiller, and it found nothing.
I then ran an Eset online scan, and it found nothing.
I then ran Bit Defender Online scan, and it found nothing.
I then ran Norton security scan, and it found nothing.
 
One problem I'm having is occasionally when I visit a website I encounter this:
http://i1315.photobucket.com/albums/t597/mr_magoo_bix/Computer/example1_zpsepgavvrh.jpg
 
The second problem is a freezing screen. The only way to unfreeze the screen is to do a hard reboot, and connect an external display, and press FN F5 to change the main display t... Read more

More replies
Answer Match 64.68%

In my documents folder I have a folder called Notes. Inside that folder are the following files:

Dotted_Line.jtp
Genko_1.jtp
Genko_2.jtp
Graph.jtp
Memo.jtp
Month_Calendar.jtp
Music.jtp
0Seyes.jtp
Shorthand.jtp
To_Do_List.jtp

If I double-click on any one of these files, it opens up some kind of graphics program. Does anyone know the purpose of these files. I have no idea where they came from.

A:Unknown files

JTP File Extension - fileinfo.com

Quote:




.JTP File Extension
Definition
Template created by Windows Journal, a program used for note-taking on tablet PCs; contains default text, images, and page layout settings; used to create notes pages (.JNT files) with the same look and feel, such as to-do lists or agendas.

More Information
Windows Journal includes several built-in templates in its installation. They may also be created from scratch by designing a template and selecting the option File → Save As → Windows Journal Template (*.jtp).

2 more replies
Answer Match 64.68%

there is about 12 files in the windows folder that say $ntuninstall*******$ (letters and number go where the stars are). I was just wondering what these files are. thanks for your help
 

A:Unknown files

http://www.adminlife.com/247reference/msgs/37/188222.aspx

This tells you all about them.
 

3 more replies
Answer Match 64.68%

So, one day, I noticed that there were three nonsense files on my desktop, and then I later found two more in My Documents. Their names are random strings of numbers and letters (i.e. CALGWB9P), they have no file extensions, and when I try to delete them, I get an error message saying "Cannot read from file or disk." I have no idea what to do with them!

I have also been getting a LOT of notifications from Symantec AntiVirus about actions it has taken against Trojans and Downloaders. Specifically, Trojan.Metajuan, Trojan.Vundo, Trojan.Dropper, and Backdoor.Trojan. In most cases, it says the risk was partially removed. I don't know if any of them are an issue or not, but I would appreciate any advice.

Also, I guess I have some issues with Spyware. From Panda Activescan:


Incident Status Location



Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vturpnk.dll ... Read more

A:Unknown Files

Hello and welcome to TSF

Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems,follow instructions below.

===========

Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
C:\Combofix.txt
Hijackthis Log

14 more replies
Answer Match 64.68%

Hi there, ive recently received some attachments that i have not been able to open. I'm running on windows ME, have office 2000 etc. I was told to download powerpoint 2000 viewer as i did not have this package with my PC, I did this and have been able to view some attachments but not all of them. If i receive an attachment is it possible to find out what program you need to view it? how is this done?

thanks in advance if anyone is able to help
 

A:Unknown Files?

what are the file exstensions that you are unable to open???
 

2 more replies
Answer Match 64.68%

Hello All

Just run Defrag and the following cannot be defragged:-

[email protected]:\WINDOWS\$NtUninstallKB57136$\1883484019\U\
[email protected]:\WINDOWS\$NtUninstallKB57136$\1883484019\U\
[email protected]:\WINDOWS\$NtUninstallKB57136$\1883484019\U\

Anyone know what they relate to and, should they be on my system.

Regards
SilverSurf
 

A:Unknown Files

16 more replies
Answer Match 64.68%

Well at least there unknown to me. When I click on my C: drive I have some files that I'm not sure if I even need them or at least shouldn't be in my C: drive folder?
Here they are:
boot.ini, AUTOEXEC.BAT, CONFIG.SYS, hiberfil.sys,hpcmerr.log,IO.SYS, MSDOS.SYS, NTDETECT.COM,ntldr,pagefile.sys

Also I have some files in my %temp% folder that won't go away. How can I get rid of these files?
Here they are:
~DF6E55.tmp,~DF7C11.tmp

Using XP
 

A:Unknown Files

9 more replies
Answer Match 64.68%

I have some unknown files listed in the 010 section, can anyone advise pleaseLogfile of HijackThis v1.99.1Scan saved at 15:26:44, on 14/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\SYSTEM32\GEARSEC.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcs... Read more

A:Unknown Files In Hjt Log

http://castlecops.com/lsp-172.htmlAVG firewall entry that HJT does not recognize

1 more replies
Answer Match 64.68%

Hello, it's been a little while here since I last posted, but I have been very busy with school. However, I did a scan for my computer with "Counter Spy" and it seems that it did a good job. I was hoping i could get your opinions on some files to see if they are risks and should be deleted or they ar essential files.Files:C:\WINDOWS\system32\azton.mt (Malware?) Identified as Torjan-Dropper.Gen / Trojan downloader by Sunbelt Softwares' "Counter Spy."SHould I delete or keep?I havve attached 2 pictures. These are of a different risk where pt1 and pt2 are Part 1 and Part 2 of the same picture. Part 2 cintinues from where Part 1 left off.Another risk:Should thes files be kept or removed. I think XML is an important function thouggh as this deals with .xml files but i could be wrong. Your opinions are greatly apreciated.If you want to view the photo, just be sure to click the black bar to be able to view the image text.Thanks,hortoholic

A:Unknown Files

Hello, you should quarantine them both.Also run an MBAm scan please.Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the ... Read more

3 more replies