Tech Problem Aggregator

unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems

Q: unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems

Win xppro, sp3. ie8

I REALLY WILL STOP SURFING PORN NOW

pops up new ie windows (not tabs) that link to random sites, often unknown search engines showing results for last string searched on google, often for other random things (news 6 live, adfat, sals barbershop). seemingly benign.

After some time of this, more serious infections occur, including antivirus soft, many others.

Malabytes will knock out what it brings in, but not kill the initial infection.

have run malabytes in safe mode, safe mode + neworking, and mutiple times after knocking out later more malicious infections in both safe mode and regular. Sometimes picks up a few stragglres, sometimes not. But in all cases I still have the original thing which pops up a new ie window to some odd thing and presumably opens the door for the rest.

Any help greatly appreciated, and, really, despite any other sex life to speak of, sad though that may be, I will leave the porn sites alone after this.

A: unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems

Ok let's do this and see some logs please.*************************************>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Now run SAS:Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

15 more replies
Answer Match 90.72%

Scans clean with spybot and AVG, nothing glaringly obvious in hijackthis or task manager, yet still getting IE popups (even while using firefox)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:38:07 PM, on 8/1/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\Documents and Settings\user\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\user.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defau... Read more

A:Unknown Infection- Various Popups Under Ie

Hello z16bitsegaWelcome to BleepingComputer ======================Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

2 more replies
Answer Match 89.88%

Hi,My computer is infected with something but I don't know what it is as scans via Spyware Doctor and McAfee have showed up nothing. Tried the Kaspersky scanner and it found 8 items but I was unable to save the report. However, some of those items were trusted programs such as IRC so...In any case, here's the problem.When I start up my browser, either IE or FF, there would be popups in other tabs or via a new window. They seem to be different websites everytime, and below are some of them:- <http://antispywaresuite.com/data/index.php?02005c5f570e6b100d025701574c3909036f084e0a665356073a43053a5c596e020451501f04580b591f550a565748020d5d455e5e5f095a5b3a0157570e03023a040703015556510556525b0c0957050608540f5d08010601510301035f5157033e56500d5102530003025a5b0e525755065a5d5b0b06010f5d5356500c55085151130555060953420109570a1e01095f01531f5f53090510065d5f541f5a453a085b04565e015556576b52660952595b04460a790c0105003a003d510b0204431257060452>- <http://joybuyjoy.com/hobbies_games.html>- <http://http://82.98.235.210/go//?cmp=impressions_se_juan&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&lid=http> (x)- <http://82.98.235.210/go//?cmp=vm_cmp793_xt&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&rid=ccnt_ha&lid=http> (x)- <http://83.149.75.33/info.png?cmp=ghrnc&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=15... Read more

A:Unknown Infection With Multiple Popups

Hello Cloud_D and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

8 more replies
Answer Match 89.04%

This is a home built Win XP (Home) P3 1.0 GHz PC that was running well for nine months prior to the recent problem with pop-ups. It's operating on an in-home network connected by a lowly hub and a Win 98 Internet Connection Sharing software.I have followed all the routines suggested to prepare for the Hijack file and while I was busy ready reviewing posts in the "Am I Infected" thread, got another pop-up. Something is still there hidden to my amateur eyes; I could surely use an experienced review and suggestion.Here's the results:Logfile of HijackThis v1.99.1Scan saved at 9:49:01 PM, on 05/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton SystemWo... Read more

A:Unknown Infection - Pop-up Advertising, Poker & Porno Sites

After running ewido and the lalatest vundofix.exe, it appears that I have uncovered the hidden attributes of this mal-ware. It now appears on lines 2 and 20 of my hijack log below?Logfile of HijackThis v1.99.1Scan saved at 7:59:23 AM, on 06/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Hardware\Keyboard\type32.exeC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Media Connect 2\WMCCFG.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\iPod\bin\iPodService.exeC: ... Read more

3 more replies
Answer Match 89.04%

I think I have a virus infection,Symantec scan in safe mode found the following viruses W32.Virut.CF, W32.Virut.H and InfoStealer and quarantined them successfully.Nothing seems to be wrong with the system, except I cannot access any of the antivirus sites like www.symantec.com, www.free-avg.com etc.So suspect something is still wrong. Ran sdfix.exe in safe mode and it threw errors running Regsvr32.exe and terminated them but proceeded to complete the scan. Post which still not able to access the above mentioned sites.Then tried following instructions in http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/The DDS log follows. Replaced a single string involving company details.DDS (Ver_09-07-30.01) - NTFSx86 Run by Pradeepkumar.T at 13:23:34.08 on Thu 09/24/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1342 [GMT 5.5:30]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\... Read more

A:Unknown Infection preventing access to antivirus sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

2 more replies
Answer Match 88.62%

Edit:I identified the virus through MaleWareBytes:Trojan.Vundo.HHere is the DDS log.DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 18:04:35.04 on Thu 04/23/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.464 [GMT -6:00]AV: *On-access scanning disabled* (Updated)FW: *disabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ClamWin\bin\ClamTray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Macromedia\Flash 8\Flash.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Owner\De... Read more

A:Unknown infection, getting popups. I know what the files are, but I can't remove them

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

2 more replies
Answer Match 88.62%

Hi

I've been infected with some type of malware. I don't have any other symptoms but intermittent IE browser windows popping up every 5 minutes or so and my McAfee saying I have an artemis<bunch of numbers> trojan that it's blocking access. The popups show page not displayed. I tried to get spybot as I have done in the past but I can't access their site or download any other anti malware sites to get the software.

After doing a few google searches I've managed to boot up in safemode with networking and get malware bytes to install from a USB key, it's currently running a full system scan - 20 mins and counting. Is there anything else I can do to be more thorough?

Thanks

More replies
Answer Match 87.78%

My computer was infected with a trojan "Selace.A" and "Selace.B", and maybe "Win32.Trojan.Spy". Microsoft Security Essentials found the first two, ADWare found the Spy. My symptoms were hijacked browsing, and popups. It started yesterday, i did a full scan, removed what needed to be removed, uninstalled java JREs and flash and reinstalled both, and now both ADWare and MSE find nothing to report. I am still getting hijacked browsing and popups, hoping I can get some help from an expert. Below are the contents of the DDS, GMER logs. Attached file Attach.txt as well.DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Allan Douglass at 14:42:52.98 on Sun 04/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.938 [GMT -4:00]AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exesvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\CTSvcCDA.EXEsvchost.exe "C:\WINDOWS\system32\adptifa.exe"C:\Program Files\Cisco Systems\VPN... Read more

A:Unknown malware infection - browser hijacked, popups

Hi, rrahl Welcome.Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.OTL should now start. Change the following settingsChange Drivers to AllChange Standard Registry to AllUnder File Scans, change File age to 30Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.*/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysRDPCDD.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys /md5stop%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfilesClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.Please post the contents of these files in your next reply.

32 more replies
Answer Match 87.78%

while browsing last night on firefox i received a notification from norton (expired) that n.exn was attempting to access the internet, low risk. it didnt seem right to me so i said never allow. since that time, whether on firefox or ie6, i periodically receive pop-ups advertising software or shopping sites. i assume its n.exn, at least a muted version, but i'm not sure. below is my hijackthis log. thanks in advance for any and all assistance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:05:15 AM, on 2/7/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32... Read more

A:Unknown infection: popups for security software and shopping

i believe i may have downloaded n.exn. while browsing last night, i inadvertantly clicked on an ad that started acrobat. i tried to close everything to stop any download, but subsequently was asked by norton if i wanted to allow n.exn access to the internet. it said low-risk, but i instructed norton to not allow access. since then, i have been receiving pop-ups when browsing on either firefox or ie. i posted a hijackthis log earlier, and subsequently read the article i was supposed to read prior to posting - sorry! below are the dds and gmer logs, and attached is the attach file. other than pop-ups, system seems to be running fine, but pop-ups were not an issue prior to the n.exn notification. any and all help is much appreciated. thanks,mikeDDS (Ver_09-12-01.01) - NTFSx86 Run by Mike at 8:52:14.94 on Sun 02/07/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.746 [GMT -6:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exe... Read more

24 more replies
Answer Match 86.94%

I have an HP dv6 1355dx laptop running a 64bit version of Windows 7.

I didn't deviate from any normal day-to-day internet activities, but got really worried when IE started opening up popups. I NEVER use Internet Explorer, so I was instantly on alert. The popups close easily, but are becoming more frequent. I also learned that whenever I try to search using Google on any of my broswers, about 80% of the time I get redirected to random, shady looking sites.

I have run all of my virus programs multiple times regularly and in safe mode. Microsoft Security Essentials would not open normally, and did not detect anything when I ran it in Safe Mode. In safe mode, it tells me that Malwarebytes picked up four different trojans, but successfully removed them and is now coming up clean.

Any help would be so greatly appreciated.

I ran one of the DDS logs, which gave me the following:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Teddi at 22:36:44 on 2011-06-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1823 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows&#... Read more

A:Unknown Infection causing multiple popups and Google redirect.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 86.52%

Sympotoms of my problem are as follows:When using IE 8 and performing searches on google, if I click on a link for a security or anti-virus related website (such as security.symantec.com) the browser is redirected to random websites such as (juggle.com - liquidnightclub.com - hobonickel.net - mindtext.net).Steps taken so far:BitDefender, Kaspersky and AVG 9.0 scans have all turned up nothing...DDS (Ver_09-10-26.01) - NTFSx86 Run by HP_Administrator at 9:52:49.31 on Sun 11/08/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.145 [GMT -5:00]AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9... Read more

A:Unknown Infection: Links to security sites on google redirected to random pages

Please close this thread - problem has been resolved via combofix.

Ran combofix with following results

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-3001981416-2881349318-4197590940-500
c:\windows\010112010146115110.dat
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\934fdfg34fgjf23
c:\windows\IA
c:\windows\ModemLog_PANTECH USB Modem .txt
c:\windows\system32\ps2.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job... Read more

2 more replies
Answer Match 86.1%

I'm sorry I can't be more specific, as this is my girlfriend's computer. When I've used it, I notice pop up ads galore on sites that don't typically have them. Random words are linked as ads in websites that don't have ads like that (such as this site). On using google, there are more ads than results...things like that. Some say "ads by KeepNow". She also is running Chrome, which keeps installing several extensions: shopndrop, dealster, and png2imagiee (which doesn't even give you the option to remove).
 
I ran malwarebytes and removed a whole host of things (something like 500 questionable entities) but I am still having many of the same issues. Despite the whole host of warnings, I did begin to run ComboFix...I was referred to that program from an outside site and did not see the warnings before I ran it. After it hung up, I stopped it and researched and come to find out I shouldn't have run it...ooops.
 
I have the malwarebytes logs if that is helpful. Thanks in advance
 
edit: she says chrome crashes a lot, as well....however I've seen her run 3 chrome windows with like 20 tabs on each, so I'm not sure if that is a symptom of the problem I've described, or her computer use
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Dawn Myers at 9:34:57 on 2014-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.964 [GMT -6:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA13... Read more

A:Unknown infection - many popups/random words in websites turned into Ad links

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr... Read more

21 more replies
Answer Match 82.32%

hi. baffled and going nuts over this one. asked to help sort out a computer for my father's boss and so i really need to get this rite. all i was told was it was running slow but after throwing pest patrol, adaware and pc-cillin at it, i removed going on for 900 spyware, trojans etc. now the thing is still running slow and is constantly trying to pop ads up and download spyware but i have driven myself nuts trying to work out what's causing it. i have googled all suspicious looking files that are running at startup etc and come up with nothing. pc-cillin is warning me about some popups and blocking them but not all and not telling me what program is making it happen. i have taken a log from hijackthis and am pasting it below. any help would be gratefully recieved. Logfile of HijackThis v1.99.1Scan saved at 20:55:08, on 21/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Fi... Read more

A:Unknown Problems Causing Popups And Slowing System

Please Download NoLop to your desktop from http://www.thespykiller.co.uk/forum/index....tpmod;dl=item16 First close any other programs you have running as this will require a reboot? Double click NoLop.exe to run it? Now click the button labelled "Search and Destroy"<<your computer will now be scanned for infected files>>? When scanning is finished you will be prompted to reboot only if infected, Click OK? Now click the "REBOOT" Button.? A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -==========================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. ... Read more

1 more replies
Answer Match 81.48%

Dear all,I managed to get a virus of some description on my computer last night, and am having trouble fully removing it.It has turned my Google quite strange - results now always open in a new window, often going to a completely unrelated advertising website. Some websites appear to be blocked entirely (notably the homepage for Spybot - http://www.safer-networking.org/ - immediately comes up with a 'Page Load Error').My version of Spybot initially wouldn't start, and on advice found somewhere I got it working by changing the name of the Spybot .exe. However, it prevents me from connecting to the update server (this is the case with ad-aware as well). I updated Spybot manually, and have done a scan which found nothing. I can now no longer access my C:\ drive via the shortcut on 'My Computer'. I can however access it by clicking the up arrow button in other C folders.I did an antivirus scan - Avira Antivir Personal - and it found 2 viruses: TR/Patched.CK.6 Trojan and the TR/Vundo.Gen Trojan. It claims to have deleted them, but it has now found them twice on two separate scans (after a reboot), so I guess they keep popping up. I tried Panda activescan online, which found nothing. I gather the Vundo is a tricky customer, and found a Symantec removal tool for it - but it found nothing. I deleted my hosts file in System32\ in case that was causing it.I'm running out of ideas, and don't really want to have to format the computer. Here are the results from my DDS scan:DDS ... Read more

A:Unknown infection causing various problems

Hello Jimbola,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

2 more replies
Answer Match 80.64%

Search engine is finding alternate sources. The descriptions read as if you have the correct site, but the web location is very wrong! I have tried Spybot, SuperAnitSpyware, Malware, etc, etc. Please help!
DDS (Ver_09-01-07.01) - NTFSx86

Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.67 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Fi... Read more

A:Search engine problems, unknown infection?

Howdy, my name is Hoov, and I will be helping you with your dilemma. Sorry it took so long to get you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow th... Read more

2 more replies
Answer Match 80.64%

Programs randomly stop and cannot be restarted. Most often the internet and the only way to restart is to reboot the computer; but most of the time when programs stop working the computer will not do anything. Specifically no option to shut down or restart, will not respond to control-alt-delete. I have to force shut down. Windows movie maker is another program that is constantly shutting down but that one will restart itself with no error explanation. Noticed recently a box notifying me that my windows calendar has stopped working. I don't know exactly what that means; I have seen the a hotfix from Microsoft (http://support.microsoft.com/kb/933942) for that issue but that is the least of my problems. I am thinking of a complete system restore but want to get rid of an infection (if any). I have tried to resolve by cleaning up toolbars/addons, removing programs, etc. I think there must be an infection or something serious wrong. Computer is not yet 2 years old. DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael Robillard at 13:28:09.31 on Thu 09/23/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1918.938 [GMT -4:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows ... Read more

A:Unknown infection causing countless problems!!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

9 more replies
Answer Match 80.64%

I've scanned my system with Malwarebytes, Super Anti-Spyware, and ESET Anti-virus and cleaned all that was found and I still am having problems with my web browsers (IE8 and Safari with IE8). Sometime when I initially click to start IE8 and it will not load until I press it a second time. Also, while in the browser if I left click it sometimes re-directs me to various search sites, if I use the middle mouse button to open it in a new tab it will freeze the browser sometime eventually loading the link in a separate window. When I close out IE8 completely I notice in the task manager the there is one iexplorer.exe is still running. I also notice that ESET keeps blocking the following site: c3.lkckclckl1i1i.com/aZC38sID6W7YAjS44c038f513... at IP: 62.122.75.138:80. I've blocked this IP in my firewall for now. I do recall sometime back that ESET and notified me it found a virus, but I had took it to mean it blocked it... guess not. I do not remember the name, but when I searched for it back then I remember it had said this virus would eventually completely lock down your browser (after PC restarts) and eventually grind windows to a halt - it also mentioned that winlogon.exe running was a sign of infection which I do have and cannot end winlogon.exe. I assume it hasn't gotten worse because ESET is blocking that website.I've included DDS.txt and attach.txt but wasn't sure about the ark.txt file from reading the instructions. Also, note that I use a 32gb ... Read more

A:Unknown infection with internet explorer problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

2 more replies
Answer Match 79.8%

Hello:

I managed to download a virus, malware or whatever from a fake site: hxxp://microsoftmedicenter.com/pluginerror/

Maybe somebody can go to that site and tell me what I have got myself into...

Anyways, after realizing that I made this mistake, I ran Symantec Antivirus (month old definitions), which quarantined the following:
1. jar_cache7190243559420621033.tmp - "still contains 3 infected items"
2. myf/y/PayloadX.class
3. myf/y/LoaderX.class
4. myf/y/AppetX.class

In the meantime, I have no desktop taskbar or icons, and cannot right click on the desktop. I can use my pointer and Task Manager to run some programs. I have tried numerous things, with no luck. I can't connect to the internet with that computer, or run a Restore. Through Task Manager or the cmd prompt I have run another Symantec full scan (nothing), cmd mrt.exe (no problems), cmd sfc/scannow (nothing), cmd explorer ("access denied"), iexplore (doesn't work). I was able to download to the thumb new Symantec virus definitions, then load on infected computer, which seemed to go fine, but when I open Symantec it still shows an older definition file date. I tried Free Windows Registry Repair 2.0, lots of errors found, fixed them, no luck. I tried file system check, no problems. I tried other virus scanners, all of which come up with no viruses, so maybe Symantec got them quarantined, and now we just have to repair the damage??

I can use a thumb drive from another computer (which... Read more

A:Unknown Infection/No desktop icons or taskbar/other problems

Hi Tumbo,Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.If the issue is not resolved please update me on the current condition of your computer.

70 more replies
Answer Match 79.8%

Yes hello. I have Windows XP, and for some reason my computer's been awful slow lately. I don't believe I have a virus, so I don't know what's up. I even recently freed up some hard drive room, and I have 19.6 GB free and 17.5 used. Anything I can do to help make my computer run better and faster, or find the cause of the problem? Thanks in advance!

Dave
 

A:Slow computer for seemingly unknown reason

16 more replies
Answer Match 78.96%

Hello,
 
For a while now I've been having problems with downloaded files on my computer. There are various problems:
- general: when downloading a file on my computer, it downloads the file fine. The problems starts when executing the file.
Most of the times I get to read an UAC warning that the file I try to execute is from an unknown publicer (which is not the case for many files I execute (cross checked this with a friends computer where the UAC shows the proper publicer)
Sometimes when I execute the file to try install a program I get an error reading the file has been corrupted. This problem continues to excist with new downloads. It has been the case for example for: java; emsisoft anti-malware. However when I download the exact same file from my friends computer and put it on my computer through USB the problems aren't occuring and everything installs fine.
- steam: has problems maintaining a download; every 100-200mb the download stops and tells me the game needs an update. I hit the update button and 100-200mb later the same happens
 
 
I don't know how long this problem has been going on. I started noticing it with steam and didn't think much of it. The problem listed with steam sometimes occurs when the servers are busy. My estimated guess is that the problems has been happening for about a month.
 
Now I've been trying to fix this problem. I've scanned with emsisoft antimalware, malwarebytes anti-malware; mcafee antivirus plus. Almost all of th... Read more

A:Downloaded problems: corrupted, unsigned publicers, ... (unknown infection(s))

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546682 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

32 more replies
Answer Match 78.54%

Hi there,
my computer crashes from time to time. As far as I've noticed it only happens when I play games. It isn't any game in particular, but as far as I remember it has happened in the following:
Skyrim
Just Cause 2
Saints Row: The Third
Terraria
Call of Duty: Modern Warfare 3

I've only recently enabled minidumps, so I have at the moment only one minidump to attach. I will upload more when my computer crashes again.

Some additional info:
Sometimes the computer crashes without any BSOD.
The screen often looks strange before the crash. A lot of small lines in different colors, everywhere on the screen. Like if the pixels were 50 px wide.
I have two monitors plugged in and one TV (through HDMI). I don't know if that changes anything, but anyway it can be worth mentioning.
I've run Memtest86+ for seven passes, no errors found.

Attached is the Seven Forums zip, containing info and the minidump.

Thanks in advance!

A:BSOD playing various games, unknown (and seemingly different) reasons

Welcome
The one minidmp, does not give much information. When you get a few more upload in this thread.

1 more replies
Answer Match 77.28%

Hi

My computer has recently been hit (last 24 hours) with something which is disabling all of my microsoft sites/programs and access to antivirus sites .

Going back 24 hours i had another virus which made my computer really slow redirected sites and posted 3 porn links on my desktop. After this i did a non destructive system recovery (after which i got an ntdlr is compressed message but i fixed it). As soon as i had got the computer running back to normal i installed sp2 as my computer originally came with sp1 and windows 2003 xp home edition.

when i got back on the internet i found my problem and i couldnt sign into msn messenger or access antivirus sites. I have tried these programs :Ad-Aware spybot search , vundo fix , super anti spyware and malware bytes anti spyware.

i have also booted my pc into safe mode and used sdfix. And i have used atf cleaner and cc cleaner to delete cookies and temp files and i have cleared my cache.

Another note i have tried to run Combofix from the desktop but it just says its been compromised and i need to download a new copy and then deletes its self (i have downloaded new copies)

Below is my DDS log

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 16:43:41.29 on 02/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.506 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32... Read more

A:Unknown virus/spyware/trojan blocking access to microsoft sites and antivirus sites

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

3 more replies
Answer Match 70.98%

I have run three different spyware removal tools all of which report to have cleaned the system, how ever after a reboot and rescan I seem to find the same spyware has returned.

I have run Hijackthis and removed various files using the instructions found in various threads in this forum, unfortunately I still seem to have constant popups.

Can anyone help me please.....

here is the log

Logfile of HijackThis v1.98.2
Scan saved at 12:20:06, on 19/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\cUpdate.exe
C:\WINDOWS\msnmsgq.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program File... Read more

A:Unknown popups

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

3 more replies
Answer Match 70.98%

Hello. I followed your instructions, and have run several extra spychecking programs also. I was infected with Virtumonde and had the w32.myzor popups. I ran Smitfraudfix according to instructions, and also, Vundofix and Virtumundobegone. After all that, my PC is running a lot better, except there is still something that causes popups in IE and makes it drag. Firefox seems okay. I'm stuck at this point. Any ideas? Thanks in advance.My HJT log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:15:32 PM, on 14/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEC:\WINDOWS ... Read more

A:Ie Popups, Unknown Causes

Updating my situation: after trying about a dozen legit malware removers, it seems one of them did the trick with the final trojans. SUPERAntiSpyware worked wonders. No signs of trouble so far. I saw that it was recommended to someone else on this site. Thanks!

9 more replies
Answer Match 70.98%

Hi. I am running Windows XP SP2 with all MS Windows Updates. NAV 2005 current, with auto-protect and worm protection. Router on cable modem. Had problem with pop-up internet explorer pages from sites like winfixer, sysprotect, amaena, ascentive, exit exchange, adultfriendfinder, etc.Found alfacleaner in msconfig, but it is not there now -- removed by spybot, I think.Ran Ad-aware and Spybot. They found some things, but problem persists.Followed your Prep for posting hijackthis instructions:Ran Norton Anti-virus 2005 (clean), rebooted, cleanmgr, Ad-aware, rebooted, Ad-aware (clean), Spybot S&D (clean-had already run previously), Bit Defender (found and deleted sun java trojans exploit.byteverify and classloader.k in my docs&settings and deleted windows\system32\oleext.dll trojan.small.ev), rebooted, ran McAfee Stinger (not impressed), ran HijackThis, posted results.Please Help! Logfile of HijackThis v1.99.1Scan saved at 8:23:15 AM, on 4/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec ... Read more

A:Unknown Popups

Hello,Please perform next steps in the right order without missing any steps!Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.* Update your Java, because that is the reason why your system got infected.Updating Java:Go to Start > Control Panel double-click on the Software icon > add/remove programs.Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it:
Select it and click Remove.Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp* Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also hav... Read more

6 more replies
Answer Match 70.98%

Hi! I have been getting random voice ads as well as popups to websites unrelated to what I'm doing on the internet.
Appreciate your help!

DDS

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Robert at 16:42:54 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1342 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLa... Read more

A:Unknown Ads and Popups

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------Please download Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close then Yes
Copy the entire contents of the report and paste it in your next reply.
Note: If you get a message 'Rootkit Unhooker has detected parasite inside itself!
It is recommended to remove parasite, okay?', click Okay

------------------------------------------------------

11 more replies
Answer Match 70.98%

I grew up with computers and etc but still don't know what's wrong with my current machine. I'm not using it by the way because it can't even load google.com, facebook, or the bbcnews and the list goes on. But it can load my school site which makes me think previously trusted pages can still be loaded? But google would always be a trusted page augh I dunno. HELP!

Here's the general problem, I noticed about an hour ago my internet wasn't working properly. I use mozilla but tried IE also with the same problems, which leads me to believe it's not a browser problem. I also tried running the internet straight from my cable modem into my laptop's ethernet port, same problem. So it's not the router. I haven't downloaded anything suspicious recently and I always run an antivirus with my windows firewall always up. I tried doing a system restore, that's when I noticed I only have 1 restore point from 4am this morning (13hours ago). I tried loading it of course but it failed for some unknown reason and told me to try another restore point, which there wasn't any. I know I have many gigs of space dedicated just for system restore so I'm guessing I have some sort of malware/virus that trend micro didn't pick up.

I run a vista home version, asus laptop,intel 2.0dual core 64bit processor.
 

More replies
Answer Match 70.98%

DDS (Ver_09-11-29.01) - NTFSx86
Run by Heath at 12:00:18.20 on Mon 11/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.350 [GMT -6:00]

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.ex... Read more

A:Unknown Problem...getting re-directed to different sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 70.98%

This is an odd virus...one I've never heard of, and one symantec hasn't figured out yet...hrmmm same with AA or SB:S&D...

Anyway here's my HJT file
ogfile of HijackThis v1.97.7
Scan saved at 3:53:23 PM, on 2/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\syscnfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\System32\rsmsink.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXP... Read more

A:Interesting Virus...unknown to a lot of sites

First put HIjackthis into a permanent folder so it can keep backups in case the wrong entry is fixed

Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {80ED1885-7F2B-45C1-80AB-137610010C08} - (no file)

O4 - HKLM\..\Run: [Configuration Load] syscnfg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Configuration Load] syscnfg.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Delete these files

C:\WINDOWS\System32\syscnfg.exe
and Delete these folders

NONE

then
Reboot normally &

Download and unzip or install these programs/appli... Read more

3 more replies
Answer Match 70.14%

hello

I keep getting popups everytime i click on a website link.
a ramdom junk website popups.

Also i think i have some kind of virus that keeps trying to access the internet, i think these 2 might be the same thing.

Even when im not connected to the internet i get the internet connection error, the one that tells you to work offline or try again.
so i know i got something trying to access the internet.


log


Logfile of HijackThis v1.99.1
Scan saved at 1:13:47 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Progra... Read more

A:Popups and unknown Virus

can someone give me another help site related to hijakcthis

2 more replies
Answer Match 70.14%

OK, so every time I log onto the net I get 5-10 popups, I tried scanning with Norton, but it locks up about halfway through. I did a full scan with Ad-Aware SE Personal and deleted 37 items, but on the last reboot, I still get loads of popups. Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:09:47 AM, on 9/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\nammenc.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\winCMAPP\wincmapp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC... Read more

A:Unknown popups...5-10 at a time.

Just a little bump for a little help.

3 more replies
Answer Match 70.14%

Found this "M9K8H6A2.vbs" file (and another 8+ similarly named files) in my hidden files on my flash drive in windows explorer and also "MKH" (manufacturer: unknown, command: c:\Windows\M7K7H6A9) in my msconfig>startup list.

Is it dangerous? I ran Internet Security 2011 and did a full system which didnt find anything suspicious. Kapsersky online scanner found "not-a-virus:RiskTool.VBS.VirusProtection.i". Spybot found nothing.

Also i have a popup window problem that happens every time i insert my usb flash drives. The window initially said "Windows - No disk... Error exception..." but now it says "wscript.exe - No disk... There is no disk in the drive. Please insert a disk into drive\Device\Harddisk1\DR1... cancel...try again...continue..." It is very hard to get rid of this popup window. The only way to close it is by clicking the buttons many times,seemingly at random. It goes away and then it just pops up again within a minute. If i dont insert a usb flash drive into my pc it doesnt popup. If i remove the flash drive from the usb the popup continues to appear. It is very frustrating!

Are these problems linked/dangerous/fixable?

My OS is Vista Home Premium.

Thanks a lot

More replies
Answer Match 70.14%

Hi there.2 days ago, my wife's computer started having popups appear frequently and for no obvious reason.First attempt to solve was Spybot, which found a bunch of items, but couldn't seem to remove one called smitfraud_c Toolbar 888. It found 2 instances of this that it couldn't seem to erradicate, and the popups didn't go away.I've been working on this for over 12 hours now. Somewhere along the line, on reboot I started getting a DLL error, which is likely a side issue. It comes up with a box, the box title is "RUN DLL" and the text is "error loading c:\windows\ddayyw.dll" with a note that the specific module could not be found, and an "OK" button. I don't notice anything else odd about this, but it comes up on each reboot.OK, things I've tried: Spybot. AVG found a bunch of trojans. Spybot again. Each time I went on the internet I'd get more popups, then spybot would find more items. Updated windows - she had automatic updates turned off and there were 65 updates to install, including IE 7.I looked for specific info on smitfraud, tried smitfraudfix (it found stuff but didn't seem to get everything). I tried to download "spyhunter" but while it found items it didn't seem to have a fix function so I deleted it. Reran spybot. Got and ran AdAware. I reran it until it found nothing, but each time I went back on the internet and got more popups, it would find more tracking cookies.Tried to do a system restore using th... Read more

A:Unknown Popups And New Dll Error

OK, on startup, I'm getting 2 attempts to link to the internet from IE:

1 goes to 127.0.0.1:Port 1090
The other to 74.53.120.7:DNS

74.53.120.7 appears to be thottbot.com, which is her home page, but I am including this since it seemed a little odd to me.

9 more replies
Answer Match 70.14%

HelloOver the last 12 hours my browser get redirected on searches using google and random web pages windows have popped up out of nowhere.Tried to run gmer and DDR - no luck i get a command screen for a second and it ends with an unknown error. Tried various on and offline virus scanners, spybot and Hitman Pro . Also noticed my taskmgr.exe is missing also.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:47:54, on 08/04/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DNA\btdna.exeC:\Program Files\AnVir Task Manager Free\AnVir.exeC:\Windows\System32\mobsync.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt... Read more

A:google searchs get redirected to unknown sites

Ok I seems that with some tinkering and some files importing - namerly the stuff that magically disapeared from sytem32 ive got GMER and DSS runningGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-08 14:50:08Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Jayrei\AppData\Local\Temp\pxryipoc.sys---- System - GMER 1.0.15 ----INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CAF8INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C104INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C3F4INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04FB4INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C1DCINT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C958INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C6F8INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CF2CINT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/M... Read more

15 more replies
Answer Match 70.14%

Whenever I perform a search from Google or Yahoo and click on a result, i'm initially redirected to another site that's NOT in the search result. Some sites are:

hxxp://search14.info.com/Jsp?cmp=2705&affiliate=71229
hxxp://www.ononeweb.com/?mkt=us&keywords=jsp%20tutorial&referrer=lsm2&category=ron&kwid=jsp%20tutorial&lpid=60750-2693&veri=explorerweb.net

However, this only happens the first time i click on the link in the search result. If i click back on the browser and then click the same link, it then goes to the correct webpage. It happens in both IE and FF, but not in Chrome. I've already ran McAfee and removed several Trojans. I've also ran SpyBot but it still has not solved my problem. Thanks in advance

Here is my DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 20:28:06.10 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.994 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\... Read more

A:Malware, Please HELP! Search results go to unknown sites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

7 more replies
Answer Match 70.14%

Hi Sir, I've been experiencing redirects to unknown sites when clicking on search results in Google. Please help me remove this bug/virus. Thanks in advance.

A:Google Search Redirects to unknown sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

9 more replies
Answer Match 70.14%

When I sart IE I get AVG blocked attempt to contat sites like "at.atwola.com" and others... I used Hijack this and made a logfile.... here it is? What can I do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:49 PM, on 2/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
C:\Program Files\ABBYY Fi... Read more

More replies
Answer Match 70.14%

It seems like almost everytime I click a link, I am sent to some strange website. For example, a few minutes ago I typed in "ebay.com" and was sent to lesssearch.com. There are hundreds of others that I have been to in the last day just while trying to visit my regular sites. I have ran CWShredder, Symantec AntiVirus, and Adaware. Nothing has been found but there is definately a problem here.

Your help would be greatly appreciated. My Hijackthis log is below. I am assuming that: HKLM\System\CCS\Services\Tcpip\........ needs to go but im not sure. Thanks in advance.





C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page... Read more

A:Solved: Browser Being Redirected To Unknown Sites

9 more replies
Answer Match 69.72%

I've been trolling the forums here for a while. Lots of great info but now I actually have an issue where I need some assistance.

When I was booting one day last week I got a nasty BSOD when Windows was trying to load. Then on the next reboot Windows 7 said it couldn't load and needed to do the recovery OS option from the Windows 7 repair on the CD. Well, before trying that I did a cold reboot and it got back into the OS fine so I didn't think much of it. Now, I noticed Ghost shows the C: drive status as "Unavailable" and it can't back it up anymore. It does give me an option to restore from one of my old backups. I'm thinking the MBR got hosed up somehow or something like that. But I'm skeptical to run an MBR repair since I have that 100MB partition on my SSD where my OS resides.

Ghost Shot>

This was about a week ago my Windows 7 started acting up right before the big patch Tuesday. I've been running it for over a year now and it's been solid. When I first set it up I installed it on my SSD (Intel 510 120GB) drive. One of the qualms I had with the install is Windows created a separate boot sector on the disk drive where it stored my boot files. This is known the the "system reserved" operating system files 100MB partition. Apparently the way to avoid this is to use a third party partition tool before doing the windows install. That way it will keep the Boot sector files on the same partition which is how I would of liked it for doing resto... Read more

A:Windows Recovery disk shows operating system: Unknown on (Unknown)

Note, I just went into my Disk 3 where my SSD resides in DISKPART and did some commands if this helps. It shows both the 100MB and 111GB Partitions on the Intel SSD as "Active".


Code:
DISKPART> list partition

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

DISKPART> detail partition

Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 System Rese NTFS Partition 100 MB Healthy System

DISKPART> select partition 2

Partition 2 is now the selected partition.

DISKPART> detail partition

Partition 2
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 105906176

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 111 GB Healthy Boot
Thx again for any/all help!

5 more replies
Answer Match 69.72%

I loaded up explorer and opened up my C:/ drive to start a game in my program files, accidentally pressing "Downloads" finding this file there, my operating system is Swedish so the folder should be named "Hämtningar" (Swedish for downloads). The file is 93 kb in size and was created on the 27th january, there is also an account named "Unknown account(S-1-5-21-a bunch of numbers)" with total control, I also have no ability to remove it. I would like some help with this, malwarebytes also doesn't react on it. I've also noticed I'm unable to visit Bing (not like I use it, but still weird) with the access denied error.

A:I found an unknown files called myfile.exe, origin unknown.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

23 more replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Sha... Read more

A:Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it
 

3 more replies
Answer Match 69.72%

Please help me folks, I'm on borrowed time today.

I had to reformat my computer thanks to a handful of Trojans and of course, I am missing the Ethernet driver to connect. In the past, I had a friend set me up, but he never told me how to do it and he's gone in basic training so I can't ask for his help today.

I have a custom-built Compaq HP
I will have Windows XP HOME installed when I get the cash.

What I need is help figuring out where to look to find the model number to install the correct driver. I have tried the HP website and it does not work; My driver is built into the motherboard.

I currently have Windows XP Professional for English Students, it's my father's OS
 

A:Unknown Ethernet Driver - Compaq HP (model unknown) Windows XP

"I have a custom-built Compaq HP"...

Custom built by HP or a friend? See if you can tell us the model of the motherboard. Give us any name or numbers you find
 

9 more replies
Answer Match 69.72%

My laptop is a HP Pavilion dm1, and has become extremely slow in the past few days. Also, there are some unknown processes shown in task manager, and some extensions in chrome that random pop-up tabs suggesting I may also like t read the following etc. This usually comes on Google results, YouTube, and other news articles.

I don't have access to the boot cd unfortunately.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by hp at 21:18:08 on 2014-03-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1641.256 [GMT 3.5:30]
.
AV: AVG Internet Security 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:Slow computer + unknown processes + unknown extensions in chrome

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Object Browser<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Object Browser

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks: Please download CKScanner? by askey127 and save to your desktop.
Double-click on CKScanner.exe and click Search For Files.
After a very short ti... Read more

12 more replies
Answer Match 69.3%

I have an unknown infection on my PC, pop-up adverts keep randomly appearing and I occasionally get McAfee notifications of Trojans been cleaned.I don't know what the infection is, only that it is there although a bit of research suggests it could be related to a file named lsass16.exe in my C:\Windows\System32 folder which I cannot remove.Below is my HijackThis! log, if anyone can spot anything wrong and help me solve the problem I'd be very grateful of help.Logfile of HijackThis v1.99.1Scan saved at 23:09:42, on 31/05/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\... Read more

A:Unknown Adware Displays Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KingyOwl My name is Richie and i'll be helping you to fix your problems.Please move HijackThis.exe to its own permanent folder on the hard drive such as C:\HJTCreate a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.*************************Please download the OTMoveIt by OldTimer:http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exeSave it to your desktop.Please double-click OTMoveIt.exe to run it.Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\lsass16.exeC:\DOCUME~1\Andy\LOCALS~1\Temp\win1F5.tmp.exeC:\Documents and Settings\All Users\Application Data\tezchiby.exeReturn to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.Click the red Moveit... Read more

9 more replies
Answer Match 69.3%

Everytime I open firefox, before I even begin to browse, these links show up in my history:
hxxp://my.trusted-content.com/tbc.html?zoneid=10261
hxxp://m.kr10a.com/mambo?srcid=Ivory-ado2
hxxp://b.hk121b.com/bingo?srcid=Ivory-ado2
hxxp://m.l0phtme.com/adam?srcid=Ivory-ado2
hxxp://i.l0phtme.com/ivory?srcid=ado2

I also get a popup at certain times and it is something regarding feed.tracking.analytics

I am getting really frustrated by this. I have done a complete scan with both Vipre Antivirus Premium as well as Malwarbytes' Anti-Malware and both come up clean. Please help me get rid of these links. Thank you for reading!

A:Unknown links in history, popups

sounds like adware to me you may have picked up something nasty run a virus scan with malwarebytes antimalware
malwarebytes.org and run a full scan then post the log here

9 more replies
Answer Match 69.3%

I have some sort of malware on my XP machine. Ever since it has been infected, Google Chrome wont load any webpages, it just hangs on a loading screen. IE and Firefox will redirect any links clicked on through google to random sites. Any help is appreciated.DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris Cunningham at 14:53:15.10 on Mon 04/05/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.484 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\EeePC\ACPI\AsTray.exeC:\Program Files\EeePC\ACPI\AsAcpiSvr.exeC:\Program Files\EeePC\ACPI\AsEPCMon.exeC:\WINDO... Read more

A:Unknown Malware Inducing Popups

Hello thecrcWelcome to the Bleeping Computer Malware Removal ForumLooks like you may be infected with the TDSS RootkitDownload TDSSKiller and save it to your Desktop.Extract the file and run it.Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)please post the content of that log TDSSKillerPlease download Malwarebytes from Here or HereDouble-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected .When completed, a log will open in Notepad. Please save it to a convenient location and post the results.Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.Post the report please

2 more replies
Answer Match 69.3%

right i just come back from work and my computer is badly messed up both of them as well but fix this one. My IE from the way its acting seems to be have "stolen" like if i click on links i get this security messge saying this ain secure and theres viruses bla bla bla and sends me towards downloads and to other links, random pop ups etc and it seems like its only with IE and im an IE user normaly i dont have problems with viruses but ive got idiots in my house and they go berserk with the internet im going to beat them up in a bit

hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 15:56:50, on 17/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PW... Read more

More replies
Answer Match 69.3%

Hi ,
i would be very thankful if u could help me with some issues that mess up my nirvana ....

There seem to be 2 IEXPLORE .exe in my Task Manager processes and i know i have been infected by an adware ( probably adclicker) because various pop ups appear . I have tried everything , from Spyware, Adaaware to Mr.Web , Spybot and Spyblaster, among other programmes . I use Mozilla 1.5 , Kaspersky and Sygate Firewall .
I have restrained access of Explorer to the net but other than that no progress.

Nothing seems to work .

I also have an unknown .exe file that appears in my taskbar when i work on another application ( for instance online games ) , then quickly disappears but damage is done , i crash back to desktop and have to click again the application on the taskbar to go back in, thus losing precious time in online gaming .

Please help me

here is my Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 5:42:55 μμ, on 21/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky... Read more

A:IEXPLORE issues + plus popups + unknown .exe

Also it seems that explorer wants to contact ayb.dns-look-up.com (info from Sygate Firewall ) ,sometimes its netsearch.com , i think they are related.

I know its something very difficult to remove , because after downloading 8-9 spywarekillers its still there !

13 more replies
Answer Match 69.3%

My sister, after almost destroying this computer last month with spyware, has done it again. I keep getting random pop-ups from Internet Explorer (I use Firefox, so does she) and its driving me nuts. I looked to see if I could uninstall any weird programs. Didn't find anything. Here's my HiJack This log.Logfile of HijackThis v1.99.1Scan saved at 4:07:33 PM, on 6/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\UGV0ZXIgU3BhdGVyaSBTcGF0ZXJp\command.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINDOWS\System32\NMSSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\smss32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Common Files\... Read more

A:Annoying Popups - Unknown Spyware

Welcome to BC! Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of C:\Look2Me-Destroyer.txt in your next reply and a new Hijackthis log.NOTES:If you receive a message from your firewall about this program accessing the internet please allow it.If you receive a runtime error '339' please download MSWINSCK.OCX from this link and place it in your C:\Windows\System32 Directory.

8 more replies
Answer Match 69.3%

Using Google in IE7, clicking on links usually takes me to unknown or unintended sites (ad sites, shopping sites, etc...) - probably 75-80% of the time. This appears to have started a few weeks ago. Ran CWShredder and Malwarebytes anti-malware, and that did not appear to resolve the problem. DDS report is below and attach and ark reports are attached. Please advise on next steps.
DDS (Ver_09-10-26.01) - NTFSx86
Run by ExcellaUser at 13:57:01.37 on Mon 11/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1125 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091101-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.e... Read more

A:Google links being redirected to unknown or unintended sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Answer Match 69.3%

Hi. I have an unknown virus that is adding three icons on my desktop to adult sites. Also, it blocks any access to anti virus websites or Microsoft support. On system startup, these three icons appear and Norton 360 says that it blocked two computer threats (vrt4.tmp and Packed.Generic.233). However, I have scanned my computer with Norton 360, Superantispyware, Malwarebytes AntiMalware, Windows Malicious Software Removal, and BitDefender, and nothing has come up as a computer threat. I have tried the host file, but it is correct. Everytime I reboot my laptop the same thing happens. What should I do?

Thanks for the help.

More replies
Answer Match 69.3%

I am doing searches on my computer using bing or google and when I get the searches and access them they direct me to unknown sites. I also tried putting the url's in the web address bar and it will also redirect to random sites. I ran a highjackthis and I have attached. Thanks for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:23 AM, on 3/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe... Read more

More replies
Answer Match 69.3%

Hi,

I think I am infected with some virus , spyware etc..

When ever i click on Google search it goes unknown sites.. i could see some thing like Secure.bidvertiser.com etc.

I have tired different tools like SPYbot, tdsskiller,FixTDSS etc.. But non worked.. i am still facing issue.

Please let me know how i can clear this.

Regards,
Kiran

A:Google, yahoo search redirect to unknown sites

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

16 more replies
Answer Match 69.3%

This is my first post here, so I'll try my best to make it easy to read. I use google.com to do searches and whenever I clink on a link, 2 out of 3 times it will direct me to an unknown site which are obviously harmful for my computer. I will get directed to one link and from that link it will direct me to another website. Here are some of the names of the sites I have been redirected to: smartmoney.com, gklife.com, askalot.com, informationgetter.com, and mail.com. There are much more sites to name but i will stop there. I get redirected if I use google or yahoo (I haven't really tried any other search engines). I also use Safari browser and I still get redirected. I have ran various anti-malware programs such as Malware Bytes (my personal favorite) and spyware doctor but none have helped. The problem still persists. This isn't something that I can temporily deal with but since I use google so much it gets annoying when I am redirected to these unknown websites. So my question is what can I do to fix this problem? Do I have to do a hijack this log and fix it or fix it manually? Is this a known virus that can be eliminated automatically using some type of software. I have never had problems with viruses this bad before (usually malware bytes knocks them out) but this time I have tried everyything and its stil there . Any help is greatly appreciated!

More replies
Answer Match 69.3%

Two days ago I had a dual attack of Antimalware Doctor and Security Suite. I seem to have gotten rid of them with Malwarebytes' Anti-Malware. It was rough, but I made it through.Since then, I am having some issues with Firefox. There are two things happening:1 - A tab will randomly open and go to some website. It's almost always benign - some news site or advert for software. (Recent one was Registry Defender software) If I just close the tab, it goes away and that's that. Happens once an hour or so. I have noticed that whatever my most recent Google search was will be somewhere in the address bar of the rogue tab, as a sort of query.2 - When I Google something and click on links in my search result, I will encounter something that looks like a poll - "Answer this question before going on to your site" - if I go back, then re-click the search result link, the poll question isn't there. I have AVG 9.0 free and it comes up with nothing. AdAware comes up with nothing. Malwarebytes' Anti-Malware comes up with nothing. SUPERAntiSpyware comes up with nothing.I tried to do a System Restore, but OH GOLLY it has been OFF all this time. So there is nothing saved that I can restore to.I uninstalled and reinstalled Firefox. That did not change anything.I deactivated all of the Firefox plugins. That did not change anything.Any advice would be very appreciated!!ETA: Most recent popup @ 1117PM: http://lpgen.info/mylpgen/regscan/64x217827... Read more

A:Firefox tabs opening at random to benign sites - can't figure out why!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

21 more replies
Answer Match 68.88%

I'm running Vista Ultimate 64 on a 500 Gig hard drive with 3 partitions.The problem is I marked one of the partitions,not Drive C, as "active" by mistake.I done a Command Prompt to make it "inactive", but when I started the system up again it wouldn't boot.I used the Vista disk for the recovery process, but I got a message "Operating system unknown on (unknown) local disk" i tried fixing the problem with a command prompt "bootrec/fix boot" ,but nothing happened.When I look at the info in Command Prompt it doesn't show the disk partitions, just Disk 0.Also I can't repair because no Disks are listed to be repaired. If I look at the drive in "My Computer" it is full with a file system marked as "Raw" and it wants me to format the drive.I used "Recover My Files" software and it shows some of the documents that are on the drive, but doesn't show any recovery.I looked at some internet post about the message I got and partition and boot problems like I have, but at this point I don't to try any else to make it worse.I would do a reinstall ,but on one of the drives I have some stuff that wasn't backed up.I never thought about backing it up because it wasn't on the C drive.Any help to solve this problem would be appreciated. ..........Kumpie

A:Operating system (unknown) on unknown local disk

Welcome!

Try marking the C partition as active again, using the Windows method in my post here.

Then run Startup Repair from the repair disc. Hopefully it will see your installation.

~JK

6 more replies
Answer Match 68.88%

I've just installed Windows 10 and experimented with the Groove music player. It finds all the songs but they are tagged Unknown Artist and Unknown Album. The songs appear fine in iTunes with the correct details and album art.

I reset Groove and made it scan the music directories again but the problem remains. Any solutions?

More replies
Answer Match 68.88%

I come to these boards in search of help/ I have tried EVERYTHING-Spybot S&D, AVG, and various other programs. I use firefox, but I get these incessant pop-ups that eventually make my computer go very slow. I will post the Hi-Jack this log in hopes that some brave soul will help me with this-please help!!!!!!!!!!!!!!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:08 PM, on 1/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin ... Read more

A:Unknown Trojan Help Needed-many Popups In I.e, I Use Firefox!

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

9 more replies
Answer Match 68.88%

While playing an online full-screen game, with no other active programs running, internet explorer invisibly opens and forces whatever else I was doing to minimize. On checking task manager, iexplorer.exe and another program titled "8Ok4qQGr.exe" are running. I searched the latter of the two and it's in the System32 folder. Malwarebytes' Anti-Malware has removed it several times, claiming it as a trojan, but it reappears in hours. Please assist, thank you.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan at 2008-11-05 21:36:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 92 GB (60%) free of 153 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:02 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\sv... Read more

A:Invisible popups, unknown programs running

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware ap... Read more

13 more replies
Answer Match 68.88%

I get constant random popups on my screen and none of the fixes I have tried so far seem to work. The system is running Norton's latest security suite.I have scanned with Norton, ESET oNline scanner, Kaspersky Online Scanner, A-Squared Free, Ewido Micro Scanner but the popups are still there.Please find the HijackThis log below. Any help appreciated!Thanks.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\a-squared Free\a2service.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe... Read more

A:Unknown Malware - Random Popups Appearing

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

5 more replies
Answer Match 68.88%

A few days ago, I picked up an unknown virus that caused me to experience numerous sporadic Internet Explorer popup windows (I'm a Firefox user). The virus also prevents me from connecting to antivirus sites such as AVG, Mcaffee, Norton, etc, and help sites such as bleepingcomputer.com (I'm having to access this on my laptop). The message I get when attempting to connect to these sites is "Unable to connect. Firefox can't establish a connection to the server at www.bleepingcomputer.com.) I have run scans using Spybot - Search And Destroy, but the success was limited as again I was unable to connect to update the definitions. I really need some help with this, and hope that the logs attached will help identify the problem.

Many thanks in advance for any assistance you are able to provide.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Stephen at 20:57:07.40 on 18/03/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.906 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\s... Read more

A:Infected with unknown virus, redirects and popups

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes m... Read more

44 more replies
Answer Match 68.88%

Logfile of HijackThis v1.99.1Scan saved at 6:56:19 PM, on 6/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\PROGRA~1\McAfee\MPS\mps.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Photodex\ProShowGold\ScsiAccess.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:&... Read more

A:Infected With Unknown Trojan/lots Of Popups

Hello r3dh3adkid,Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

2 more replies
Answer Match 68.88%

Hello everyone,Today my brother was complaining that his computer was slow so I tried as best as I could to help but unfortunately I'm not savvy enough to fix it all by myself. An abundance of popups is still occurring and the computer freezes while doing anything unless in safe mode. Here is the HJT log. Thanks much!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:37:34 PM, on 2/13/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Application Data\U3\00001564CB628D4B\LaunchPad.exeC:\WINDOWS\system32\ctfmon.exeI:\Documents\Downloads\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: &Yaho... Read more

A:Unknown Virus, popups and slow computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

21 more replies
Answer Match 68.88%

I had a malware problem (can't remember the name), where it was trying to scan my system and sell me something. I tried removing via anti-malware tools (Malwarebytes' Anti-Malware) and then running a full scan with my virus protection (Avast), but am still having issues with IE windows popping up and being redirected when I click on various links. I also am unable to get Microsoft updates now and cannot enter Safe mode via the F8 method. Unfortunately, I have not been able to complete the GMER scan and save a log, so I have nothing to attach for that. I will try the GMER scan again tonight. Here are the other requested logs.DDS (Ver_10-03-17.01) - NTFSx86 Run by John at 22:08:49.62 on Wed 06/16/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.299 [GMT -7:00]AV: avast! antivirus 4.8.1368 [VPS 100616-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\... Read more

A:Unknown malware issue - Popups, redirects

Hi TealMan,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.Run GMER, uncheck all boxes except the box next to Sections (C drive should remain checked), click Scan.When it finished press Save to save the log and post it to your reply. It will not take more than a minute.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.1 -n 1 -w 1000 >nulstart mbr.logGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: look.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate look.bat on the desktop. It should look like this: Double-click to run it.A notepad opens, copy and paste the content (log.txt) to your reply.

9 more replies
Answer Match 68.88%

As the thread title says. Pop-ups are killing me and this is the first time i cant stop them. While browsing various sits pop up. When searching clicking on links redirects me to monstershop or some other shopping search site.

I also sometimes get sound advertisements without any IE windows being open and have to close the IE application thru Task Manager.


this is the DSS main log and attached is the extra log


Deckard's System Scanner v20070318.32
Run by HeLiX031 on 2007-03-27 at 22:07:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-03-28 03:07:13 UTC - RP213 - Deckard's System Scanner Restore Point
3: 2007-03-28 01:08:13 UTC - RP212 - Installed Ad-Aware SE Personal
2: 2007-03-26 23:38:08 UTC - RP211 - System Checkpoint
1: 2007-03-25 23:26:28 UTC - RP210 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as HeLiX031.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:09:16 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:... Read more

A:Constant Popups and redirecting... source unknown

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


I se... Read more

19 more replies
Answer Match 68.88%

I'm using Windows 7 Professional on an HP Elitebook 8560p laptop.  I'm using AVG Free and also frequently scan with SpyBot Search & Destroy, MalwareBaytes, and SuperAntiSpyware.
 
I went to a sports streaming site that is apperantly just a malware server because I immediately started getting all kinds of popups and my browsers had toolbars installed and the home page and search engines were changed.  I identified several programs that were installed and uninstalled them.  AVG detected (I think) a few files identified as Trojans and also prevented communication to some address.  I update and ran full scans with the three utilities mentions above and all found and cleaned trojans, adware, and PUPs.
 
All three scan clean now and in FireFox I've remove toolbars and reset my home page and search engine.  I'm still experiencing long delays while going to any site and "feeds.webmakerplus.info..." and other site names show as being contacted during the delay before the web page dispalys.  I'm also seeing some popup windows and embeded ?ads? in pages that is not normal.  Apperantly, I'm still infected in some way.  Help.  Thanks.

A:Browsers talking to unknown site(s) and getting popups, etc.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

4 more replies
Answer Match 68.88%

At startup I am continually getting two popup windows - one is titled taskeng.exe and except for the title is blank and the other window has a title .smp.exe and contains the following statement: A problem has caused the program to stop working properly. Windows will close the program and notify you if a solution is available. There is a Close button located at the bottom of the window. Closing it does not prevent its reappearance.

The only things I have done just prior to this abberation is to install the latest Windows updates (all related to Microsoft Office) and from CNET downloads I installed Free .wma to MP3,wave converter program (even though I customized this install and rejected several 3rd party apps, I apparently still got at least two that I have so far identified (YT Downloader.exe and an unwanted toolbar, both of which I uninstalled.

I find no instance of .smp or YT Downloader on my hard drive now, but still get the popups described above.

Anyone have thoughts on why this is happening and if a fix exists short of a system restore?

Thanks, Frank

A:Unknown popups at startup -( taskeng.exe and smp.exe) need assistance

Hi,

I would possibly start with a few security scans to rule any malicious software out:

Anti-Virus - Update your Anti-Virus and do a full scan
If you don't have an Anti-Virus i recommend Microsoft Security Essentials - Microsoft Security Essentials - Microsoft Windows

Anti-Malware - Download and Install MalwareBytes
Download the free edition here - https://www.malwarebytes.org/

Anti-Spyware - Download and Install SuperAntiSpyware
Download the free edition here - SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

After running those please post back advising if it has resolved the issue or not.

Regards,
Jamie

5 more replies
Answer Match 68.88%

This malware is operating in Firefox and I dont even know what it is... hopefully someone here can find it. It causes firefox to open a window which usually brings up registry defender advertisement, or a survey from www.websitesurveygroup.com.DDS (Ver_09-12-01.01) - NTFSx86 Run by MW at 16:03:36.04 on Tue 01/19/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1016.317 [GMT -5:00]AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program... Read more

A:Unknown Malware Causing survey popups

Popups of this type are getting worse... have cleared everything else out, but still cant find this one.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump&... Read more

3 more replies
Answer Match 68.88%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:21 PM, on 4/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\... Read more

More replies
Answer Match 68.88%

On Monday of this past week I got home from work to find a lovely BSD on my Windows XP desktop. After booting up and watching dozens of browser windows open themselves, I updated Spybot, booted to safe mode and ran a full scan. That seemed to do the trick - no more self-opening browsers. Just to be safe, however, I decided to run a full virus scan with Symantec. It found over 200 instances of W32.Virut.cf and seemed to clean them up. In fact, my subsequent virus scans have been clean. But something was still wrong. My wife's Google search results kept getting hijacked to porn sites. I kept finding more spyware with Spybot, despite full scans and immunizations in safe mode. And now, antivirus sites such as Kaspersky.com are blocked (time out when attempting to reach them) and many Google search results about viruses and malware get redirected. In addition, I can't update Symantec or Malwarebytes.To date, I've tried Spybot, Malwarebytes, AdAware, SuperAntiSpyware and SDFix, all in safe mode, most of them more than once. They all find (and seemingly fix) problems, but the problems with reaching antivirus sites and updating that type of software remain. Help!EDIT: I forgot to mention that I have also run FixVirut (in safe mode) from Symantec.Here's my HJT log. Thanks in advance for any help or advice.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:04 AM, on 5/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5... Read more

A:unknown virus/malware: blocks access to antivirus sites

Hello John Barnes,The reason you still can't run all those programs properly is because there is no real fix for Virut. Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.More information:http://free.avg.com/66558There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:Immediately before the encrypted code at the end of the last sectionAt the end of the code section of the infected host in 'slack-space' (assuming there is any)At the original entry point of the host (overwriting the original host code)Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.Regards,tea

2 more replies
Answer Match 68.88%

Hello,

I am running Windows 7 Home Premium with Service Pack 1 64-bit. (I forgot I was running on 64-bit and ran GMER. I'll post it here anyway but I did have problems running it. The only boxes that could be checked were Services, Registry, Files, and ADS. The rest were all grayed out. Maybe it's because I'm 64-bit. I don't know.) A couple days ago I accidentally clicked on some ad when my toddler hit my hand and ever since I've been randomly redirected on Google and even when clicking on something on Facebook (that only happened a couple times). My browser is running slowly and when I go to a site Firefox will say on the bottom that it's waiting for or transferring from some completely unrelated, spammy-sounding site before it goes to the page I typed in. I assume this is something spying on my activity?? Other than that I haven't noticed anything else. My Trend Micro is expired but I ran Malware Bytes and it found some trojan files. I removed those and rebooted and scanned again and it found nothing but I still have the problem. I also have HijackThis if you would like me to post that. For now I will just post what you asked for. Here it is:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by TrudyMama at 20:42:23 on 2012-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1935 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2... Read more

A:Unknown Virus causing Google and random other sites to redirect!

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

7 more replies
Answer Match 68.88%

Hi and thank you for helping.I had Firefox & IE redirecting my google results about 75% of the time. I have run Ad-aware and Malwarebytes with no success. I have since found your site and followed the instructions. Below you will find the DDS text and the Attach.txt is attached. I attempted to run GMER and the computer crashed and shut down the 1st time. The 2nd attempt gave the message:"gmer.exe has stopped workinga problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available"I cannot run gmer at this point.DDS (Ver_10-03-17.01) - NTFSx86 Run by Larame at 21:12:17.27 on Tue 06/08/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2811.1834 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\at... Read more

A:google links redirect to other sites - unknown virus/malware name

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Answer Match 68.88%

Hello,My husband uses this six- or seven-year-old HP desktop to run some software and store databases for his business. It had, believe it or not, a dial-up connection until recently, so he very rarely used it to get online. When he decided to give it a wireless connection last week, he noticed it wouldn't let him download any updates for Windows (which hasn't been updated in a long time, I'm sure). I took a look at it and very quickly realized it has a virus/viruses: not only is Windows Update blocked, but so is almost every antivirus site; we get a "page cannot be found" error message (all other sites seem fine). Turns out that he didn't have any antivirus program or firewall installed at all! Earlier today I managed to download something called Reimage; that program found three infections. After clearing them, however, the problem persisted. Then I was somehow able to download Malwarebytes from a mirror site; it found two infections. Yet--yes, the problem persists. I even downloaded Rkill, ran that and then Malwarebytes; now it isn't detecting any problems at all when I do a scan. However, every now and then I get a pop-up that says "Malwarebytes has successfully blocked access to a potentially malicious website" followed by an IP address and "type: outgoing." And I still can't access the sites for Windows Update, Avira, Avast, or--for some reason--Yahoo mail in Firefox. Thanks in advance for any help--this... Read more

A:Unknown Virus Blocking Windows Update, ALL Antivirus Sites

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420364 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

4 more replies
Answer Match 68.88%

Hi Everyone,

First of all, thanks for providing such a useful forum!

My girlfriend's laptop has been acting up lately. When she clicks on search results in Google (among others), she gets redirected to completely unrelated websites like wiseto.com or nomoresurfing.net.

I ran a scan on the laptop using AdAware and ThreatFire and did sort out a few suspicious objects, but the re-directing is still occuring.

Here is the HiJackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:20 PM, on 01/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lav... Read more

A:Help! Clicking on Google search results redirects to unknown sites!

16 more replies
Answer Match 68.46%

Recently found that the custom autorun.inf I had created on my Playstation Portable's memory stick had been overwritten with a totally different one, which referenced an exe inside a subfolder of the "RECYCLER" directory that had never previously been on the media (and shouldn't be, as there is no recycle bin on removable media.)I attempted to edit the incorrect autorun file with my default text editor, Notepad++, which notified me as I was typing that the file had been modified outside the editor, and prompted me to update the file to reflect these modifications. Curious, I allowed it to do so, and the file's contents were back to referencing the exe inside the RECYCLER subfolder (the subfolder was a Windows GUID which I don't recall at the moment.)My next step was to attempt to delete the RECYCLER folder, along with the autorun.inf, which I had to set "attrib -s -h -r" in order to delete. Not 10 seconds after I had removed these they were recreated. I started looking around my system, and found a RECYCLER folder on all of my hard drives; not all of them had the autorun file but some did (I have 4 internal hard disks in my system.)Neither Windows Task Manager nor Sysinternals Process Explorer showed anything that shouldn't be running, and booting to a copy I had previously compiled of BartPE, deleting the recycler/autorun files, then rebooting into my installed copy of Windows saw the files pop right back up.Below are my logs from running RSIT; I would... Read more

A:Unknown infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

11 more replies
Answer Match 68.46%

Computer is running slow and getting slower everyday. AVG antivirus does not show anything. Tried CCleaner registry fix, defrag, emptying temp files, not in that order but spent 3 days trying everything.Just ran HJLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:52:35 PM, on 11/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Yahoo!\Softwar... Read more

A:UnKNOWN INFECTION

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

33 more replies
Answer Match 68.46%

I posted this yesterday under another account with username Tom*. Tried to change notification email this evening but all validation methods failed and I could no longer log in under previous username and password. Had to create a new account. I am not attempting to bump my case. This was the only way I could get back in. I apologize for the re-post.

Running Windows 7. Windows Media Player will not run. Windows Media Center crashes. McAfee Security Center opens a blank window only. McAfee "updated" at least twice since problem began. Blocks links on Web pages. Seem to be Javascript links that are blocked, including links to McAfee products at my ISP. Couldn't login to bleepingcomputer on infected machine. It hid the image verification function when tried password recovery when couldn't log in. Am posting this from my corporate laptop.

DDS text log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Tom at 19:15:45.82 on Sun 01/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============

M:\Windows\system32\wininit.exe
M:\Windows\system32\lsm.exe
M:\Windows\system32\nvvsvc.exe
M:\Windows\system32\nvvsvc.exe
M:\Windows\System32\spoolsv.exe
M:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
M:\Program Files\LSI SoftModem\agrsmsvc.exe
M:\Program Files\McAfee\SiteAdvisor ... Read more

A:unknown infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 68.46%

I had posted in the "Am I Infected" on 8-13-09. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/249461/lost-system-restore/ "Have a need to do a system restore however when System Restore opens I get a blank page. It was there 2 days ago now nothing. Also my home page has gotten lost in space now. I open IE and [url=http://runonce.msn.com/runonce3.aspx]http://runonce.msn.com/runonce3.aspx[/url] comes up in the address bar and the page is blank. Did I get jacked? I had Mcafee set up but it now has disappeared also and I can't seem to re-install it."Now I cannot get to my e-mail either. If I get lucky and do get one of my sites to open I cannot do anything, can't post on facebook, etc., pages are not complete either. Also my User Accounts page is blank. After several attempts nothing has fixed the issues. Things already done are: (both in normal and in safe mode)ran Malwarebytes Anti-Malware 4 times (quick and complete scans)ran SUPERAntiSypware 4 times (and ATF Cleaner)ran Dr.Web CureIt 4 timesran Spybot S&D several timesdownloaded ResetTeaTimer.zip (cannot unzip files)downloaded Restore/Enable System Restore -did not workFollowing are the last reports but nothing has helped. Malwarebytes' Anti-Malware 1.40Database version: 2636Windows 5.1.2600 Service Pack 38/16/2009 1:19:00 PMmbam-log-2009-08-16 (13-19-00).txtScan type: Full Scan (C:\|)Objects scanned: 208707Time elapsed: 26 minute(s), 55 second(s)Memory Proces... Read more

A:Unknown infection(s)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

25 more replies
Answer Match 68.46%

No idea what infected me but heres the story, Spybot caught it first it removed it (I usually don't use antiviruses) Then I got caught in whats known as hellzlittlespy loop that spybot causes? I fixed it by fixing the registry via remote desktop.My browser keeps crashing for unknown reasons it never does that I use FF 3.5 and the default IE from SP2 on XP.It either crashes OR I get redirected to some "search or ad" page of what I was just searching but its just like one of those pages where people aren't doing anything with the domain but there's bleep for sale.Anyways I ran AVG's Free software it removed a Trojan Vundo.JE twice and a few times after that I did rescans nothing popped up.Moved on to Malwarebytes which then removed some more, did this three times.Used A-squared to clean-up some 2 medium risk ones, and 1 high risk apparently.Then moved on to Spy-bot, two times and it removed about 3 low level threats.I am running Windows XP SP2 Vanilla, not sure what other info I need to add but I will post accordinglyHowever its still doing the browser thing I mentioned above the Hijackthis log is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:11:14 PM, on 1/11/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOW... Read more

A:Unknown infection

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Answer Match 68.46%

hello.. I hope you can help, I am at a loss. A few days ago my computer started shutting down and restarting, I have ZoneAlarm Antivirus, Adaware, Spybot, SpywareBlaster and nothing is showing. I tried to run BitDefender and TrendMicro online scanners but because of the shutting down, it never finishes the scan. I did see a couple of things in ZoneAlarm that looked suspicious and I googled them and it pointed to a few different trojans/viruses/VB script..so I got ComboFix and HiJackThis and here are the logs..I hope you can help. I hope it was ok to post both logs in one post: ComboFix Log:ComboFix 08-03-05.1 - HP_Owner 2008-03-05 19:18:20.4 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.153 [GMT -5:00]Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))).2008-03-05 17:55 . 2008-03-05 17:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData2008-03-01 16:09 . 2008-03-01 16:09 <DIR> d-------- C:\Program Files\Lavasoft2008-03-01 16:09 . 2008-03-01 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lav... Read more

A:Req Help Infection (unknown)

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

1 more replies
Answer Match 68.46%

Hello Everybody,
i'm afraid i got am infection, but i'm not sure which type.
I am running windows 8.1 and i'm not able to post a dds.
What should i do? Can anybody help me?
Thanks,
Luca

A:Unknown Infection

Try downloading and using Rkill first. If you are unable to download it, you will need to use another computer and transfer
Rkill using a medium such as a flash drive.
Once you have successfully scanned with Rkill....DO NOT reboot. Go on to the next scan using MBAM.
 RKill Download (read what it does)
 
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automat... Read more

13 more replies
Answer Match 68.46%

I was trying to get a file from kickasstorent.com it came with a downloader and that came with a whole bunch of malware. When I open Internet Explorer I get Internet Explorer has stopped working: A problem cause the program to stop working correctly. Windows will close the program and notify you if  a solution is available. On firefox, when I went to a geeksquad.com I get a reported web forgery error message. When I restarted it and logged in it gave me a sad face and said there was a problem, It then rebooted and let me log in.
I ran MalwareBytes, Hitman Pro, ADWCleaner, EMISoft Cleaner. They found stuff and quarantined or deleted it. It's still having problems after all that and I have no idea what else to do.  Please help.

A:Unknown Infection...Please Help.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576015 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

27 more replies
Answer Match 68.46%

Hello,There is something weird going on with my PC. I sometimes get messages about games that i regularly bought being infected with a virus/trojan. Then, yesterday, after I unsuccessfully tried to install a new graphic card, I rebooted the PC and then there opened a window with the header of C:/WINDOWS/system32/msupdate.exe Now, I cannot just close it, when I try the window that asks you if you want to end the process pops up. That's how I can close it. Overall, the PC is acting kinda slow. Here my Hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:33:02, on 07.09.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exeC:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXEC:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchos... Read more

A:Unknown Infection

Hello, inri_pilatus. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amo... Read more

2 more replies
Answer Match 68.46%

I am running windows 7 64 bit edition, and run the AVG antivirus. Whatever infection I have does not come up with an AVG scan, nor a Malwarebytes scan. However AVG randomly pops up saying various.exe's are infected; healing them does nothing, and they are legitimate .exe's (I assume their being hijacked). Also my google searches are redirected, my proxy settings in both firefox and IE are changed to localhost 127.0.0.1; If i change it to no proxy settings I do not get redirected, but later the setting is changed back to proxy.

Where should I start so hopefully you guys can help me clear this up?

A:Unknown Infection

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic409008.html

3 more replies
Answer Match 68.46%

I recently picked up some nasty malware which were cleaned up using numerous malware removal tools including Trend Micro House Call, HijackThis, SpyBot search and destroy, Malwarebyte's anti-malware, CCleaner which seem to have cleaned up some of the problems but I still believe I have something nasty. I used a couple of online HijackThis log analyzers and they seem to suggest a few suspect registry entries (specifically O15 - protocol defaults, ftp,http, https etc.)which don't seem to want to be removed. Also I did a netstat and noticed that there seemed to be a suspect connection which has since disappeared, I'm not sure if this is relevant at all. So I'm not really sure where else to turn to. Heres the DDS.txt log and I've attached the Attach.txt and ark.txt as well as the HijackThis log if it helps. I noticed that the GMER program had lots of the checkboxes disabled from waht was displayed in the tutorial screenshot, so i was only able to use files, registry and services options. Also I noticed that the GMER.exe didn't seem to extract to the desktop (it did save but didn't display on the desktop or in explorer, the same went for saving the ark.txt file) Thanks for any help, it's greatly appreciated.DDS (Ver_10-03-17.01) - NTFSX64 Run by Kaj David at 23:35:46.98 on 25/04/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_03Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2046.832 [GMT 1:00]SP: Spybot - Search... Read more

A:Unknown infection?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 68.46%

HiIm facing a very serious problemI think I might have a trojan generator which downloads and generates various trojans.Im using spybot, malwarebytes, true sword, superantispyware and I used Combofix once and I have the latest Highjackthis version.The problem is, these applications only are able to find the generated trojans and not the core generator file.I think the core file is not a trojan spyware or malware itself.Please read my experiense regarding this problem:This generator generates two kinds of trojan more than others1.one that highjacks windows file Conime.exe2.one that highjacks windows process Ctfmon.exeThe simillarity between these two are:1.Both shut down these applications:UnblockerSpybots tea timer and spybot itselfMalwarebytes anti malwareMicrosofts Command promtHighjackthisAnd other apps that I may not know aboutAll of the above could be run after a simple rename2.Both add themselves to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunAnd no mather how many times manually deleted, they come back in a few seconds.3.both add themselves as a Debugger inHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmn.exe or Conime.exe4.both their Main files are located in "C:\WINDOWS\system32".This file is an exe file with a random name, but its recognizable since it?s the only application which is Hidden.This file attaches itself to windo... Read more

A:Unknown Infection

here is my dds.txt, also gmer log and attach.txt are attachedDDS (Ver_09-12-01.01) - NTFSx86 Run by Admin at 22:00:18.46 on Sun 02/14/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02Microsoft Windows XP Professional 5.1.2600.2.1256.981.1033.18.2030.1328 [GMT 3.5:30]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Unlocker\Unlstant.exeC:\PROGRA~1\FREEDO~1\fdm.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Admin\My Documents�... Read more

91 more replies
Answer Match 68.46%

My computer has recently been infected with these symptoms, with my attachments in brackets:
1. Cannot update Ad-Aware AE definition file, neither automatically nor manually - browser fails to connect to download site, but connects fine to Lavasoft (AA_download_error.JPG)
2. Cannot do MS Update (MS_update_error.JPG)
3. Yahoo Search and some Google Search results are redirected (results are good, but clicking on them goes to wrong websites)

I have taken the following steps in attempts to identify and remove the infection(s), but above symptoms persisted after each step:
1. Ran Symantec AntiVirus manual scans with latest defs, which detected 1 threat on Apr. 17 (Symantec_history.JPG)
2. Ran Ad-Aware SE Plus with Mar. 30 defs, with no findings (latest defs for SE version cuz SE discontinued Apr. 1)
3. Ran Ad-Aware AE with 0146.0000 defs - no findings
4. Restored my Windows XP to Mar. 23
5. Ran Dr. Web Cure It with Apr. 21 defs, found and cured ~6 threats
6. Tested for Conficker Worm, indicating that my computer doesn't have it (Conficker_test.JPG)
7. Ran Kaspersky scan - no findings (Kaspersky_scan.JPG)
8. Installed and tried to run Spybot - S&D: cannot update defs, Spybot scan doesn't launch (Resident is in tray) but "SpybotSD.exe" shows up in Windows Task Manager Processes list
9. Ran HijackThis (hijackthis.log)
10. Ran DDS (Attach.txt)

C: is my computer's hard drive, E: is an external hard drive connected via USB 2.0. I've always had Ad-Aware Watch, Symantec A... Read more

A:Unknown Infection

Well, on the advice of my ISP, I ran Windows Live OneCare safety scanner, and it got rid of the infection! I still don't know what the infection was, but all the above symptoms are gone, and so far, no side effects. I uninstalled Ad-Aware since I have decided to use Spybot instead. It's weird that none of my other scanners got rid of the infection, but a free one from MS did.

2 more replies
Answer Match 68.46%

Something is starting iexplore.exe on it's own and every scan I've run from here and on my own has turned up nothing. Also calc.exe seems to be running with no calculator open.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:40 PM, on 3/31/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\Backup Exec\RAWS\beremote.exeC:\WINDOWS\system32\cisvc.exeD:\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exeD:\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exeC:\WINDOWS\system32\Dfssvc.exeC:\WINDOWS\System32\dns.exeC:\WINDOWS\System32\svchost.exeD:\SysAidServer\firebird\bin\fbguard.exeC:\WINDOWS\system32\CBA\pds.exeC:\WINDOWS\System32\ismserv.exeD:\Dell\SysMgt\sm\mr2kserv.exeC:\Program Files\Microsoft SQL Server\... Read more

A:Unknown Infection.

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please turn of Word Wrap before posting your logs. It just makes everything easier to read To turn off Word Wrap:Click Start and then Run. In the textbox, copy and paste in the following code:notepadClick enter. When the log in notepad pops up, click Format up top and then uncheck Word Wrap. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as... Read more

2 more replies
Answer Match 68.46%

The joys of using public computers...

I've managed to pick up something from my university computers that is basically disabling all the tools I would normally use to clean an infection. Therefore, I've got little to no idea what I could possibly have or what I should do to fix it. A scan performed with Avast at university picked up and supposedly cleaned rOOt.exe, Ogard.exe and ise32.exe on my flash and another security warning brought up blazebot as the culprit on the C drive. Back at home a Malwarebytes scan of my flash brought up nothing (and now I'm no longer able to use it) and the virus is preventing me from running any type of Nod32 scan.

Symptoms include:
- trying to close an explorer window of my flash results in it simply opening up somewhere else on the screen. 20 or so clicks finally kills it
- I'm unable to use regedit, msconfig, Nod32 or MalwareBytes as they are closed as soon as I try to open them
- 'Options' in the tool menu on explorer is no longer there. it disappeared as soon as i tried using it to show all hidden files. I'm therefore unable to see any hidden files
- I'm sure there are plenty others I simply haven't come across yet

I'm running Windows XP which is regularly updated. If there's anything other info you need I will happily provide.

Any help would be greatly appreciated. Thank you

Actually, this will probably help a lot - shows evidence of Blazebot in my application data (which I cannot access because I cannot view hidden folders)
DDS (V... Read more

A:Serious Unknown Infection

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

2 more replies