Tech Problem Aggregator

Downloaded Something Evil!

Q: Downloaded Something Evil!

I have managed to get a-hold of something that is messing with my system. I'm hoping someone can help me. The first sign something was wrong was with McAfee. It notified me I wasn't protected. When I tried to turn it on it would turn off on it's own. I have downloaded several security packages since and scanned but none have found the problem. Now the computer is becoming more and more sluggish.

I have an Acer Tablet with Intel and Atom, CPU N450 @1.66 GHz, 0.99GHz Ram, running Windows XP Home Edition 2002 Service pack 3

I will post my logs from HijackThis and GMER. I downloaded DDS onto my desktop and ran it 3 times but no logs are popping up. I know directions said to disable any script blockers but I don't think I'm running any and if I am I don't know where to go to find and disable them.

Thank you in advance for whatever help you can give.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:15:59 PM, on 6/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HUGHES~2\HDM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1110k645l0404wu05w4782u197" target="_blank" class="invilink">http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1110k645l0404wu05w4782u197" target="_blank" class="invilink">http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1110k645l0404wu05w4782u197
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1110k645l0404wu05w4782u197
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1110k645l0404wu05w4782u197
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101127083521.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Ultra Speed Tray] C:\Program Files\PC Ultra Speed\PCUltraSpeedTray.exe
O4 - HKCU\..\Run: [PC Ultra Speed Schedule] C:\Program Files\PC Ultra Speed\PCUltraSpeedSchedule.exe
O4 - Startup: e1bfb2ea9fe6d3aa91633fe38e10d877.szcpf
O4 - Startup: HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe
O4 - Global Startup: Acer VCM.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all with HughesNet Download Manager - file://C:\Program Files\HughesNet Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with HughesNet Download Manager - file://C:\Program Files\HughesNet Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with HughesNet Download Manager - file://C:\Program Files\HughesNet Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with HughesNet Download Manager - file://C:\Program Files\HughesNet Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0298281304907498) (0298281304907498mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\029828~1.EXE (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
--
End of file - 14227 bytes
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-08 20:20:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: 03edxxzj[1].exe; Driver: C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\pwlcapog.sys

---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF739D0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF739D0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

More replies
Answer Match 65.1%

HUGE mistake. Any help appreciated. Lesson learned

Here is ComboFix log:

ComboFix 07-11-19.4 - Compaq_Administrator 2007-11-26 14:30:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\jkkjg.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.

2007-11-26 09:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-26 09:41 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2007-11-26 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-25 12:10 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\.housecall6.6
2007-11-25 12:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 12:01 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 12:01 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-25 10:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-25 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-25 09:32 <DIR> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-25 08:23 116,224 --a------ ... Read more

A:Downloaded Evil From Limewire

HERE is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 2:46:20 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\re... Read more

1 more replies
Answer Match 49.56%

Hi all,unfortunetly it seems i have been infected with a rather nasty virus which is attempting to get me to buy "defence centre" antivirus software. various antivirus programs have failed to remove it even in safe mode and it has switched off my firewall coming up with "application not found" if i try to change a setting. It has also disabled system restore and task manager. Attempting to remove it with avg results in the virus uninstalling avg or simply resetting the computer. any help would be greatly appreciated!DDS (Ver_10-03-17.01) - NTFSX64 Run by antony at 13:43:14.33 on Mon 14/06/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.61.1033.18.8190.6202 [GMT 10:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files (x86)\AVG\AVG9\avgchsva.exeC:\Program Files (x86)\AVG\AVG9\avgrsa.exeC:\Windows\system32\lsm.exeC:\Program Files (x86)\AVG\AVG9\avgcsrva.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System3... Read more

A:Evil Evil virus.........DDS log attached

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 49.56%

Alright, I downloaded Steam, but when it tries to connect to the steam server, I get an error message that says"Error connecting to steam servers"...I downloaded another copy, and tried it, but same problem! Please help!
 

A:Evil Evil Vile Steam

Steam is probably down. You have to be VERY patient with steam.
 

3 more replies
Answer Match 45.78%

I am running windows XP home edition on my 1.3gigahertz celeron with 256 Ram 20 gig HD and a 120 gig HD, anyways i just recovered from NIMDA virus and it was nice enough to infect most of my .exe files so they are deleted. My problem is, is that it will say access denied to anynew folder i try to make, wont let me delete rename anything, i have tried setting the folder permissions different on those folders and the folders above them, they just arent working, i have tried everything i know. i dont know how to upload a picture using html, i will try the attachment, but i have the error picture ready to be uploaded, please PLEASE email me if you know whats going on at [email protected]

A:evil errors, very evil

Welcome to the board,

After the virus did you format and reinstall or are you using the same post sick system ... if you are make sure you no longer have anything in quaranteen (sp). yeah spelling could use some work but anyway ...

6 more replies
Answer Match 36.96%

I have a pc that I built that used to work fine but started randomly shutting down. Then would not boot windows replaced p/s but still shuts down while trying to reinstall windows. Should be cool enough but don't know for sure won't run long enough to check. someone please help me!!
 

A:evil pc!!

9 more replies
Answer Match 36.96%

My computer takes ages to shut down or won't shut down. Things are very slow or processes fail. And when I'm on a web page suddenly it goes to a porn page. Please help!!!

Also can't now access my google mail account either. Though i may have deleted the wrong file from a hijack this attempt before.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\office10\dw.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDO... Read more

A:Evil Pop Up

first that is a partial HJT log & looks like from an old version

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

1 more replies
Answer Match 36.96%
Q: Evil!!!

My recycle bin is stuck on the full icon even though it's not empty as shown in the following attatchment. The problem is that there's no contents and the empty recycling bin option is grayed out, how do I fix this? I have XP Pro.
 

A:Evil!!!

Contents of recyclebin
 

2 more replies
Answer Match 36.96%

Just today i found my IE not working. When selecting IE it takes longer than ever to load to my homepage, Google, when it does load my mouse ghosts over the face of my homepage unable to to click the search box and type. i am also unable to to select anything on the homepage, mouse just ghosts over favorites etc. Basically the page freezes and i have to crtl alt dlt to bring up the task manager and cancel the application. I am unable to check for adware and the like for my mcaffe is also not working all of a sudden, claiming unable to run the application. Help?

A:Something evil this way comes

go into add and remove and click to uninstall it and it will ask if you would like to run a repair on it

3 more replies
Answer Match 36.96%

per your recommendation i bought eset for my old dell xp about 4 months now. i have not been invaded....so thanks but i have had it update as much as 3 times in one day. coupled with flash player trying to load /crashing it does slow things down a tad. no complaint just asking. are there that many trying to smak n jak....my putor ?

A:is there that much evil on the net

The World Wide Web is full of hackers that's why the good side can't keep up with it.

5 more replies
Answer Match 36.96%

Hi, Came back to my Pc to find a message "no Hard Disc " etc etc.. then "please insert system disc to reload windows. Never having seen this before I did as I was told and went through the whole palava. But it then kept freezing up when it tried to reboot.It seemed to have died. My wife's solution was to turn it off at the plug and it will be alright in the morning!!!
This morning I turned on and bugger me it worked as normal. I can't help feeling I need to do something to prevent that from re occuring...but what???
 

A:Something evil this way comes?

Run chkdsk /r.

Visit my homepage and click on chkdsk for instructions.
 

2 more replies
Answer Match 36.96%

Argh.... I'm having problems with random pop-ups every time I load a page or two, especially the one involving WinAntiVirus Pro or something like that. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:55:16 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\AOL\1154294752\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Mixer.exe
D:\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\DAEMON Tools\daemon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\common files\aol\1154294752\ee\aim6.exe
C:\WINDOWS\UGV0ZXIgQ2hlbmc\command.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\xevnyfav.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\w... Read more

A:Pop-ups are evil.

7 more replies
Answer Match 36.54%

I cant install the game it says its only compatible with windows 95 is there any way around this?My pc uses xp HELP please! And yes i know its an old game (10 years at least sheesh) but me still luvsit
 

A:resident evil 1

i'm not sure this is possible. Maybe you should get a second hard drive, install win 95 on it, boot into win 95 and run the game from there.
 

3 more replies
Answer Match 36.54%

I have been battling this infection for 3 says now. I am usually pretty skilled at getting rid of them. I have used many tried and true combinations of removal including CCleaner, followed by Malwarebytes, followed by Combofix. It finds and removes multiple infections and then on reboot is re-infected. Blue screens rule the day when not in safe mode. I have tried numerous other fixes and removal wares to no avail.Once everything is suppossedly cleaned, when I reboot in safe mode IE is always re-directed to cliccked.cn (mostly, and some other crap search sites). Slowly but shurley the infections reappear. At one point It removed my desktop and I could not run any .exe, it killed Combofix and Malwarebytes. I had to re-download those and then run as .com to recapture my desktop. This is the nastiest infection I have ever seenHers is my latest hijack this! and Malwarebytes logs. Any help would be trulyt appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:43:55, on 8/17/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\... Read more

A:Help! Evil rootkit will not go away!

Greetings micropirate and Welcome to the Forums,It's not a good idea to run combofix on your own unless you've had proper training...as you already know I'm sure since the download page clearly spells that out.You can try to rename combofix to:services.exe...your end result will be a file that is named services.exe and not services.exe.exe Once renamed, run the program again...post back THAT log. Thanks!

24 more replies
Answer Match 36.54%

I just got the drivers updated for my mobility radeon 7500c. The game looks and runs great except for a problem with the text. in all of the written dialouge/menues, the text appears as strings of single letters covering very faint markings of the correct letters. Any ideas?
 

More replies
Answer Match 36.54%

I had no idea where to post this because i didn't find a forum for it specifically...but i need help with my computer. The problem is a Trojan...it infiltrated my computer and is now really annoying me...i don't know whats the name of this Trojan but i know what it does. It took me a couple of hours to realize what it does and its REALLY REALLY Annoying.

This Trojan resets my computer to the way it was before i Shutdown my pc meaning i can change anything on my pc without it being changed back asa i restart my computer. For those who know what Deep Freeze is it does exactly what deep freeze does when i restart my computer

So can anyone help me? to search and destroy this problem before i go crazy...I've already backed up most of the files on my HardDrive so I'm taking into consideration that i might have to format my computer, but that is my last resort.

I will try anything to take this off but if someone could help me find its name...and how to remove it, I would really really appreciate any kind of help on this
Thank you for taking your time to help me with this.

ps: i had no antivirus when i got the trojan...is it hopeless? and i cant even install one now that ive got the trojan...
 

A:Trojans are evil...

16 more replies
Answer Match 36.54%

Hey everyone
I have Smitfraud-C on my computer. I followed two online tutorials on fixing it to no results, plus I read many people's posts on how this is a complicated virus and so I should ask others for help instead of trying to get rid of it myself. So here I am

Please help me to get rid of this virus. Spybot finds 2 entries of Smitfraud-C whanever I run it, one of which it fixes (a registry key) and one of which it doesn't (a file).

Heres a log from HT.

THANKS in advance )
Logfile of HijackThis v1.99.1
Scan saved at 20:26:17, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program File... Read more

A:Help rid me of the evil that is Smitfraud-C!

Anyone?
 

2 more replies
Answer Match 36.54%

i have a terrible virus on my computer and at first it was surfsidekick but now i think itws a combination of a bunch of viruses and my keyboard and mouse are having trouble working and when i tried a system restore nothing happend so im basically screwed wut do i do????? if u need more info just askd

A:EVIL VIRUS

What AV program are you using, and have you updated it lately?Do you have any anti spy/malware software running.Which Firewall?Download Hijack This from here and post a log in the relevant section.More info MyComp please.

1 more replies
Answer Match 36.54%

when i downloaded MSN PLUS it put the most evil toolbar on my internet explorer. i un-installed MSN PLUS to try to un-install it, but that didn't work. Um...i need HELP!!! pleease
 

A:Um...MSN PLUS toolbar(evil)

6 more replies
Answer Match 36.54%

My friend got a virus recently and i have no clue wat kind it is...this is pretty much wat it did...

he was watching a porn video(Loser lol) and he sai dit froze...he left it for awhile thne restarted it...he said wen he tryed to turn it on a message came up saying "Windows could not load because the following files are missing: ntoskrnl.exe" so i went searching and thers only 1 virus that I kno of that would do that...W32.Bolzano...can any1 help me clarify this for him? Re-formatting isnt an option becuause im not sure if it infects drives...so any help would be appreciated

A:Evil Virus...

Has he thoroughly scanned his hard drive with his resident Anti-Virus?
If so, what happened.
Regards,
John

2 more replies
Answer Match 36.54%

i got my mic working a couple months ago and i decided to take it out and re plug and now its not working and its making me mad...ive checked my device manager and shows nothing(that i know of anyway). the mic came with the computer...last time i plugged it in i restarted and i tihnk it took a day or 2...well any advice would be great!

thanks,
moomoo

A:Stupid Evil Mic

I don't believe a mic will show up in the device manager.

Do you see a speaker icon in the area next to the clock?
Double click on it.
Then click "options" in the box that opens.
Choose "properties"
Scroll down amd make sure that the box for the mic has a check mark
click "OK"

also:
Try changing the battery in the mic, and make sure it's plugged into the right jack.

1 more replies
Answer Match 36.54%

Gurus:
What I've determined so far is a Babylon search/destroy issue. I have 2 affected machines and will work thru solution for one here - a Win7.

All machines on home wireless. Please advise early in resolution if I need to disconnect others to avoid virus spreading. Using USB drives for HJT, etc - hopefully these are not transferring viruses too. Please comment.

Win7/64-bit in Safe Mode allowed me to create an OT(OldTimer) report. Each time I log in as Admin, the PC is removing more of my privileges, thus I cannot run HJT.

Below are OT & DDS reports; the new post attachment link is not working on this Mac. Instructions state not to post. I will keep trying.

Whatever is affecting my network & machines is the worst I've ever had GRRR.

I appreciate your help here!

________________________

OTL logfile created on: 7/2/2012 1:34:43 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 80.93% Memory free
7.83 Gb Paging File | 7.11 Gb Available in Paging File | 90.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 373.10 Gb ... Read more

A:Babylon is EVIL

Providing Attach.txt as attachment.

Thanks in advance for your assistance.
 

2 more replies
Answer Match 36.54%

Logfile of HijackThis v1.99.1
Scan saved at 10:12:17 AM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\CY_BG.EXE
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
D:\program files\qttask.exe
C:\Program... Read more

A:what is good or evil?

6 more replies
Answer Match 36.54%

i have trendmicro as my happy antivirus/antiadware program, but it too has been conquered by evil enhancemysearch. i can't send emails and it's making me crazy!! can you help??
 

A:evil enhancemysearch

Please download the most current version of Hijackthis and post a new hijackthis log.

http://downloads.subratam.org/hijackthis.zip
 

3 more replies
Answer Match 36.54%

I currently have something wrong with my PC. MalwareBytes, Spybot, and adAware have all been run, AVG-Free has scanned and NOTHING has been found. However I still know there is a problem because for the first 15-20 minutes after I start my PC anything I click on, be it one click or a double click, responds as if I clicked hundreds of times.

SO, basically, I think I am in need of a better anti-virus, because I am not at all happy with this (I already posted a HiJack this log in the right area), but once I get my problem fixed, which anti-virus should I switch to? I found a trojan not that long ago scanning with Panda, I am rarely not the one using my PC, my husband used it briefly and this is when the problems started, so I need something that even he would have a hard time making my PC sick. SO....please tell me your picks...and if you want to get all technical...that's cool too, I like to know how things work!! Thanks in advance!

A:Ridding myself of this evil.....

Hi again,I have just answered your log thread here: http://www.bleepingcomputer.com/forums/t/239269/hijack-this-report-cant-seem-to-get-rid-of-something/As mentioned there, when a log is posted in the malware removal forums, additional topics like this are closed to prevent confusion and other problems. I will contact a moderator to do so--this thread can be reopened when your malware case is resolved--but I want to answer your question as best as I can.I would not get rid of AVG because of the problems that you state. For one thing you may not actually be infected by malware but have a more mundane computer problem. Also, I have looked at the Panda and other logs you posted in November. One file Panda found was just a warning--note it was flagged as "suspicious"--and is known to be a legitimate HP file. The other is most likely a false positive and the others are just tracking cookies. It does not make sense to get rid of AVG because it did not show you false detections that worry you needlessly--in fact that would be a reason to keep it. And you are going to get tracking cookies anytime you run a scan if you have done any surfing at all.I am not very fond of AVG, but it is not because of its detection rate. Even the best antivirus will fail to detect some threats. In today's landscape there are way too many threats out there for detection rates to be 100%. Every AV out there is going to miss some that others pick up, and, conversely, will pick up some that the oth... Read more

2 more replies
Answer Match 36.54%

Hey,

I recently got Beyond Good and Evil and I've been playing it for a bit and I've had a crash. So far it was suppose to caused by a virtual image drive that I had. I disabled it, and the part where the game was crashing, was fixed. But later on in the game, where you have the Races 1 and 2, when the race is over and the game is suppose to reload to another screen, it freezes at that point. My whole computer freezes completely, then after about a minute an error comes up saying that my video drivers have stopped working correctly, but there's a little more to it.

The crash does go back to windows, but my color is all distorted and the resolutions goes very low. It tells me to restart my computer to get my drivers back to normal.

So, has anyone ever experienced a crash like this?

My specs

1.67 Ghz AMD Athlon 2000+
768MB RAM
GeforceFX 5700LE 256MB
Running the game from a CD-RW

I have the ForceWare drivers 66.93 from the official website.
 

A:Beyond Good and Evil

try running a earlier version of your drivers
 

1 more replies
Answer Match 36.54%

I am running windows xp. my husband was surfing and downloaded come codec( the same as the other post about eprotectpage.com) now we have a toolbar we can't remove, a securing warning in the bottom right corner, and our home page has been hijacked to be eprotectpage.com. We bought and installed windows live onecare, scanned and it removed some things but we still have problem. i downloaded another program that removed a buch of stuff (quarenteened them) that the first program did not find and it still did not work. i use this comp. alot and i don't know what else to do. in the other post you had the person download the hijackthis thing and scan and save the report. i have alredy done that and will paste it here. any help you can give me would be great!!Logfile of HijackThis v1.99.1
Scan saved at 12:57:17 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QualityCodec\isamonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Progra... Read more

A:Help!eprotectpage.com is evil

16 more replies
Answer Match 36.54%

anyone here know`s if resident evil 5 is coming to the pc...
 

A:resident evil 5 for pc

10 more replies
Answer Match 36.54%

Hi,

I've ran both Spybot and Adaware, but this PSguard thing keeps coming back =(
If anyone can help it will be greatly appreciated

Here's my HJT log

Logfile of HijackThis v1.99.0
Scan saved at 2:47:14 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microangelo\muamgr.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\j2re1.4.1_07\bin\javaw.exe
C:\WINDOWS\system32\iere32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\Documents and Settings\Owner\CuDzY\Maintenance\HijackThis.exe

R1 - HKCU\Software\... Read more

A:evil PSguard

7 more replies
Answer Match 36.54%

I was running the game fine for a while now the "launcher" comes up and I am unable to click "Play" it highlights and everything but wont "click"
Is there a way around the launcher or is there a fix that I couldn't find?
Tried to update the game but it came up with

---------------------------
Error
---------------------------
No game requiring an update is installed on this computer.
---------------------------
OK
---------------------------

Any suggestions?
 

A:New Res Evil 4 problem

Amendment
Why would some of my programs come up with a message saying I have limited access when my profile is the Administrator?
 

1 more replies
Answer Match 36.54%

havieng same problem as everyone else, tryed al the info given to succsess getting same error msg, thing is it did work, then got error, then worked again, now back to error, i have norton antvirus the newest one, and i'v use a spywear removal, it says i have cws, but the cws shredder dose not detect it, here's my list thing:Logfile of HijackThis v1.99.1
Scan saved at 22:41:22, on 21/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\netyw.exe
C:\WINDOWS\System32\svchost.e... Read more

A:Dr Watson The evil

16 more replies
Answer Match 36.54%

Morning.

As I (and many many others, it seems) have already mentioned, my comp is painfully s l o w and reluctant to display internet pages - especially MSN ones.

I've run the latest adaware, spybot, AVG and online HouseCall.
nothing.

so could someone Pleeeeeeeeeeeeeease take a look at this and tell me where the demon is??

(Dish washing/ dog walking and other domestic chores considered in exchange for help)

Logfile of HijackThis v1.97.7
Scan saved at 8:20:54, on 18-03-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Real\RealPlayer\RealPlay.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programas\OpenOffice.org1.0\program\soffice.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclie... Read more

A:Hjt hiding something evil

14 more replies
Answer Match 36.54%

any help appriciated

Logfile of HijackThis v1.98.2
Scan saved at 0:17:44, on 2004/09/20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crht32.exe
C:\WINDOWS\mscj.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\Matthew Sternberg\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {515E6800-C37D-9309-FEE4-5E5649A955B4} - C:\WINDOWS\system32\crht32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [vptray] C:\P... Read more

A:Help me rid my PC of evil do-dads

remove

C:\WINDOWS\mscj.exe
O4 - HKLM\..\Run: [crht32.exe] C:\WINDOWS\system32\crht32.exe
O4 - HKLM\..\RunOnce: [mscj.exe] C:\WINDOWS\mscj.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &tadow! Search Bar search - res://C:\WINDOWS\Downloaded Program Files\toolbar.dll/SEARCH.HTML
good luck
 

1 more replies
Answer Match 36.54%

First of all let me say a heartfelt thank you to the people that read and respond to these posts.
Anyone who is wiling to give so much valuable time to help others is a hero in my opinion.

I am tech savvy but over the past few years virus/malware/rootkits have advanced to a point where they are beyond all but the most knowledgable folks such as yourselves.

My PC is running OK except for a few things, and I believe there is some malware at play:

1. Firefox runs slow and has tons of javascript problems
2. Some file associations changing or acting strangely
3. Unexplained registry alterations
4. Strange traffic on network as viewed in Wireshark

Please let me know if there is anything suspicious in the following log and, THANKS AGAIN!

Milt


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by ASG at 18:07:10 on 2013-01-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7679.5127 [GMT -8:00]
.
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
FW: ZoneAlarm Security Suite Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k Dc... Read more

A:Something Evil Lurks in my PC

Hello milfigures, and welcome to Bleeping Computer! My name is bloopie and I'll be helping you with your problems as best I can! A few things to keep in mind while we are working together:If you have since resolved the original problem you were having, I would appreciate it if you let me know.If you are unsure about any of the steps just post what you can and I will guide you!Please tell me if you have your original Windows CD/DVD available.Please copy and paste all logs here unless otherwise instructed!Upon completing the steps below I will review your topic an do my best to resolve your issues.==========By your logs, I can see that you've run Combofix just the other day in an attempt to clean your machine. Since that did not work for you, you then posted here, correct?Since Combofix has been run, I'd like you to post the log for me...it can be located at C:\Combofix.txt==========Here are a few steps to start us off with other logs:Step Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any... Read more

3 more replies
Answer Match 36.54%

I've done got the Sheriff, and I want to shoot him dead! The help you guys have given to others with this baddie seems good. Help me fix it and I'm a happy donator! Here is my HJT log, and I've taken the liberty of downloading the apps you guys recommend for fixes (ccleaner, ewido, smitrem, etc...) My internet functionality on this infected PC is nil, so I'm currently shuttling files to it via CDs from my work computer. I expect (and you should ,too) a one business day delay between your suggestions and my responses. Any help would be greatly appreciated and rewarded!
 

A:Evil SpySheriff!

8 more replies
Answer Match 36.54%

hey, i'm new to Tech support guy, and i'm not a wiz with computers either =/

When i try to play re4 on this vista laptop, it comes up with a notice saying: "game.exe has stopped working", i can either close the program, or check online for a soulution (whih i have tried and nothing happens). These are the problem details:

Problem Event Name: APPCRASH
Application Name: game.exe
Application Version: 0.0.0.0
Application Timestamp: 45a4e04b
Fault Module Name: game.exe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 45a4e04b
Exception Code: c0000005
Exception Offset: 002473bb
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 2057
Additional Information 1: d996
Additional Information 2: 302c3a6161e0d813eff9d88cc7909acd
Additional Information 3: af53
Additional Information 4: a8d6a0fd03f175c651c01f9ec7e358f2

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

can anyone help me on this please?

thanks
 

A:resident evil 4

16 more replies
Answer Match 36.54%

Anyone else playing this game?

I've got my underground lair built up as far as I can with a security network, recreation room for my minions, infirmary, holding cells and interrogation devices. The problem is that all my minions are construction workers. I'm trying to get them moved up by capturing people on my island and interrogating them but they always die during the interrogation. What am I doing wrong?
 

A:Evil Genius

13 more replies
Answer Match 36.54%

OK I've run Ad-aware and spybot, both with the newest versions and updates and now i am ready to KILL because i cannot get rid of this stupid lop.com bleep. This is not my computer, it's my little bro's and I'm just trying to get it running again. I'm posting my hijack this log in hopes someone can tell me what I can do to remove this manually. Thanks!Logfile of HijackThis v1.99.1Scan saved at 8:33:12 AM, on 2/24/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\AUTOUPDT.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLOR... Read more

A:Annoying evil lop! Cam't get rid of it!

Hi You have Messenger Plus installed. This program is known to install malware. I would advise that you remove this program from your computer.Download System Security Suite here:System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.Please print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bzzqrfmofgbkqwjmwwehc.com/n_1TR...ONadqH60dN9.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acrrcznbkp.com/n_1TRYIDJWxKQrE9...5JLbl4FnS7k.phpO2 - BHO: (no name) - {867F13BD-EFBF-1D28-CD74-86878ACF0ABE} - C:\WINDOWS\APPLICATION DATA\BLEH CASH\ABOUT CLOCK.EXEO3 - Toolbar: (no name) - {80345740-CE48-11D7-A13F-00045A69FF74} - (no file)O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)O4 - HKLM\..\Run: [BatGrid] C:&#... Read more

1 more replies
Answer Match 36.54%

Long story short... Evil teen Computer genius who is upset with us is basically holding our computer hostage. We kicked him out of our house and before leaving he changed all of our user accounts to limited access and locked our Admin account. I called DELL and was told to restart the computer in safe mode and that would bypass the need for a password but it did not help. It still asked for a pw.

I don't know how he even got past our desktop when all of the accounts were pw protected!

A tech friend suggested I remove our hard drive and put into another computer and download the files onto flash drive then reinstall our OS onto the computer in question.
This seems like a lot of work and money (don't own a flash drive).

Are there any other things I could do? Does anyone know anything about "jumping pins on the system board"?
Also, is what he did illegal, b/c we definitely would like to press charges!
Any help is so appreciated.
I am a Computer novice. We have WIndows XP Home edition
Dell Dimensions 2400
 

A:The Evil Family

8 more replies
Answer Match 36.54%

can someone help me with my Resident evil 2 for pc i can not save my game ,and also my game crashes each time i go into the green hallway were the licker is just as soon as i get to were the blood is my game crashes im Running Window XP, 120gig hard drive, pen4, 384ram
 

A:residend evil 2 for pc

Resident Evil 2 came out before there was any windows XP so I guess it was not designed for it, I had different kinda issues with RE3 on Xp which were resolved after following these instructions
Capcom a problem similar to yours here

Try these two things and lets hope it works , good luck.
 

3 more replies
Answer Match 36.54%

Hey, I'm a first time poster but I'd REALLY appreciate any help I receive from here, I'm getting desperate! After somehow letting SpySheriff get onto my computer (THROUGH an fully updated Norton Internet Security), the first thing I did was turn off my computer and use my loving parents computer to access this site. I then followed the instructions given on how to remove SpySheriff.But its failed... Certain files refused to delete even using KillBox and I still have one (or sometimes two) red circles with a white X in my system tray what give out speech bubbles every 5-10 seconds telling me "Windows has detected Spyware!" , intermittently not all of my start up items do either. Norton IS 2005 (with updated virus definitions) doesn't find a problem, ewido (with updated definitions) now doesn?t find anything, Ad-Aware SE (admittedly without the definitions) fails to bring up anything. And in the three days I've had this virus I've had the blue screen of death at least once a day. It's all running so slowly (from pressing the power button to even seeing any of my desktop icons is now nearly 10 mins!) Below is my HiJackThis Log, hopefully someone on this site will be able to help.. please?Dave--------------------------------Logfile of HijackThis v1.99.1Scan saved at 10:14:42, on 18/10/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS ... Read more

A:Spysheriff Is Evil

I forgot to mention before, that if i try to Ctrl+Alt+Del at any point, I just get a warning saying "Task manager has been disabled by your administrator" ... But I'm the only user of this computer, and I definatly AM the administrator. This is all confusing me now.

3 more replies
Answer Match 36.54%

Hi,

as you can tell by the name, I am relatively new (mostly to this forum).
Anyways, I have a virus ( i believe it is the trojan variety ) and its been a pain to remove.
I'm not exactly sure what to do now, and decided to post here and see if anyone can help.

So I guess I'll explain what this virus is doing...
1. It changes my background to this weird Ad-like message:
WARNING!! your computer may...blah blah...
and it doesn't allow me to change the background too...
2. It disables my Task manager, so i can't end anything suspicious...
3. It creates some new icon (near the clock, bottom right) that tells me to install some virus scanner
-i know its fake, but clicked it and it pops an website for me (disabled internet btw)

and after trying to clean/scan/reboot endlessly, the problem still persists! What i delete/remove earlier, just comes crawling back...
I used the following to scan/clean:
-S & D
-Ad-aware
-Nod32

Ah dam...I read the BEFORE YOU POST thread too late...can't change the topic title.
Anyways, while scanning i noticed the following .dll that I found were harmful ( i think )
-doguzeri.dll
-yoyijite.dll
I tried to clean/remove these using HJT. but the just come back

So if anyone can help, i'll be more than appreciated.
Thanks!

A:A very evil bugger

problem more or less solved
thanks to another topic with similar problem
Thanks anyways!

4 more replies
Answer Match 36.54%

Main big problem, i have a Radeon Sapphire 9200 256mb vid card which runs the game, but after a few times playing the game. when i run the game and start a new game, after skipping the very first scene my screen goes black and then cannot see the game anymore, but can hear the audio. anyone have this problem before or know how to fix it?
 

A:Resident Evil 4

7 more replies
Answer Match 36.54%

Hello Malwarebytes forum,
 
My computer is really annoying me.
I cannot do anything on it..
I dont think i have anything cracked on my computer, if I do help me get rid of it.
 
Symptoms.
1. explorer.exe crashes, when trying to relaunch thru task manager it gives me an error that i do not have enough memory. But i have 12GB ram.
2. Bluescreen of death when virus scanning.
3. When starting computer, I always have to run startup repair to start my computer.
4. random freezes, no admin rights, I dont even have a recycle bin on my desktop its gone out of nowhere.
5. Lots of problems.
6. My keyboard writes 2 times the letters sometimes, I have plugged in another keyboard and the same problem happens. I have been changing the keyboard response, and no change at all.
 
I cant format my PC, I cant system restore, I cant do anything :/
 
Scans are now Attached.

A:Evil Infection.

Crossposting:
https://forums.malwarebytes.org/index.php?/topic/165101-evil-infection/

1 more replies
Answer Match 36.54%

Got a hp 3300c scanner on a win ME system, running 64mb ram, 400mhz celeron, 20 gb hard drive. First of all, to get the scanner to work, had to download the latest drivers, as it had earlier reported the usb ports locked. The latest software fixed this. Scanned the first ten pics no prob. Then the scanner software suddenly stopped responding. Rebooting and shutting down did not change anything. The scanner also made no noise, although the scanner software would continuously run, until it reported no response. Uninstalling and reinstalling the software did not work either, nor did unhooking everything and reconnecting the cables. Device manager reports everything as fine, and scanners and digital cameras in control panel completed the diagnostic test with no probs reported. Has the scanner died or is this a computer problem? Pls. help! System resources report 83% while running the scanner software. Additionally, in task manager, I notice ptsnoop running, but panda virus online test did not detect any viruses.
 

A:evil scanner

probably the scanner itself, but you can try that scanner on another computer to see if it still work or not.
 

3 more replies
Answer Match 36.54%

Some reason there are several sites no matter which unit that I am on. I get this error message for some reason, You were unable to login. Please check your cookie settings. However, even after I clean them out I still get it for some reason
 

More replies
Answer Match 36.54%

Hello, I have stumbled upon this website after scanning with Hijack this. I have a log that I will post below. Problem is that there is some sort of redirect going on when I use Google with Mozilla. It takes a long time for the inital page to load and ocassionally it directs me to a different page. I have run spybot as well as malwarebytes several times and still have this persistant, annoying problem. Hoping that someone can see somthing that I can not, and help me clear this up. Thanks, RayLog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:25:20 PM, on 4/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Shared Files\CTDevSrv.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Messenger\msmsgs... Read more

A:Evil Doings

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 36.54%

i downloaded some wallpaper for my laptop a few wks ago. the only time it shows up is when windows 2000 is either starting up or shutting down. also, every now and then the taskbar will disappear, replaced by that section of the wallpaper. what is going on?
 

A:evil wallpaper?

don't really know answer, but seeing as to no know is posting...maybe you could change to no wallpaper, then go into taskbar properties and check the box about keeping the taskbar on top.
 

1 more replies
Answer Match 36.54%

I have Midaddle on my computer and I have tried everything I can find on the internet but nothing seems to work. I've attached my Hiajckthis log, if someone could look at it please? I can't find anything in there that relates to Midaddle... I've run Adaware and Spybot over and over in regular and safe mode. I've done online scans and deleted everything... I can't even find midaddle.dll on my computer, but the virus is there lurking somewhere... any help you can offer me would be very much appreciated

Logfile of HijackThis v1.98.2
Scan saved at 8:04:23 AM, on 8/26/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\AspenTech\InfoPlus.21\shared\bin\portserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe ... Read more

A:Evil Midaddle MUST DIE!!

Welcome to TSF.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop or Temp folder. This is required because HijackThis will create backups and we don’t want them to be deleted.

I see it.

Boot into Safe Mode and open up HijackThis. Check and fix:

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\ntuli\Local Settings\Temp\1o.dll

Delete all the files in this folder (but not the folder itself):

C:\Documents and Settings\ntuli\Local Settings\Temp\

Restart and post a new log file.

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.

1 more replies
Answer Match 36.54%

Hey peeps,

This is a bit of a dirty question which some may not be happy with answering.

I acquired an Apple Macbook (Not pro or Air, just Macbook) lappy last night which needs a replacement screen (not to much trouble there, should be easy enough) but at the mo it has OSx installed and I AM NOT AN APPLE MAC PERSON so i want to put Win 7 on it as the spec is pretty good, Core 2 Duo (I think) and 4GB Ram.

Is it possible?

Can it be done without OSx being installed, and above all how would i go about it?

Would it be easier to buy a new HDD that is not Apple, as after looking at another drive, it looks to be a simple Sata drive but with Apple firmware.

Thanks in advance, sorry for the evil, vindictive question.

Lucky

EDIT* Hope this does'nt break any rules on this forum.

A:Evil question here

There's no harm in trying. If you want to play safe, use a different HDD. It would help if we knew the specs of the laptop so that we can direct you to the relevant downloads for your hardware. It may be necessary, therefore, to boot up into OSx just so that you can acquire this information from their equivalent of Device Manager and System Information. It needs to be said, though, that Apple tend to use proprietary hardware in their systems that will only work with their OSes.

1 more replies
Answer Match 36.54%

Ok, I've been working on this problem for at least 3 weeks now. My laptop, which was built by a compaly in Fargo N.D. (bytespeed) is acting really strange. When running off of the battery, everything is just fine, no problems whatsoever. But, then when I plug in the power adapter, it acts like it's possessed, most of the time not getting past the BIOS in post, then the power cycles and it starts all over again. Sometimes it will make it as far as the login screen for WIN2k, but then it starts cycling again. So far I've WIPE'd the harddrive, flashed he BIOS and re-installed the OS. Now I'm at a complete loss. All of the fans are working like normal, so I'm pretty sure it's not a heat issue. Any help on this will be GREATly appreciated.
 

A:evil laptop

8 more replies
Answer Match 36.54%

I'm running on XP SP3, latest MS updates and I'm confused as to where it even came from! When I delete the files, they come back. When I delete the registry keys, they come back.

Antivirus programs aren't to any help, and I'm at a loss because every link I first click on in Google brings me to some bad ad site and I'm getting more and more upset with this by the day...

Pop ups have stopped... but, er.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:19 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\E... Read more

More replies
Answer Match 36.54%

Heyy, when i open windows live messenger, build 14 i think, its ok, but when i try to talk to someone, it says 'runtime error' line 896, library not registered. Then it says do you wanna debug, so i did, and it pressed 'break, and it did nothing, and then it said, msn needs to close.. so yeha.. please help
 

More replies
Answer Match 36.54%

Hello,

I had a terrible pop up("download this antivirus", (blank webpage.... ieavdownloadstart.com) take over my internet explorer. I followed the instructions in the sticky and downloaded hijackthis, and malwarebytes. What do I do now? Here are my reports:

Before....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:59 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\m... Read more

A:Help, Evil popups have taken over!

thanks for nothing
 

1 more replies
Answer Match 36.54%

Ok, well.... Ill go into details on how I got this and then describe what it does.... Ive also gota hijack log saved incase you guys need that also.

First of all, I noticed a virus or something odd going on when I saw multiple entries of iexplore running in my background and noticing that I would only have 1 copy of it running. My games would also alt tab strangely enough, and Id notice more iexplore running even after I closed them all previously.

So, I took probably a dumb step and got any microsoft upgrades I needed, there were only 2 "criticals" which I needed and I think both were pretty passive. So I did that and restarted my computer...

This is when I noticed things went bad... iexplore would not open, I mean the browser would not even come up... so I downloaded firefox... same result... and now Im using Opera which works thankfully.

Thinking I was ok and such I downloaded loads of antivirus to keep me slightly safer... and now Im reaching out to what to do... since Im curious if its a virus or something worse...

After some time Ive also noticed folders of games being moved into other folders, some of my other games that once opened up fine now lock up on starting and when I use task manager to close them it would lock up during mid end process....



Anyways any help is hugely helpful, Id like to avoid having to do the complete cleanup... but if thats the only route I guess I can handle that.... but if anyone knows other solutions please... Read more

A:Evil Virus - Help

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 36.54%

I've been using AIM for a long time, and one day I decided to try out the new "AIM Triton." Well...it sucked *** and it used too much memory. So I switched back to AIM 5.9 and uninstalled AIM Triton using the AOL Uninstaller from Add/Remove Programs. Now everything was better...except 1 problem. The AOL Uninstaller doesn't uninstall itself! It is harmless sitting in my Add/Remove Programs, but I still want it off. Many people had this problem, but I searched everywhere and couldn't find an answer. So if anyone knows how to remove this AOL crap, please shed some light. Thanks in advance.
Edit: Here is a screenshot.
 

A:Solved: AOL is Evil! Help!

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

It has an add/remove button that will get that entry
=============
For the cleaning functions:

Use the clear files and Unnecessary files buttons I do not recommend
using the Duplicates files button as many dupes are there on purpose.

Not all files will delete that is normal.

In the unnecessary button I check the top 4 entries
 

2 more replies
Answer Match 36.54%

I made a webpage.... And i put a code for weird cursor (its a skull) in it.. And it works an all but i have a iframe on my page and when i move my cursor over it it goes back to a normal arrow... and the skull seems to get stuck right where i enterd the iframe... so i tried putting a cursor in the page for the iframe too... and now they both like get stuck when i go from the page to the frame and then from the frame to the page... How can i fix this?
 

A:Cursors are evil...

Basicly I want the image trailing behind the cursor to dissapear when the cursor leaves the page or goes into the iframe.....
 

1 more replies
Answer Match 36.54%

Look! Look! Whats Up With This?! Lol!
 

A:Omg Look How Evil This Card Is!

I never would have noticed that.

You, my friend, made me laugh. Especially the "lol" at the price :haha:
 

20 more replies
Answer Match 36.54%

I have purchased a Evil Kyro 64mb AGP card. When the resolution is set below 1024x728, the image shakes, is this a bad card or what? Does not happen above 1024x728. The only problem with this is that I cant hook my tv up to it with the resolution set that high. Anyone know of a good display card with tv out?

Thanks
System Specs
Ampton M830 motherboard
AMD Athlon 1.4
640 mb ram
40 gig HD
40x Burner
DVD
CD
Floppy
 

A:Evil Kyro

Apart from the motherboard i have a system very similar to yours. I have also experienced graphics card problems but not shaky screens. i found that a lot of my problems were linked to bios settings and my OS.

try this link; it will explore solutions better than i can.

http://www.techspot.com/tweaks/kyro2/index.shtml

will also check my own settings and see if anything crops up.

good luck
 

1 more replies
Answer Match 36.54%

Although I consider myself a proficient PC user, my proficiency stops at running applications.

In the last one month, my PC has been bombarded by viruses, worms, trojans and every conceivable kind of malware. This led me to format the hard disk and re-install the programmes. I currently have Avast and spybot S & D. I have also activated the XP firewall.

In spite of all the above, I'm losing a lot of my bandwidth to the menaces. A few samples:

1. Something that calls itself 'Messenger Service' keeps popping messages with the following text

"Message from Internet to Infected on 12/16/2004 5:34:50 PM

This computer is infected with Spyware and Adware. This can and will effect performance on (sic) this computer. These programs are normally put onto your computer without your knowledge and virus programmes don't always find them. To remove these, it is recommended that you go to: www.Xp-Fix.com!"

I did actually try out the website and it exists. It claims to have a one shot cure for all kinds of XP ills. It also asks you to pay some $ 70 something.

The popup uses the csrss.exe process. If I shotdown the popup, it pops up again within a couple of minute. Also, it mentions a couple of different websites in the place of Xp-Fix.com.

2. This morning I was trying to install the trial version of Quick Heal AV. It detected a trojan called 'trojan.rootkit.H'. However, since this AV was clashing with Avast, I had to un-install it. Nevrtheless, I haven't as muc... Read more

A:Evil programmes

Oh my gosh never ever ever click on any pop-up. Install and run Spybot Search and Destroy and AdAware. A Squared is a great program also. It would not hurt to have them all. I do as do many others.And go into your Task manager and cancel all running process' that are not needed as in "uninvited" guests.AdAwareSE PersonalSpybot S&Da? Personal And if all else fails. Post a Highjack This Log. You may need to anywayHighjack This Forum

8 more replies
Answer Match 36.54%

Hello,

This is probably more information than you need but I don't know what is important or not so here goes...

I am running Windows XP on a Sony VAIO and primarily use Firefox as my webbrowser though I do use IE for testing my sites.

A few days ago while reading a private message on a forum, my Spyware and Virus software threw up a bunch of warnings. Since then I've been seeing a number of troubling things going on.

The first sign of something not right is an error that kept popping up...

16 bit MS-DOS Subsystem
C:\WINDOWS\Sysvxd.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0550 IP:06d0 OP:63 6f 6c 6f 72 Choose 'Close' to terminate the application.Click to expand...

In my ignorance, I laughed and thought how funny, spyware that crashes.

Before I could start trying to do anything my blog was hacked with an invisible iframe redirect. (Remember, I thought the thing was harmless because it crashed. ) Fortunately my webhost took care of it for me. I don't remember the site it redirected to but I can find it in my emails if you need it.

Then I started getting an alert from my spyware software regarding E-mail attachments. The message cautioned it could just be a firewall issue but since I was not actively logged in to my email and I don't use Outlook, it seemed ominous and probably related to whatever evil thing I appear to have been infected with.

I had been planning on setting up a home network and getting high speed Inte... Read more

A:Something Evil on my machine - please help

This is simply a shameless bump in the hopes that someone will see this thread who might just know what I need to do to fix this.

BTW, I've tried deleting the Sysvxd.exe file and it just comes back anyway.
 

1 more replies
Answer Match 36.54%

i'm new to the site and I downloaded the hijackthis program and ran a scan on my computer (i think i did it right)

anyways, here's what's going on with my computer. A couple of days ago i couldn't access the yahoo messenger, then the SBC Yahoo Browser log in window won't pop up, and now the task manager is disabled (i think that's the window that you press ctrl + alt + delete for) so if anyone can help me out that would be really great.


logfile of HijackThis v1.99.1
Scan saved at 8:00:40 PM, on 12/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\... Read more

More replies
Answer Match 36.54%

Have an old Lexmark 1100 which is wonderful but no longer fully ejects pages. Replaced it with a Lexmark Z23. It is currently unplugged and not the default because I bought a black and white laser (Brother MFC-4800, I love it!). I would like to keep the Z23 installed for my infrequent color printing needs, however...

Any ideas how to clear it out of active memory? I have LexStart unchecked in msconfig startup, but something still loads. However, even after I end the running process by using Ctrl-Alt-Del, HijackThis still finds this running:
C:\WINDOWS\SYSTEM\LEXBCES.EXE

The Z23 sucks up all kinds of memory while running, I know there are gazillions of files taking up space to run it. I print a lot of 40-page PDF files, and had to reboot the computer and print with nothing else running in order to print correctly.

Is it running from the registry? Is there any way to lasso this printer down and make it behave short of uninstalling it?
 

More replies
Answer Match 36.54%

Hello great folk of Techsupportforum,
Please help me rid my computer of evil!

Sheer evil has taken control of my lovely computer and I would like to be rid of its unholy infestation, known only as ... malware.

Thank you good people of TechSupportForum, may you be blessed eternally by god and fed good wine and given beautiful maidens.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 23:13:59, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\dx3jhnet.exe
C:\WINDOWS\System32\netlocca.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vgames.co.il/
R0 - HKLM\Software\Microsoft\Inter... Read more

A:Please help me rid my comp of evil

Hello

Start Hijackthis Scan and place a check next to these items If there.

O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs: confdbg.dll dbgstat.dll confifc.dll ifcstat.dll sgdqfuod.dll pns6klale4.dll msdmquer.dll e1.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
====================================
Hit fix checked and close Hijackthis.(disregard the hijackthis error)
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a panda online scan report:
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2


Download
Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized
and extra.txt <-this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please
... Read more

2 more replies
Answer Match 36.54%

How in the hell can i permanently rid my computer of Stickey keys/Filter keys.....That program is just sooo ...if other see use from it, killer...it just makes me veryt very angry...how can i getr rid of it?
 

A:Help me rid evil from our computers.

Ratbear

Please refrain from swearing, even with the use of *'s

eddie
 

1 more replies
Answer Match 36.54%

here is a question......what has to be done in order to make the beyond good and evil work on a vista 64 bit. It install and after a few minutes into the installation it quits and when i go into the drive i have installed it doesn't show. I'm guessing it got reverted back or it got deleted automatically. any thoughts on how to get this fixed?????

A:Beyond good and evil

Hi pyronox,

Have you tried using the compatibility options found by right-clicking the setup file and going Properties> Compatibility ?

3 more replies
Answer Match 36.54%

to get me to buy Vista? After a power outage my PC is very slow, possibly this is the first shut down since SP3 was intalled. Going to formant clean install SP2 tonight if there is time to save a few things first.

I see a lot of other ppl saying SP3 made them miserable, slowed PC and in general did not like it?
 

A:Is XP SP3 an evil ploy....

8 more replies
Answer Match 36.54%

Ok so maybe not but Im lost on this .... Im in the process of making a new computer and and the hard drive I got is a sata 3 80gig maxtor just to start out with till I get some more money ..
well Windows xp does not detect it on boot up -.- .... I read a whole bunch of stuff saying that you have to get the drivers and put them on a floppy and all ... well I dont have a floppy... none of my computers have floppys , I personally think they need to come up with a better solution and get out of the dark ages..... So then I tryed something called slipstreaming , to no avail and I finally resorted to just putting the hard drive in my dell ( yes dont laugh -.- ) ... which already uses a sata drive and install it from there , but it doesnt even detect it ... Not even when the computers fully booted up..
What options are out there ? I just need to get Windows xp on the sata drive so it works on my new computer ...
Any help would be great , thanks!
 

More replies
Answer Match 36.54%

I really need your help with this one guys, I've had spyware on my pc before, but this is unlike anything I'd ever seen.

A couple of days ago I started getting popups from "adnetserver" and "ad yield manager", and my access to many (but not all) sites was suddenly blocked (there wasn't even an error message, the browser just endlessly waited for a reply). Furthermore, the text in the sited I did have access to started to appear only in bold letters (in both firefox and IE). After running various anti virus and anti spyware programs, running them again in safe mode, installing service pack 3, and running them again, the popupps are gone, but my internet access is still blocked (it's not a connection problem, my other computer works fine).

This situation is incredibly frustrating and your help would be most appreciated.

my main.txt log:

Deckard's System Scanner v20071014.68
Run by user1 on 2008-06-28 02:12:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-28 00:12:47 UTC - RP1219 - Deckard's System Scanner Restore Point
3: 2008-06-27 03:23:52 UTC - RP1218 - System Checkpoint
2: 2008-06-25 22:34:09 UTC - RP1217 - Installed SUPERAntiSpyware Free Edition
1: 2008-06-25 00:55:50 UTC - RP121... Read more

A:Truly evil malware, please help

Hi anubis270,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Since it has been awhile, I'd like you to run DSS.exe (Deckard's System Scanner) again and post the results of main.txt

12 more replies
Answer Match 36.54%

is this how you do it?i think its virtumonde,but idkmy internet is slow and i get pop upsalso when i run spybot it tells me that i have a virus in a registry key and when i reboot it still cant fix it,it just keeps saying to reboot.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:12:10 PM, on 12/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Compaq\Easy Access Button Support\StartEAK.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXEC:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXEC:\COMPAQ\CPQINET\CPQInet.exeC:\Compaq\EAKDRV\... Read more

A:Evil Smitfraud

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dg1167My name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerIt appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.Avira AntiVir Personal Edition Classic http://www.free-av.com/AVG7 Free Edition Antivirus:http://free.grisoft.com/filedir/inst/avg75free_503a1171.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeWith you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.You may be behind a hardware firewall(Router/NAT),but it would'nt hurt to install a third party software firewall to henhance protection.A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic. That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any ... Read more

9 more replies
Answer Match 36.54%

Hi,

When I shut down my computer, it would turn itself back on in about 5 minutes. What is wrong with it? And how do I solve it?
 

A:Evil PC: Turns on by itself!

The power is started by momentary short of two contacts on MB.

Wired to Button.

Pull front panel and check button for foreign object.

Chase the button wires to the MB and check for foreign object.

The Bios only has a Daily setting.
 

1 more replies
Answer Match 36.54%

Hi !

I've been looking for a soltuion for this problem for a long time now...

i Formated my PC so many time that i don't even know how many exactly

It's what i think a RANDOM BSOD, cuz it happens either when i am gaming or simply idle in the desktop (most of the times when i am about to win the match in league of legends... )

anyway here r my .dmp and i hope someone can help me

PS: I tried to solve this problem a long time ago in this forum... but nothing worked out... and since i didn't want to disturb you guys any longer i tried to "cope" with the problem... but i can't anymore... it's driving me crazy !
 

More replies
Answer Match 36.54%

When I am on AOL typing or clicking links it pops up and knocks me offline. Could something be wrong with the file, outdated, corrupted, something?
 

A:mshtml.dll is evil

7 more replies
Answer Match 36.54%

Well lets start out with the whole story...

I was playing a MMORPG(EverCrack) and boom ! Outta no where the screen goes blank but the PC is still running. My emidiate though was "Ahh crap, there goes my video card". I test a few things out and then im pretty sure it is so off i run to the store. Look around and decide "What the heck, im planning on upgrading my computer anyways." so i went ahead and spent $200 on a ATI 9800pro. Run home, throw the card in and still no video on the screen. After getting over the fact that I just spent $200 dollars when I could have spent it later, I do some more testing and find out the first video card is still good. So then i think "Well its got to be my motherboard." so I get online and buy a new motherboard from newegg(Which I have to admit is a AWSOME site, highly recommended). Wait a few days, get it in the mail and then throw it in there. Still, NOTHING !

And that is where I am now. What I am woundering is, could it possibly be my power supply causing the picture on the screen to not show up. Now when I say that the picture doesnt show up I mean it doesnt show up. It is like the Monitor is in powersave and instead of the green on light it has the yellow idle light.

I know it is not my Monitor because i tested another comp on it. I know it is not my CPU because I put that in another system. Not sure about the RAM but i highly doubt it but hey, as far as i know it could be the CASE ?!?!?!?

Any help would ... Read more

A:Exhausted... PC gone evil !

11 more replies
Answer Match 36.12%

I think I got the new Cool Web that is a major pain to remove. Can someone walk me thru the procedures.
Thanks
Andrew

Logfile of HijackThis v1.97.7
Scan saved at 08:10:30 AM, on 05/20/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\podkm.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res:... Read more

A:[Solved] Evil Cool Web has Me!!!!!!

16 more replies
Answer Match 36.12%

ok so heres my problem.every time i Logon to my computer there are 3 URL shortcuts that would take me to a so called anti-virus site, and most likely download some sort of Trojan or other sort of virus.also i get annoying "windows pop-ups" telling me i have a virus that also sometimes open a URL that tries to download a Trojan.when i run ComboFix it fixes the problem for a while but opon restart everything is back.COMBO FIX LOGComboFix 08-02-25.2 - Steven 2008-02-27 20:57:59.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1455 [GMT -8:00]Running from: C:\Documents and Settings\Steven\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Steven\Desktop\Error Cleaner.urlC:\Documents and Settings\Steven\Desktop\Privacy Protector.urlC:\Documents and Settings\Steven\Desktop\Spyware&Malware Protection.urlC:\Documents and Settings\Steven\Favorites\Error Cleaner.urlC:\Documents and Settings\Steven\Favorites\Privacy Protector.urlC:\Documents and Settings\Steven\Favorites\Spyware&Malware Protection.url.((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))).2008-02-27 19:55 . 2008-02-27 19:55 <DIR> d-------- C:\Program Files\Common Files\... Read more

A:Popups And Evil Url Shortcuts

to BC magicalmonkeyguy,Combofix is a powerful tool intended by its creator to be used under the direction of an expert, NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.Please follow the directions in this guide. If you cannot do a step, then skip it and go to the next. Then create an HJT log, you will find the directions in Step 9 of the guide.Create a new topic in the HJT forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work. Paste in your HJT log being sure to include the Top Portion of the log which lists the version information.After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.When you have created your new thread, please post the link to your HJT thread as a reply to this thread so we know you are receiving help from the HJT team.Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in ... Read more

3 more replies
Answer Match 36.12%

The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates. The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines. Source Information from HMOS Defense Those who have the current patch are safe from this threat!

More replies
Answer Match 36.12%

I'm going to make this long story as small as I can. I have Windows XP. I have had ACT! 2006 installed for over three months now. Suddenly I started getting errors only with this program, and just when starting it that had to do with the SQL server. This was five days ago. It occurred when I attempted to open the program. I attempted to delete it to reinstall it (Thank goodness I had already created a backup of my customer information.) Twenty different errors later, five delted Trojans later, and over 50 hours of dealing with this, in addition to paying for a tech to come out (who hadn't a single idea WHAT he was doing), here's the errors that I'm getting still:

When installing ACT! 2006: "Setup failed to configure the server" then an additional underlying error that stated "Error 1603 Fatal Error During Install." I've searched through every engine, and done nearly everything from looking through registries, to going through ACT! support and doing everything that it said there, but I'm still having the same problem.

PLEASE HELP ME! This is going to drive me insane! I need this program, and I need your help!

A:ACT! Trojans, you evil computer...you.

I think your best bet is to run the ACT "Repair" option. I'm pretty sure you find it at Start>Control Panel>Add/Remove Programs, but it may be in one of the tabs of the Act "Main" Window.

If that fails, if you can't find it or if I am misremembering and it doesn't exist, I DO remember that it is is fairly simple to uninstall and then reinstall ACT. Make sure you have your data files backed-up and moved to a different location. I'm pretty sure the ACT reinstall doesn't overwrite the existing data files, but you want it backed up somewhere else just in case.

All of this is assuming that you are malware-free. If you are not, you should verify that you are, as any thing you do before becoming malware-free is (or coudl be) a waste of even more time.

Also, you should now have a good understanding of what possible vector your malware got on-board, meaning no firewall ? no/inadequate AV solution ? obsolete virus definition files ? uneducated/irresponsible users doing risky things such as file-sharing, surfing risky internet sites, etc...

Only part of your focus should be regaining functionality, the other part is insuring that the situation does not repeat itself.

3 more replies
Answer Match 36.12%

a benchmark of resident evil 5 including gameplay footage is available , looks nice , one for the left4dead fans i think

Patches and Fixes: Resident Evil 5 Benchmark - Demo Movie Patch Download Section - GamersHell.com

I took a quick screenie..........

A:resident evil 5 benchmark

I cant wait to play this!

2 more replies
Answer Match 36.12%

Can someone help get rid of Klounada which has hijacked my homepage. I have tried ad-aware, spy-bot and cswshredder to no success..

Logfile of HijackThis v1.97.7
Scan saved at 6:43:23 PM, on 5/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\AOLFIX.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\EPOAGENT\NAIMAS32.EXE
C:\EPOAGENT\NAIMAG32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\DLLHELP.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIM... Read more

A:Evil Klounada Hijacker

7 more replies
Answer Match 36.12%

I just brought one and was wondering, How many were made in total?
 

More replies
Answer Match 36.12%

hay, i want to play resident evil 5 coop on pc , on same network but i cant find other pc,, does anyone have solution?
 

A:resident evil 5 coop

Hi and welcome to TSG.

I can't actually check these links on my work internet as they are all blocked, but some of them may provide some useful info on setting it up.

http://www.gamespot.com/ps3/adventure/residentevil5/show_msgs.php

http://windows7themes.net/how-to-play-resident-evil-5-co-op.html
 

2 more replies
Answer Match 36.12%

Hey all,

I am having an issue getting two computers to properly see the other on the network. If I set the permissions to everyone, I can successfully connect to the share but I do not want to use the everyone permission because there is another computer on the network I do not want having access to the pc. I have created identical user accounts on both computers and it still won't let me in. They are in the same workgroup and I am not using a domain. I know I am missing a step somewhere but I can't put two and two together. Its something to do with the local computers name and the username combination but I can not remember. Eg: computername\username

Helllppp!
 

A:Solved: Evil Permissions and XP Pro.

13 more replies
Answer Match 36.12%

Hi

I just made a 30ft LAN cable and works great with my xbox, BUT don't work with any of my computers. I have the cable connected trought a switch, I change directly to my cable modem and do the same

I use this combination on both sides

white orange
orange
white green
blue
white blue
green
white brown
brown
 

A:Solved: Evil Lan Cable

Reset to the modem and switch resolve the problem
 

1 more replies
Answer Match 36.12%

Hello!

As bad as virii are, I am convinced that spyware does far more harm than any virus!

I just finished nuking a HDD on a computer that a newbie friend bought used. I spent an hour uninstalling spyware, then loaded Ad-aware. It found 218 instances of spyware, including dozens belonging to Comet Cursor. Other familiar heavy weights included cydoor, newdot (Grrr!) and gator. After hours of fighting the good fight I gave in and formatted. The internet connection was dead (winsock?).

I've had several friends complain about sluggish computers. Every time I have found the above nasty items, among others.

Spread the word! Scan for spyware! Tell everybody you know to protect themselves, and how. I bet there's millions of people out there that have iron clad firewalls and AV protection, yet have spyware in thier systems...
 

A:Spyware- The Greatest Evil

6 more replies
Answer Match 36.12%

I am having some problems with prompts within templates I have created. Whenever I open a document that was created with a template, the header prompt always pops up; even though its already filled in...
any help?
 

More replies
Answer Match 36.12%

Who can help remover this evil thing....
 rsvepifhsys.png   26.51KB
  9 downloadsDDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Monique at 20:06:18,08 on ma 04-10-2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3327.2079 [GMT 2:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\amBX\System\amBX_Service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Nero\... Read more

A:Who can help remover this evil thing....

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 36.12%

Hey there, I have a question if anyone has an opinion please feel free to respond. My other computer is infested with evil trojans named QLowZones-2.gen and Downloader-ME.dr Which in turn they have installed at least 47 (yes 47! at last count) other adware, malware & whatnot on the poor defenseless machine. My fault for it being defenseless.
I did a manual remove in safe mode, but it didn't work. It all just keeps coming back. I used SpyBot, but it still came back. I tried to download Ad-Aware but I keep getting Page Not Found on the good computer.
So my question is - if I reformat will it rid the evil demons? I'll make sure to use a firewall & all this time.

A:Evil Spyware & Hijackers

You might want to try some other programs first. I'd recommend trial versions of CounterSpy and SpySweeper. You could also try downloading Ad-Aware from a different website, download.com and majorgeeks.com both have it. If you still don't have a firewall you should download one immediately, even though you're already infected.

4 more replies
Answer Match 36.12%

I am having a problem getting to certian sites (i.e. paypal, etc.) I type it in and up pops orbit (C:\WINDOWS\trchdrssjjlj.htm#http://www.paypal.com/) with something like this in the address bar.

I am clueless on how to get this silliness to stop so any help will be very much appreciated!

TobosBunny
(aka Lisa)
 

A:Evil Orbit and getting to some sites

Logfile of HijackThis v1.93.0
Scan saved at 10:46:33 AM, on 4/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l11037.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.roadrunner.com/v5/home/0,1793,29,00.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.roadrunner.com/v5/home/0,1793,29,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l11037.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.alienware.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9633c13d-85bb-4271-83c1-f22bc2938585} - C:\DOCUME~1\RANDYC~1.000\APPLIC~1\kstilypsm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Incredi... Read more

2 more replies
Answer Match 36.12%

Despite having cleaned with each of the big four spyware progs, having NAV 2005 on this machine, Access_Control dialer keeps finding its way onto this machine, over and over again. When it recurs, there is always a history line indicating that my browser somehow called out to this link: http://www.02kmky1xgzbmsdfx.<diabled>com/Common/module.php?asked_billing_id=2&login=5000462&mediaid=02600000&r=1&cache_mode=0 . I stuck <disabled> in there in case somebody foolishly were to click the hyperlink.

Thia page installs the Access_Control dialer. I'd appreciate some help. Here is my hijackthis log:

MANY Thanks!
-Steve

Logfile of HijackThis v1.99.1
Scan saved at 11:11:19 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE
C:\WIND... Read more

A:EVIL Access_Control keeps recurring!

Hi stevepeck1, Welcome to TSG!!
Run HJT again and put a check in the following:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://locator03.01com.com/cgitunn...p/iitloader.cab

Close all applications and browser windows before you click "fix checked".
Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel ... Read more

1 more replies
Answer Match 36.12%

whenever i opened word with norton installed, it took about 5 minutes to load. because norton checked the documents? i deleted it for various reasons and now whenever i open word (even a new doc) it gives an error message "norton was not properly installed, please uninstall and reinstall" even though it is not on my computer, no systemtech software or whatever the manufacturer of it is. i can still open it after holding control and clicking random buttons and it opens. can u change norton trying to open with word?

A:stopping the evil norton

Err ummmm Do I understand you correctly??

Have you uninstalled/deleted Norton??

How did you do this??

If you did it through "Add remove programes" then Norton will not be fully removed from your system.

To fully remove Norton you need the Norton removal tool.

http://service1.symantec.com/SUPPORT...05033108162039

Once done feel free to choose any other antivirus software. But be advised that you realy should have some antivius installed.

Running without Antivirus is a bad plan!!!

5 more replies