Tech Problem Aggregator

Suspected Spyware. All programs reverted to default settings.

Q: Suspected Spyware. All programs reverted to default settings.

Hi. I seem to have got a virus. Any program I use seems to have reverted back to it's default seetings. In photoshop CS2 I lost all the colour settings. When I try to restore the previous settings I now only have a choice of 4. Before there was about 30. I scanned with XoftSpySE and it found Deskbar.exe and secondthought. I have this file secondthought now for several weeks. It always shows up on XoftSpySE. Every time I remove t but it always comes back when I restart my Computer. Do I need to re-install Photoshop to get my colour settings. Do I still have spyware on the computer. Below is the Hijack Logfile.
Cheers
Enda

Logfile of HijackThis v1.99.1
Scan saved at 20:44:18, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Winzip\WZQKPICK.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AutoMailChecker] "C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe"
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe" /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\Winzip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.kodakgallery.com
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

More replies
Answer Match 86.52%

Right. My folder settings return to default after changing them. (Returns to default instantaneously.) For example, I tick "Show hidden files and folder blabla" after clicking "Apply" It goes back to "Do not show hidden files and folders blablabla". Please help.

Oh and, when I'm opening "C:\" in My Computer, it opens in another window.

How to fix 'em?

A:My folder settings get reverted/return to default!

Hi hotwater, and welcome to TSF.

We need some details about what software you are running.

Please click on the link below, follow the instructions to download and post back details.


Use Belarc Advisor it builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.
NOTE: When providing this information please remove any licenses, listed in the results.

3 more replies
Answer Match 85.26%

I am fixing someones PC now, I keep getting an issue that the changes that are being made to the PC get reverted back once the PC is rebooted. It reminds me of something that happens when you log in in school (or library), and once you log out the PC goes back to default settings. What can cause this? Or what software can cause this?

No bookmarks, no downloaded pictures, no preferences, nothing...
 

A:Computer settings are being reverted after a restart back to default

You're not giving us much to work with!



I keep getting an issue that the changes that are being made to the PC get reverted back once the PC is rebooted.Click to expand...

What type of changes?
What operating system?
Are you getting any error messages? What?
 

3 more replies
Answer Match 65.1%

So, the hard drive in my computer failed and I cannot (obviously) load Windows 7 OS because the disk is failed, and I did not make a backup. How can I reinstall the factory default settings and programs and the pre-installed operating system?

A:Factory reset to default programs/settings/OS on L...

Hi,
 
Absent user-made recovery media the only way to get back to factory state is to order media from support.  Phone # below.
 
You can get pretty close if you can beg or borrow Microsoft Win 7 install media and follow that with ThinkVantage System Update.  TVSU will download and install the drivers and apps appropriate to your machine.  You won't have an on-disk recovery partition and may lack a few 3rd-party licensed apps (media players maybe).
 
Z.
 

THINK-branded PC products
English, French 1-800-565-3344
24 hours a day Monday - Sunday

5 more replies
Answer Match 64.26%

My computer suddenly stopped detecting my webcam, and in trying to solve the problem, I deleted the driver. I cannot find any place online where I can restore the driver (a Bison NB Pro built into an MSI laptop). I'm tempted to restore the computer to its default settings, but I'd like to know first if that will restore the camera's driver.

Does anyone know if this will work?

Thank you for your help
 

A:Will reverting to default settings restore deleted programs?

16 more replies
Answer Match 64.26%

I have gone into settings in my Windows 10 and changed the default music player from groove music to windows media player. But when I click on music files, it automatically starts playing in Groove and NOT windows media player. I have restarted Windows several times with the same results.
What is going on?

A:Windows 10 will not obey the system settings for default programs

Hi, not sure if I can help but have you changed the media player for all types of music files? As well as selecting the default player you may have to deliberately change the player for the specific file type in "Choose default app for each file type". This option is found at the bottom of the default apps screen or by typing it into the search bar.

0 more replies
Answer Match 64.26%

Hey, I downloaded a custom icon pack which replaces the original ones with Vista. After installing it, I got most of them to work BUT most of the folder icons are reverted back to Vista's default. If I delete the thumbnail cache and refresh my folders, the new icons are shown for about 2 seconds before reverting back to the default.

This only seems to happen if I set the folder display size to Medium/Large/etc, but if I set it to Small I can see the tiny version of the folder's custom icon properly.

Below is an example of one folder using a new icon and the rest reverting to the default:
Anyone know why this is happening and how I can fix it? I've tried repairing/restructuring the thumbnail cache, etc, but that doesn't seem to be the problem.
 

A:Custom folder icons are reverted to default

anyone?
 

1 more replies
Answer Match 63.84%

Hi, well first of all the reason I changed it was because I tried to optimize (my mistake) by reducing it. My router is set to 1365 MTU manually after a support tech from Linksys asked me to change it for a previous problem. I used the "netsh interface ipv4 set subinterface "Wireless Network connection" mtu=nnnn store=persistent" command to change it around to find what MTU Windows uses automatically. It was set at 1500 (for both LAN and WLAN). I set the WLAN to 1365 to see how it would perform, didn't see a noticable change I believe so I switched back. Now I see a slight lag when loading sites. I also compared the time against another pc that I did not tamper with (which by default was set to 1500) and that one worked normally.

I fear I may have overridden Windows defaults for handling MTU since after manually setting it to 1500 (was originally 1500 when it was untouched) it lags a little. For the time being I set it to 1365 to get the performance that I normally got with default settings.

My question is if it's possible to get the original performance back with the MTU set back to what it was originally (1500)?

Also I learned my lesson and won't be trying to change settings without first making sure they are completely reversible. Also I'd like to do this without using System Restore.

Thanks in advance.

A:Changed MTU size, reverted back to default, noticable lag now

What browser do you use.

2 more replies
Answer Match 63.42%

Hey guys I have a weird problem here, my computer reverted it's settings like the day after reformatting it which was 2 weeks ago, don't know why. My installed applications still here but the desktop shortcuts, pinned programs in the taskbar are missing, browsers are still here but the history, cache, add-ons, extensions and every settings for the browsers are deleted, it's like a newly installed one. Also a weird problem with the theme, currently on safe mode (just wanted to go to safe mode), my theme is like Windows XP, don't know that status in normal mode yet. Also before I can get to the desktop, it say's "Welcome" and then after that, this word appeared "Preparing your Desktop". I didn't do anything that will restore the PC to the date of reformatting it.

Edit: I know the reason, my PC did a system recover not restore without my interaction or anyone's interaction, what I did earlier was, plug the cables to the socket, turn on the PC and then selected safe mode (just wanted), while loading files, I went away for a while (don't know what's happening), after coming back, it was on the desktop, noticed shortcuts are missing but files are still there (working), restarted it, noticed that the "Preparing your Desktop" is appearing on the welcome screen. Will do system restore now, and see if every settings, files, etc., is restored, if it works, I need to know what caused my PC to do a system recover without my interaction or anyone's interactio... Read more

A:Computer reverted it's settings like the day after reformatting it.

Ok, just a sitrep, I'm on normal mode now, every setting and shortcuts are restored thanks to system restore, now I only need to know is why recovery manager did it's job without my interaction or anyones interaction.

9 more replies
Answer Match 63%

OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: AMD Turion(tm) 64 X2 TL-58, x64 Family 15 Model 104 Stepping 1
Processor Count: 2
RAM: 1982 Mb
Graphics Card: NVIDIA GeForce 7150M / nForce 630M, 64 Mb
Hard Drives: C: Total - 228165 MB, Free - 75865 MB; D: Total - 10307 MB, Free - 1105 MB;
Motherboard: Wistron, 30D6, 81.51

My laptop appears to have defaulted to its factory settings. All of my personal settings have been deleted and while all the programs I had downloaded remain, when opened they act as if I have never before used them. There even appear to be programs that I had previously downloaded and deleted back on my system. I initially thought all my documents, music, pictures, etc. had been deleted, but it seems a new user folder called TEMP was created and has become the default rather than the user folder I had previously been using.

The last time I used my computer before this happened I didn't do anything differently. I haven't downloaded any new programs, certainly haven't installed any hardware, or anything like that in months. I usually just use my computer for Office and the Internet which made me initially fear a virus. It had been on sleep mode for about 24 hours, however, which is unusually lengthy for me. I called my local comp tech place, and the guy on the phone seemed to think it was a hardware issue, but he said it would be a week before I could get my computer back and I can't aff... Read more

A:Vista reverted to factory settings - sort of

7 more replies
Answer Match 61.32%

I had something strange happen on one of my laptops couple a days ago.

I opened it up. I'm on XP. The first thing I noticed was that my Show Desktop icon in the bottom quick-launch bar was missing. Other icons were all there.

Next I opened Google Chrome, and the bookmarks bar was gone and my start pages had been replaced with the standard "new tab" page that you see when you click open a new tab (big icons for Chrome Web Store, Gmail, Youtube, Google search). I also noticed that a Skype button had been added at top right next to Settings icon.

The next thing I saw was that when opening up MS Word or Excel, I get a dialog box that says Windows is installing something or other, to insert the disk. At another point it asked in a dialog box to enter my name (first box) and initials (second box). I don't remember seeing that one before. Initials?

Skype was logged out, it's normally set to sign in automatically. My username and password were not in the sign-in box, those were blank.

Firefox seemed unaffected.

Hoping there's a simple standard explanation for this kind of strangeness.

A:Some programs reverted to start-out state

Hello, can you return the PC to a date prior to when this started and see how it is?See Windows XP System Restore Guide

1 more replies
Answer Match 59.64%

Hi, I went to set a program as a default and I saw these 2 browsers icons I had but I uninstalled them and the shortcuts are still there so how can I remove them? Thanks in advanced

A:Icons in Control Panel\Programs\Default Programs\Set Default Programs

Uninstall your browsers using Revo Uninstaller. Use advanced mode.

4 more replies
Answer Match 55.86%

UPDATE: I went into themes and everything is greyed out except the basic old themes. I tried find and fix problems for aero themes display but it didn't come up with anything... when looking through google I see things about updating registry entries but I'm not sure I should be doing that based on google suggestions with my luck.

Windows did an update and now my system looks like its running an older version of windows...see attached picture. If I do a system restore to before the update I can get it running like it should again, but there should be a way to fix this without the restore, I just can't figure it out. Any ideas

I'm also getting errors about not being able to log into the windows system to check for updates when I start the computer, not sure if this has anything to do with it.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 5941 Mb
Graphics Card: ATI Mobility Radeon HD 5470, 512 Mb
Hard Drives: C: Total - 929856 MB, Free - 321100 MB; D: Total - 23708 MB, Free - 3462 MB; E: Total - 98 MB, Free - 89 MB; H: Total - 953865 MB, Free - 201609 MB; I: Total - 1907725 MB, Free - 71590 MB; J: Total - 2861554 MB, Free - 1498342 MB; K: Total - 1430795 MB, Free - 427986 MB; L: Total - 3815413 MB, Free - 621652 MB; N: Total - 2861554 MB, Free - 866085 MB;
Motherboar... Read more

A:Windows update reverted my system settings to old version of windows

looks like it is set to best performance. i do this all the time, go to the start menu and type performance, then choose adjust performance settings. set it to adjust for best appearance. see if that works.
 

14 more replies
Answer Match 53.76%

Hi,
Yeah, you may think this seems like just a normal message from oc'ing too much, but a problem-I haven't overclocked anything! It booted to that point, then my hard drive went mad clicking and crashed. This was after it being turned on and off to see if my graphics card was booting because I had no video, but it turned out I had just been downright stupid and plugged it into the onboard graphics. Anyone know what could have happened? Thanks

P.S. would the power drawing thing (molex on my case fan) need to have a seperate connector or just draw power from another device? Thanks.
 

A:'Previous overclock settings failed, default settings enabled'

If this happens just once then I wouldn't worry about it too much but the PSU or HDD could have something to do with it.

You can connect a molex connector fan to its own power connector or you can put it on an optical drive's connector for example, but it's ok to do either as they don't use much power.
 

9 more replies
Answer Match 50.82%

Hello everyone,

I'm currently having an issue accessing many of the files on my computer. I suspect a permissions problem.

Due to performance issues (as well as a problem with creating and keeping System Restore points), I recently did a clean re-install of Windows 7 (restored my Toshiba Satellite to out-of-the-box state).

After that, I restored all of my personal files from an external HD (WD Passport).

However, now I'm unable to open many of my files.

I initially ran into this problem when trying to open many of the sheet music PDF files I have stored in my Music folder. After seeking help in the Adobe Reader forum, someone directed me to this link: Learn How to Take or Assign Ownership of Files and Folders

This started to get me on the right track. I followed the directions there, but it didn't do the whole job. Instead, I also did this:

Right click on "Music" > Properties > Sharing Tab > "Share..."

This opened another window ("Choose people to share with"). There was only one name listed--Lauren S. with Permission Level of "Owner." I didn't add anything, only clicked "Share" at the bottom of the window. Somehow this gave me access to the files in my Music folder.

My big problem is that I can't seem to replicate this success with any of my other folders. For instance, I can't open ANYTHING (pdf, doc, odt, txt, etc.) contained in my Documents folder. Trying to follow the same steps didn... Read more

A:Suspected Permissions problem after restoring to Factory Settings

Well, I seem to have come across something that fixed my issue in part.

Through the CMD prompt, I entered the following:
icacls "C:\Users\MY NAME\My Documents\EACH SUBFOLDER" /reset /t

I'm not sure why, but I couldn't do this just for "My Documents." It only worked if I did each subfolder individually.

Since my original post, I also discovered I couldn't open anything in "My Pictures" either.

The above command prompt didn't work for the general "My Pictures" folder, and before resigning myself to typing it for every subfolder, I decided to screw around in the Properties tab and figured out a solution through sheer dumb luck.

I can't say precisely what I did, but it was something like this:

Right Click on "My Pictures" > Properties > Security > Advanced

Once here, I cleared "Include inheritable permissions from this object's parent" and somehow deleted all the users listed under the "Permission entries" list

Somewhere in here, I got some scary looking boxes that popped up with warning about users and permissions, but after several hours of dealing with this nonsense, I was just like, "F*** it, let's try," and clicked OK on everything.

After that, I clicked on the "Owner" tab (at this point "Current Owner" had a note that they were unable to display the current owner).
Clicked on "Edit..."> Other Users or groups... > Advanced... > Find Now
F... Read more

1 more replies
Answer Match 50.82%

If an expert could look over this real quick id be really appreciative: Here's my hijackthis log. I'm pretty sure I got something.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-1.net/search.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\PO... Read more

A:Spyware Suspected

7 more replies
Answer Match 50.82%

i suspect my computer is getting smashed by spyware and my computer is compromised. i figure this becuse of the cookies that keep appearing in the temporary internet folders i try deleting them but then they return. Most appear after opening windows live messenger or hotmail this may be because it is usually the first thing i open. cookies such as

doubleclick.net
adsfac.net
atdmt.net
serving-sys.com

and so on here is my HJT log hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:05 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Logitech\G... Read more

More replies
Answer Match 50.82%

I Believe I have spyware on my computer Someone placed a flash drive on my computer and was snooping on it. Could you check my Log File.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:59 PM, on 3/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\MyDefrag v4.2.9\MyDefrag.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program... Read more

A:Suspected Spyware

--
End of file - 14845 bytes
 

1 more replies
Answer Match 50.82%

I have a Laptop that had a bad overheating problem and the computer repair guy said to fix it I'd have to reinstall vista first, and then the free upgrade to windows 7(HP Pavillion DV7. My usb drives are not working, but everything else seems ok. I deleted something called startup toolbar or something similar that was using way too much processing power. PC sti;; cut off like it was overheating. I disassembled and left out some screws, but had a pro reassemble properly. He said he could access the usb ports with a disk he had. He suggested formatting which I can handle, but would rather avoid,

A:Suspected spyware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425314 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

14 more replies
Answer Match 50.82%

Hi, Can you please help me in finding and removing a spyware on win vista home basic PC. The PC is updated except for service pack 2 that has not been applied yet. The spyware seems to have originated from an USB storage drive and probably it is not a common one to be detected by ani spyware. I suspect that the spyware has come into my PC undetected because when I listed the files using command prompt on the USB there were two files named Secret.exe and and another file named like ihu64.exe. But after listing the directory these files were not seen again spontaneously. These files were not removed by any anti virus since there was no notification for the same. I think some trojan/spyware is installed on my PC without me being able to track it down. I have tried latest versions of mcafee,symantec,spybot,mbam,windefendr etc. to track it - but they do not find anything. Here is the Trend micro hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:00:41 PM, on 26-07-2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\... Read more

A:Suspected spyware on PC

There are a few more activities on my computer that I do not understand.

The sophos rootkit detection tells that i have stpd.sys and stpddrv1.sys in c:\windows\system32\drivers which could be wrong. the stpd.sys is constantly in use so i cannot send it to any place for virus detection

The c:\windows\system32\msfeedssync.exe keeps changing itself (without windows update in progress) and it keeps modifying its scheduled start time (this was found through the mcafee system guard change detection)

gmer produces a too huge log to understand by me!

i tried to run housecall online scan from trend micro but it fails to run on my machine.

it would be nice if someone has time to suggest what i could do

3 more replies
Answer Match 50.4%

I don't really know what happened or how to fix things, so I would really appreciate your help!

I downloaded a .exe file that I 75% trust with uTorrent while I was away from the computer. Upon returning, I saw a message that Panda antivirus security had blocked some form of traffic, but I can't recall the exact message.

When I tried to open the finished .exe torrent, the computer slowed down and uTorrent wasn't responding so I pressed ctrl+alt+delete to open the menu for the task manager.

When the blue task manager screen did not come up, I can't remember if I tried to open the .exe file again or if I opened Firefox via the quicklaunch shortcut on the bottom left taskbar.

At this point, I believe Mozilla firefox would not open, and an error messege came up saying "firefox is an invalid torrent file." All three program icons in the quicklaunch section had the uTorrent icon. I tried one of them, Yahoo IM, and received the same error.

Since I thought yahoo and firefox were trying to open via uTorrent, I changed firefox's opener program back to firefox by right clicking and selecting "open with."

After this, firefox would open properly, but now every program that had uTorrent's icon then had firefox's icon. Clicking yahoo IM's quicklaunch button caused yahoo IM to try to use firefox as the opener.

I have NO IDEA what is going on and this has never happened before. I have uninstalled the IM and tried to reinstall, but the .exe file provided... Read more

A:Vista default programs/opening programs/major fail problem

Hi and welcome to TSF we cannot help with torrent issues as it is against forum rules I suggest you remove utorrent as it is a easy way to become infected

3 more replies
Answer Match 50.4%

I had a virus or spyware that I resolved. Sorta.. It changed my global proxy settings I since then changed internet explorer and firefox back but the GLOBAL settings are still jacked cuz programs like windows update and msn messanger can not connect now due to this ...alkjshdfoehjwqofaw how do I fix this pls help!!!!

A:Spyware changed my proxy settings now my global settings are messed up

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 50.4%

hi, i'm running windows xp on a really, really old dell dimension with a very wimpy pentium III (something like 445mhz). i never change settings on my computer, but starting a couple days ago certain programs will not open. when i run them i get the hourglass cursor for a second and then nothing. this morning the problem has extended to the sygate firewall, which i normally run at startup, along with Avast!. an updated Avast! scanned my computer for nearly 8 hours last night and found nothing, and ever since installing the latest version of AVG this morning my floppy drive has been trying to read a diskette that's not in it. AVG found and removed two Java viruses (OpenStream and ByteVerify). now it finds nothing. Microworld Antivirus Toolkit found plenty of Adware that I successfully removed last night and now it finds nothing as well. I don't know how else to approach this problem. Oh, I also checked the Security Task Manager for problems and found none.

I made up a HiJack This log for you to see, though I'm not sure there is anything malicious running...

Logfile of HijackThis v1.99.1
Scan saved at 11:03:40 AM, on 3/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Fi... Read more

A:programs won't run, virus suspected

Welcome to TSF.

# Click Start | Settings | Control Panel
# Click the Java Plugin Icon
# Click the Cache tab
# Click the Clear button and click OK to confirm
# Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

You should not have two antivirus programs running on the computer. I would get rid of one of them now just in case you don't remember to remove it later.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a... Read more

1 more replies
Answer Match 49.98%

Hello I have been experiencing some trouble with my internet browser freezing and rare crashes during counter strike and low load times on pc boot up or inbetween shutting down programs etc. I am running on Windows Vists Home Premium edition. Here is the DDS log The attach log did not pop up when dds scan finished I am unsure why but the ARK.txt is zipped and attatched. Any help would be great. Thanks,
Doug

DDS (Ver_09-10-26.01) - NTFSX64
Run by DougiFresh at 22:01:57.49 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3998.1719 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\svchost.exe -k... Read more

A:Suspected Spyware/Adware.

Hi,

There are no obvious signs of malware in your logs but we can do a couple of scans to check.

Please do the following:

Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC Now button
A new window will open...click the Check Now button
Enter your C... Read more

7 more replies
Answer Match 49.98%

Hey guys,
I think I've got some bad malware issues. My browser (firefox) runs extremely slow unless I'm in safe mode. I get error popups on startup and throughout a session at the computer. The .exe errors seem to vary and are mostly located in the windows folder. That's about all I can explore since my computer sometimes restarts itself as well. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:28 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKLM\..\Run: [4420cdeb] rundll32.exe "C:\WINDOWS\... Read more

A:Suspected Malware/spyware

Hi funkapotam0s and welcome to Bleeping Computer.I will be handling your log and helping you to get cleaned up.Please take note of the following:1. Please do not make any system changes yet. as any changes you make may well alter your log.2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.4. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Starbuck

25 more replies
Answer Match 49.98%

ComboFix 09-03-29.04 - Nicole 2009-03-30 10:23:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.530 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 08:44 . 2009-03-30 08:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-30 08:44 . 2009-03-30 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 17:42 . 2009-03-26 17:42 <DIR> d-------- c:\windows\system32\scripting
2009-03-26 17:42 . 2009-03-26 17:42 <DIR> d-------- c:\windows\system32\en
2009-03-26 17:42 . 2009-03-26 17:42 <DIR> d-------- c:\windows\system32\bits
2009-03-26 17:42 . 2009-03-26 17:42 <DIR> d-------- c:\windows\l2schemas
2009-03-26 17:39 . 2009-03-26 17:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 03:00 . 2009-03-20 03:00 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-20 03:00 . 2009-03-20 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-19 11:15 . 2009-03-19 11:15 <DIR> d-------- c:\documents and settings\Nicole\Application Data\Corel
2009-03-19 11:15 . 2009-03-20 ... Read more

A:Please Help Suspected Trojan and Spyware

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please download Malwarebytes' Anti-Malware and save it to a convenient location.Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner ... Read more

1 more replies
Answer Match 49.98%

Hi.

I am trying to clean up my computer as I suspect there maybe some adware/spyware on it. Can someone please take a look at my HijackThis log and tell me if there is anything wrong with it? Also, where can one learn how to read a HijackThis log and figure out whats good and bad in it?

Thanks.
 

A:Suspected Spyware - HijackThis Log

LOL. . .guess I should post the HiJackThis Log! ! ! Sorry, not feeling to well today.

Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 10:38:43 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WI... Read more

3 more replies
Answer Match 49.98%

Hello for the past couple of days my computer has been acting very funny I have a good reason to believe that it was after I went on this website watch-movies.net or somthing like that. During the time in which I was watching "17 Again", All of a sudden my adaware started going crazy saying a I had a trojan keylogger then My computer shut down with error messages stating that its not safe for your computer to be running right now, So I keep on going and scanning on adaware and it says it removes these files Mywebsearch
Win32 Trojan.GENDAL
WIN32 TROJAN.TDSS
WIN32 TR\.\VBIFRAME
WIN32 TROJAN.SPYZBOT
But when I re-scan it comes up again and its always saying doing back ground scan malicious programs detected.. and this kind of scares me because a couple of days before this I had been filing out applications and alot of them require to put in my #SSN... I'm just hoping I didn't have this until I went onto that website because before I went on I frequently check my checking account and do alot with my personal information on here.
I have been trying to re-instal windows but I have no disk drive so I keep on mounting windows using daemon tools and when I re-boot to finish the instal it just has a black blank view... with a flashing "_" In the top left. But since then I have been getting random "IE" Pop ups and I use MFF as my browser.
I read the sticky on how to post about this but I got the dds files but I've tryed to instal HighJackthis and ... Read more

A:Trojan / Spyware Suspected.

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

15 more replies
Answer Match 49.98%

Hi,

I've recently been having some suspicious and very annoying activity on my PC (I'm running Windows XP, sp3). I'm running winpatrol, which keeps alerting me about attempts to add a startup entry called "tufolili.dll,a." I also keep getting warnings from COMODO firewall about various files and registry entries, among them "tufolili.dll." I can get more suspicious file names if you need them, as they pop up periodically.

My computer is also running more slowly and I'm periodically getting pop-up windows with advertisements (ACAI-diet-related, from Amazon.com, for anti-virus software, etc. - I just got one while I was typing this from http://www.thefutoncritic.com/tvnews.html) that look like Firefox windows, although the icon for these windows in the taskbar appears to be a slightly off imitation of the Firefox icon.

I'm not attaching a gmer log because gmer keeps giving me error messages when I run a scan (along the lines of "gmer can't open file [or directory] X at the moment because it is being used by another process"). But I have DSS logs and a hijackthis log, if you need it.

Thanks,
Noah



DDS (Ver_09-10-26.01) - NTFSx86
Run by Noah1 at 23:43:17.95 on Wed 11/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.481 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}... Read more

A:Suspected Trojan / Spyware

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

15 more replies
Answer Match 49.98%

Hi. I am trying to figure out exactly the scope of whats going on my computer but have a good idea that there is most likely a powered keylogger on my computer. Can anyone tell me why I am hearing voices through my computer speakers? I even have the suspects tell me what I am writing or looking at on the computer but any attempts to try and find the original source where it is coming from exactly has not yet been successful. I have good idea where it could be coming from but need to prove it first. As I understand it can be quiet difficult to get the location on a cyber hacker as they can erase their tracks. Also these voices that I hear are still present when I shutdown the computer. Can anyone give me an idea of what I am witnessing? I think this is a really bad case of spyware but I would like someone else to tell me for sure the scope because I am not an advanced computer person. Thanks for your help and time.
 

More replies
Answer Match 49.98%

Can you please analyse my combofix log... I suspect there are some spywares.... Please help

More replies
Answer Match 49.98%

Hello,
I think one of my friends installed a patch to track activity on my PC (or maybe a keylogger).
I have installed Ad-aware and performed a full scan, but nothing showed up. I need to confirm 100% that my PC is clean. (I am using Windows 7).
I need someone to check my hijackthis recoreds carefully & I don't mind paying for his time!

Any help appreciated. Thank you in advance.

A:Spyware infection suspected

Hello, I moved this down one forum to Am I infected.Let's do these and review the logs.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-... Read more

7 more replies
Answer Match 49.98%

Hi,
I have been given a Fujitsu Siemens Amilo M1425 to fix. Now that the hardware part is OK and that I can start Windows again, Avast resident protection appears turned off and refuses to be turned on. A Panda online scan reveals a series of spyware (see log below). Windows Update provided 38 patches and fixes that downloaded fine, but installation failed. Even turning the computer off fails to load the updates when Windows quits. Apart from this, the rest of the five steps routine has been conducted successfully.
Help would be most appreciated...
Thanks.



Deckard's System Scanner v20071014.68
Run by Fuji on 2007-12-14 22:59:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-12-14 21:59:39 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2007-12-14 21:57:00 UTC - RP8 - Software Distribution Service 3.0
7: 2007-12-14 21:54:03 UTC - RP7 - Software Distribution Service 3.0
6: 2007-12-14 21:44:10 UTC - RP6 - Software Distribution Service 3.0
5: 2007-12-14 21:42:46 UTC - RP5 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-14 17:55:51 UTC - RP1 - Point de v?rification syst?me


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Fuji.exe) ---------... Read more

A:Suspected spyware presence

Hi kouye -

Not sure if this will address all the issues, but I do see something which needs to be removed.

As far as the Panda scan goes, most of those are cookies.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode... Read more

15 more replies
Answer Match 49.98%

Hi, am having several problems with my pc, firstly every time I try to install or run a program I get an IE error, IE has encountered an error and cannot continue. When I try to open IE it won't open, takes several attempts to open it from shortcut on desktop. When trying to go to a kids wallpapers site had another window open which had porn etc on it, I have run all virus scans on my pc and during these scans IE encountered a problem and the scan stops, have used spybot, finds nothing, housecall has not completed due to IE errors. Tried to do Norton online and bitdefender online and both stop due to the IE errors. I have saved a file of the log and am new to this so hope I have done so correctly Any help would be HUGELY appreciated!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:45:46 PM, on 3/31/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA... Read more

A:Suspected Virus/spyware? Not Sure Which?

Hi incognetto,I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our helpers are volunteers. I'm subscribed to this topic now and will help you with any malware issues you may have.Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

2 more replies
Answer Match 49.98%

Hi all
Suspect that I have picked up some spyware somewhere along the way (I blame the wife )
Here is the HijackThis log. Appreciate any help....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:55 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program... Read more

A:Solved: Suspected Spyware

10 more replies
Answer Match 49.98%

i suspect i have a keylogger on my system, im not completely computer nooby but defantly need help with looking for problems in process files etc. i recently had a serious security breach, with passwords being changed and crazy redirecting webpages. I reformatted right away, but now my main email password has seemingly changed on its own. Can a keylogger or virus survive a reformat? this is my logfile.

A:Suspected Keyloggers and spyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 49.98%

Hi evry1,

Im suspecting that my machine is infected by something as it keeps downloading and uploading when my internet connection should be idle here is the result of my netstat scan:

Connexions actives

Proto Adresse locale Adresse distante ?tat
TCP 0.0.0.0:135 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:445 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:5357 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49152 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49153 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49154 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49155 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49156 PC-de-Denis:0 LISTENING
TCP 0.0.0.0:49157 PC-de-Denis:0 LISTENING
TCP 127.0.0.1:25 PC-de-Denis:0 LISTENING
TCP 127.0.0.1:110 PC-de-Denis:0 LISTENING
TCP 127.0.0.1:143 PC-de-Denis:0 LISTENING
TCP 127.0.0.1:5400 PC-de-Denis:0 LISTENING
TCP 127.0.0.1:5400 PC-de-Denis:54348 ESTABLISHED
TCP 127.0.0.1:5400 PC-de-Denis:54355 ESTABLISHED
TCP 127.0.0.1:5400 PC-de-Denis:54361 ESTABLISHED
TCP 127.0.0.1:5400 PC-de-Denis:54365 ESTABLISHED
TCP 127.0.0.1:5400 PC-de-Denis:54392 ESTABLISHED
TCP 127.0.0.1:5400 ... Read more

A:Suspected Spyware or Malware

Ran MalwareBytes and it didnt find anything............. Sigh

My limited bandwith (dial-up) is slowly beeing eaten away ........


Any1 as any Ideas???

Thank You

Jack

Here is the log off of MalwereBytes


Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Version de la base de donn?es: 7030

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

2011-07-05 22:13:07
mbam-log-2011-07-05 (22-13-07).txt

Type d'examen: Examen rapide
El?ment(s) analys?(s): 153167
Temps ?coul?: 7 minute(s), 17 seconde(s)

Processus m?moire infect?(s): 0
Module(s) m?moire infect?(s): 0
Cl?(s) du Registre infect?e(s): 0
Valeur(s) du Registre infect?e(s): 0
El?ment(s) de donn?es du Registre infect?(s): 0
Dossier(s) infect?(s): 0
Fichier(s) infect?(s): 0

Processus m?moire infect?(s):
(Aucun ?l?ment nuisible d?tect?)

Module(s) m?moire infect?(s):
(Aucun ?l?ment nuisible d?tect?)

Cl?(s) du Registre infect?e(s):
(Aucun ?l?ment nuisible d?tect?)

Valeur(s) du Registre infect?e(s):
(Aucun ?l?ment nuisible d?tect?)

El?ment(s) de donn?es du Registre infect?(s):
(Aucun ?l?ment nuisible d?tect?)

Dossier(s) infect?(s):
(Aucun ?l?ment nuisible d?tect?)

Fichier(s) infect?(s):
(Aucun ?l?ment nuisible d?tect?)

16 more replies
Answer Match 49.98%

Hi

For the last few days I have been receiving constant pop-ups when browsing using Internet Explorer. The pop-ups masquerade as Windows Security Center and give warnings that I have been infected with spyware/malware. They also try to get me to download a program called SWS AntiSpyware. When I try to close these popups they re-appear again minutes later. I am also getting lots of advertising pop-ups. I suspect that I have been infected with some spware/malware and I can't detect them using Norton Internet Security. I have followed the recomended 5 steps with the following results.

Panda Activescan results:


Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Neil\Favorites\Insurance
Potentially unwanted tool:Application/Webmediaplayer Not disinfected C:\Documents and Set... Read more

A:Suspected spyware - Constant pop-ups

BUMP

Sorry to Bump my message, I could really do with some help.

Many thanks.

10 more replies
Answer Match 49.98%

OKay so I am going to try to give a chronological description of some of the problems I'm experiencing on this laptop. It runs on Windows 7 home Premium SP 1. This is a computer that has gone from very infrequent usage to daily, which I suspect could mean we're more open to viruses as it's being used more and more and perhaps not adequately protected. We run AVG regularly, and scans, but the only firewall is Windows Firewall (planning to use Zonealarm from now on, this PC was passed on to me and i simply hadn't got round to it!)
 
I would attempt a reformat but I want to figure out what the problem is first if possible. I regularly use a HDD to access my files (I don't story them on the HDD on laptop) so worried this may be infected also.
 
 
1)I had some issues with Microsoft Office faulting and crashing and not being able to open files. I attempted a repair install. All seems fine now. (could be completely unrelated)
 
2) Then I've had some issues with battery capacity - again potentially unrelated - computer says it needs replacing. Again probably hardware, but we get this message at startup. The PC is quite old though.
 
3) The main issue has been Chrome
First I noticed font changes - it looked like an older version or something, I can't quite describe it. It was being slow and crashing a lot.
 
Next I noticed that I couldn't print from Chrome either!
 
4) Then the serious stuff happened.
 
I loaded up the PC two days ago and got th... Read more

A:Suspected Chrome related virus - problems with security settings and downloading

Additionally we've been having VERY slow internet speeds (for a good month before this happened)- which we thought was related to our provider (BT) but I guess if it's an entire hijack could be related.
 
Computer installed 28 windows updates recently too (yesterday) which seemed a bit much considering we get regular updates (just some extra info in case it's related, but probably not).

2 more replies
Answer Match 49.98%

I recently installed free version of GIMP Photo Program to try it and I actually haven't done more than open it once. I mention this because it's the only recent change I've made as far as photo programs go.

I went to open one of my screenshots and it opened with GIMP, which I don't want. I went to Start/Default Programs so I could set the default to one of my other options. Those options would be IrfanView, Photoshop, Windows Photo Gallry, Fastone Image Viewer, Paint or Paint.NET or this GIMP.

The only options which show up under Start/Default Programs/Det Default Programs are IrfanView and Windows Photo Gallery. Why don't the other photo programs to appear there?

A:None of my photo programs are showing up when I open Default Programs

If you sceroll all the way down there should be an Other ... entry. Use that to browse for the executable you want.

4 more replies
Answer Match 49.56%

I have been experiencing problems with my Vista Ultimate computer over the past several months. At first, the computer was operating slower than normal and has progressively gotten worse, to the point where it cannot open any programs or files.

I have downloaded the DDS and GMER files on another computer and have tried to run them on my infected computer, however, the computer did not respond and subsequently I tried working in safe-mode. I was able to successfully run and save reports from the DDS files which I have attached, but the GMER still wont run.

I keep receiving warnings with the messages like:
'CreateFile "C:\Windows\gmer.dll": Access is denied'
'CreateFile "C:\Windows\gmer_uninstall.cmd": Access is denied'
'Warning!! Loaded GMER's driver version is incompatible with the currently running FMER application. You need to stop the driver with the command "net stop gmer" or restart your computer. '

I've tried restarting but it still won't allow GMER to run successfully. Please let me know what I can do to successfully run the GMER file so that I can continue with the instructions given. Your help is appreciated.



DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Tara at 13:47:31.60 on Thu 12/25/2008
Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Ultimate 6.0.6000.0.1252.1.1033.18.1023.705 [GMT -5:00]

AV: Panda Antivirus 2008 *On-access scanning enabled* (Updated)
AV:... Read more

A:Malware Suspected! No Programs running!

A quick update. The CreateFile problems were due to not having administrator privileges. I have changed the account to run Gmer.exe and I can now start the scan but it crashes a few seconds into the scan. Is Gmer compatible with Vista? Any suggestions would be useful because I don't know how to move past this point.

16 more replies
Answer Match 49.56%

Old thread reference

http://www.techsupportforum.com/secu...infection.html

I had been away for a while and not using the computer, so ran through the instructions in the last post by tetonbob. Results are in the attached file.

ComboFix 08-12-15.01 - tkmb 2008-12-15 22:34:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2007.1386 [GMT 0:00]
Running from: c:\documents and settings\tkmb\Desktop\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\tkmb\Desktop\ComboFix\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Rpmgzf
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\131632.dat
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\131652.dat
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\131712.dat
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\131732.dat
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\131752.dat
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\mgzhf
c:\documents and settings\All Users\Application Data\Rpmgzf\Damgza\tkmb\20081104\mgzkl
c:\documents and settings\All Users\Application Data\Rpmgzf\mgzlg.log
c:\program files\Rmgzsa
c:\program files\Rmgzsa\AdvStp.exe
c... Read more

A:Suspected malware / spyware infection.

Hello -

Let's try to clear this up in short order this time, shall we? Malware waits for no one. This has been dragging on for over a month.

Since it's been several days from the last logs, I need new logs to review.

If you still have DDS on the machine, DELETE it, as it's been updated.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:Contents of the DDS.txt posted as text in your reply
Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

12 more replies
Answer Match 49.56%

I am trying to fix my sister's computer. It is working but very slowly and windows update doesn't seem to work and there are other signs that there may be some spyware involved. Does the hijack this log look ok?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:48:38 AM, on 1/8/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17093)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Caroline\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Caroline\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Caroline\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Caroline\My Documents\Downloads\HijackThis (1).exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\... Read more

A:Spyware Suspected -Hijack this log included

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Answer Match 49.56%

By the way thanks for the help in advance, very useful information on this site your help is most apreciated

A:redirecting in firefox, suspected spyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

3 more replies
Answer Match 49.56%

Hi guys,

Been having some probs with spyware that i just can't seem to be able to remove, i have used pestpatrol, spybot, adaware, different trojan and virus scanners and the spyware (at least i think its spyware) just keeps returning. I have done all the above in safemode, and i have a new folder in program files named Winad Agent, i have tried removing this in the start up and Hijack This, but it just keeps coming back.

Your help would be very much appreciated

Here is my latest hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 13:05:07, on 07/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\... Read more

A:Spyware problems and suspected trojans

7 more replies
Answer Match 49.56%

Hi Folks,My system seems to slowdown whenever I start to connect to web. My wireless connection speed goes down to 1Mbits/sec.I tried to use Autoruns utility to see what has been started up or run. I "unclick" those which seems ambiguous or unknown. unsure.gifSomehow this line keep reapprearing...O4 - HKLM\..\Run: [BMa3d3b61e] Rundll32.exe "C:\WINDOWS\system32\uekkqxsv.dll",s sad.gifAlso, I notice under Autorun program that ddwayw.dll, nnnkifd.dll, ksosidpf.dll have unknown registry name. I tried uncheck them and delete them but once refresh, they reappear another line below the original one. Kinda stubborn.I also tried manual taught by online forum to unregister but it cannot be unregistered. sad.gifI tried to search the web at work for more info, I downloaded SDFix, Symmantec FixVundo, Vundo.exe, Blacklight, Stinger, Rogue Removal, SmitfraudFix and ComboFix. (The last two somehow just do not allow me to extract or run from desktop)I've also installed Lavasoft AdAware SE Plus, Spybot v1.5.Most program may detect some malicious cookies or trace but after reboot, somehow it resurface agani.I've just installed Super AntiSpyware and Counterspy but did not have a chance to scan the full system yet cos I need to get to work.I guess due to anxiety and being anxious to get things back in shape, i may have not run in the right sequence.Appreciate if anyone can enlighten me or provide me a more effective way to resolve my problem. Thank you... Read more

A:Can't Remove Suspected "spyware" Or Trojan

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and an Uninstall List (instructions forthcoming)Step # 1 Download and CCleanerDownload CCleaner from here to clean temp files from your computer. Double click on the ccsetup.exe file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box. Click Install then finish to complete installation.Step # 2 Retrieve the Installed Programs List from CCleaner Open CCleaner if it's not already running. ... Read more

3 more replies
Answer Match 49.56%

It has happened again...a visit to an innocent looking website (news variety) resulted in an unwanted download. The result was two porn related shortcut icons appearing on my desktop. Naturally, I deleted the icons, but knowing that there had to be more to it, I performed an Adaware scan that turned up
nothing unusual, except that the scan took about two hours when normally it takes 45 minutes. All my PC functions are at excrucsiatingly slow speeds. This page alone took 18 minutes to load.
Based on past experience, I called up HijackThis and did a scan. I will paste
a copy of the scan log for a Tech Expert to evaluate and possibly ID the culprit program. I noticed some lines of the log contain a "gator" reference.

Thanks for being there, Tech Guys,
Stephen

Logfile of HijackThis v1.94.0
Scan saved at 12:54:58 AM, on 9/22/04
Platform: Windows 98 SE (Win9x 4.10.1998A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98... Read more

A:Solved: Suspected spyware infection

16 more replies
Answer Match 49.56%

Over the last few days I have had increasing number of popups/error messages.The error messages are obvioulsy created by some spyware as the english is very bad (some examples can be found here. A search for some of the files mentioned in the messages point to a company called Saliar and apparently their software (which you have to buy) is the only one which will clean the spyware (sounds dodgy to me!)i think i have tracked down the culprit file to "cmdctl.dll" in the "Sample Playlist" folder for Windows Media Player. A search for this file in google yields no results which suggests it is a randomly generated filename and not legitimate.So here I am asking for your help with this issue.Here is my ComboFix log:ComboFix 08-02.03.1 - Matt 2008-02-04 13:54:50.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2836 [GMT 0:00]Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\Documents and Settings\Matt\Application Data\inst.exe----- BITS: Possible infected sites -----hxxp://www.download.window... Read more

A:Suspected Salair Virus/spyware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 49.56%

Strange M.S. look-alike pop-ups at regular intervals are causing me to believe there may be an infection of a Trojan or other malware/spyware present on my computer.

Am running an HP dv-1000 series laptop, Win XP Home, SP 3 with all current patches, IE8, 120 gig HD, Pentium M processor, 1.73 Ghz, 2 Gigs of Ram. Am using a cable internet connection behind a router and Windows firewall using TrendMicro Titanium Max Security.

Full AV scans prove negative.

Downloaded and ran “Super Anti-Spyware” which found and deleted Trojan: Agent/Gen-CDesc [wrk] – 7 infections: 2 in memory and 5 in files.

Downloaded and ran “Malwarebytes” which found and deleted Trojan: Fake_Alert

Downloaded and ran HiJackThis. Please see the scan log which follows. Please note the undescribed item O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Did a google search which said it was malware and recommended removal.

Would appreciate your comments and any recommendations.

Many thanks in advance……DS
--------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:31 AM, on 11/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32... Read more

A:Suspected Trojan/Malware/Spyware - please help

bump
 

2 more replies
Answer Match 49.56%

My PC appears to be infected with a virus or spyware and I would like to take some advice on removing it. I've searched for similar problems and found some very useful posts by 'quietman7' but don't want to follow the exact same instructions just in case my problem differs slightly and therefore involves different resolution steps.

Here are the details of my system and the symptoms that I am encountering. I'd be very grateful if someone would spare the time to help me out.

System
=====
I am running Windows XP SP2 and receive automatic updates on a regular basis.

I have installed AVG Anti-Virus Free Edition 5.5.519
The Virus Base is 269.22.0/1344
The date for this is 26/03/2008 08:32, which is the last time it was updated prior to getting infected later that day. I have not been online since to receive any further updates.

I have installed AVG Anti-Spyware Free Edition 7.5.1.43, which was updated on the same date as above.

I have a broadband connection. My ISP is Tiscali.
Symptoms
=======
I was online surfing the web, when all of a sudden my PC just shut itself it down and rebooted. Straight away (and ever since) I am getting a pop-up bubble from the bottom-right-hand-corner system tray, from a red circular icon with a white cross in it. The message tells me that spyware has been detected and that Windows will download appropriate removal tools. I'm not convinced that this is a legitimate Windows message - I suspect that this is the ... Read more

A:Suspected Spyware Infection - Braviax.exe ?

Hello SmytherIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.The next screen will ask you to select the drives to scan. Leave all the drives selected and click on ... Read more

6 more replies
Answer Match 49.56%

Just recently started having issues with comp. random freezes/crashes etc. I'm running a Dell Dimension 9100, windows XP, SP3 Home edition. Pentium 4 CPU 3 GHz, 4 GB of Ram, Radeon x600 video card. Here are the logs, any assistance is always appreciated. Could not get the GMER program to finish, after 5 hours of scanning the computer froze, so I do not have that log. Sorry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:43 PM, on 8/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7... Read more

More replies
Answer Match 49.56%

Have been recently trying to clean up my older computer, and a recent download has added tons of spyware, etc. Have tried many different methods to clean it and stop Internet Explorer from randomly starting and going to a site on it's own. Any help with this and any other problems that can be seen would be greatly appreciated. Thanks.

Here is my first hijackthis posting. Just let me know if I did anything wrong and how to fix it. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 12:54:20 PM, on 8/07/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\PROGRA~1\Webshots\webshots.... Read more

A:IE window popups. Spyware suspected.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
combofix.exe-Save it to your Desktop.

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Windows Security Drivers
Double-click on it to open the Properties dialog. Stop the service by using the Stop button.
Change the Startup type to Disabled & then click on the OK button

Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
In the popup box that appears, type in csrs & then click on the OK button

Start HiJackThis & go to Config>Misc.Tools> Delete a file on rebootIn the popup box that appears, type in C:\WINDOWS\csrss.exe
Click the Open button.
Click NO when prompted to restart your computer.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply along with a new Hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

19 more replies
Answer Match 49.56%

I've been having trouble with my computer for a while now, finally seeing what I can do about it. It's been running a little sluggish and acting strange such as random crashes regardless of what's running at the time. The internet is in the same state. I don't really get pop-ups but a lot of sites simply will not load. When I try to go to hotmail, for instance, it will stay at, "connecting to hotmail.com..." and never load. Although, for a week or so last month hotmail would load, but now it's back to acting that way. Hm, frustrating.

While some websites refuse to load, others will start to load then freeze up and the status will say "transferring data from" or "waiting for", but what it's transferring data from or waiting for has seemingly no relation to the website in question.

For example, when going to www.ebaumsworld.com it starts to load then freezes and it's status is,
"transferring data from cdn.triggertag.gorillanation.com..." then it continues on to "transferring data from s.meebo.com..."

and it just cycles through several more random things like that, but very slowly. I've ran a few programs such as adaware, spybot, avg, but hasn't really helped.

Here is the DDS log:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Sean at 12:44:47.01 on Sun 10/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.3838.2731 [GMT ... Read more

A:Suspected virus/trojan/spyware

Bump.

Anyone please?

1 more replies
Answer Match 49.56%

Hello,

I have been having problems with my laptop. Windows 7 64-bit Srvc pack 1, 6 gb RAM, Core 2 DUO P8700 @ 2.53 ghz. My laptop is freezing under normal startups, working fine in selective startup safe mode. Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 21:45:42 on 2011-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4383 [GMT -7:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe... Read more

A:Suspected Malware/Spyware, ran GMER...

Bump, still having issues.

1 more replies
Answer Match 49.56%

I have an icon on the taskbar that flashes between the windows Help and Support logo and a no entry sign (Red circle with a diagonal line through it). I also get popups saying that I have virus infections and that I should download certain virus scanners.

Here is the HJT file.

Logfile of HijackThis v1.99.1
Scan saved at 21:26:19, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\Dan\My Documents\q3e_minimizer_v145\Q3E Minimizer_v1.45.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4... Read more

A:Solved: Suspected Spyware Trouble

8 more replies
Answer Match 49.56%

My new built computer has been working perfectly but then yesterday it took about 25 minutes to load up after I had logged in. The desktop took a very long time to load up and then after it had finished it froze for a small period of time. There are two reasons I can think to why this has happened. The first reason would be due to me turning my computer at the mains before it shut-down correctly(Stupid thing to do, it was an accident) and the other reason I could thing would be some kind of virus or something on my computer.

So I scanned my whole system with 'AVG internet security' and it found one potential spyware.

This is an application found in "C:\Windows\Setup\scripts\faXcooL.exe" But AVG warns me that deleting this or sending it to the vault may cause my system, to crash, So I do not know whether to remove this or not as it may be the cause to my slow start up computer?

This is the message that I got when AVG found it - "C:\Windows\Setup\scripts\faXcooL.exe";"Potentially harmful program HackTool.PBY";"Potentially dangerous object"

Thanks.
 

A:Slow computer. suspected Spyware.

I have no idea what you mean by this comment:

The first reason would be due to me turning my computer at the mains before it shut-down correctly

Can you be more specific?

----------------------------------------------------------

If you believe your computer is infected and you want assistance from a gold/blue shield member, you need to read the topmost "sticky" in this section and then provide the required logs and information.

----------------------------------------------------------
 

1 more replies
Answer Match 49.56%

Alright here's whats up, yesterday I noticed my computer slowing a little bit. It's been awhile since I last Defraged and run CCleaner, so I fired up CCleaner and then tried to defrag, but got the message "Disk Defragmenter Cannot Start" also I cannot update a-Squared, cannot run chkdsk, however Avast still updates although it does not find any problems. I made sure my page file under "start\control panel\system\advanced...ect" was not turned off, tried reinstalling Disk Defrag and followed some suggestions on running a few lines in the command prompt. Still I have no luck.Oh and also, I cannot use windows update I included a sceenshot look it over carefully!
 iescreenshot.png   148.68KB
  6 downloads Also after the start-up sceen AUTOCHECK starts and says it cannot continue because the file system on Drive C: is RAW. However it is formated as NTFS.Also Recuva will not recover anything. This image shows the error I get when I double click Local Drive(C:)
 drivecdoubleclick.png   11.84KB
  5 downloadsHijackthis log is posted below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:18 PM, on 1/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\syste... Read more

A:Suspected Mal/Spyware Trojan, virus?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

4 more replies
Answer Match 49.56%

Hi while on my GF's computer(one of very similair make as mine) and noticed hers seems to run significantly slower. Popups come up every so often so i know there is atleast some spyware. I run Superantispyware and AVG and still having issues. Here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:45 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\downloads\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\InstallShield\UpdateServ... Read more

More replies
Answer Match 49.56%

Sorry but i dont know the type of infection i have. The problem is when i open any window (i use mozilla) it redirects to another site (often several), i have downloaded various malware removal software, including malwarebytes, which stops running part way through (as did anything else). I already had spybot on my computer, but that says it cant find anything. I also have avg virus software, through this i did a rootkit search, it said it found something and quarantined them, but this hasnt solved the problem.
Below is the dds text report. I have attached the attach text document, I did download the GMER log, but the first time i ran it it went ok for a while then froze the computer (i had to manually restart) and the next time the screen went blue and it restarted itself, is it a major problem for you not having this?

Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27
Run by Ross at 14:00:13 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3327.2486 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C... Read more

A:suspected malware/spyware on computer

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422187 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

16 more replies
Answer Match 49.56%

For the past few days, my computer has been telling me that "Your computer is infected" and asking me to install a solution. A window opened and reported a download in progress. Two icons for "AV Care" appeared on the desktop. I found files associated with "AV Care" and deleted, but that obviously didn't work, for when I rebooted, more similar notifications popped up. I realized something didn't belong, so I've disconnected from the internet. Hence, I can't report too many other symptoms.

Thanks in advance for your assistance.

Here is the DDS.txt:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave at 20:16:55.62 on Thu 08/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.418 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\m... Read more

A:Need help removing suspected malware/spyware

Hello,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------

Please re-run DDS and post the resulting logs

19 more replies
Answer Match 49.14%

Hello,

I believe my laptop is infected with malware, preventing it from performing any tasks, such as accessing the internet, or opening programs. It is a shared laptop used primarily for web browsing (google, facebook, etc.) iTunes, and paying bills online. I am able to boot the computer, logon (although noticeably slower), and then I receive two error messages. The first is:

rundll32.exe - Bad Image

"The application or DLL C:\WINDOWS\oparexurivikiki.dll is not a valid Windows image. Please check this against your installation diskette."

I click ok, then another error message immediately pops up:

RUNDLL

"Error loading C:\WINDOWS\oparexurivikiki.dll

%1 is not a valid Win32 application."

I then click ok, and now my desktop appears normal, although 9/10 times I notice that on the bottom right in my taskbar, my network icons do not appear (both LAN and wireless).

From trial and error, I've learned that sometimes I can open up 'my computer', text files, but once I try and open internet explorer or any exe files, my computer freezes. The computer will eventually lock up at some point even if I avoid opening exe files.

I've tried system restore to earlier points, and the problems have not gone away. I've been able to download programs like Malwarebytes' Anti-Malware, AVG 2011, and SUPERAntiSpyware Free Edition, and run them (without updating them; can't connect to internet) and although they have detected and quaranti... Read more

A:Suspected malware preventing operation of any programs

16 more replies
Answer Match 49.14%

Suddenly I am unable to download programs, change security settings in McAfee, unistall software without being signed on as an administrator. I have been able to do all these things in the past with no problem. I recently went through the whole Hijack This Malware thing and downloaded a ton of stuff with no problem. I wonder if the final ComboFix made changes that are causing this?

A:Cannot Download Programs, Change Security Settings, Uninstall Programs

Hello Mariannjackson,

Does the account you are using have administrative rights?

11 more replies
Answer Match 49.14%

Hello.

I've posted asking for help before and the results were excellent, so I'm gonna post again on behalf of my mother asking for help with her system. There seems to be a severe slowdown in her system (she likens it to a car starting and stopping constantly, and likens it to some sort of program running that isnt supposed to be). We've run AdAware and virus scanners, both of which have come up clean, so I suggested she run HijackThis, and here's the log we produced. The Operating System on this machine, by the way, is Win98.

Logfile of HijackThis v1.99.1
Scan saved at 11:36:04 PM, on 08/18/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\AOL COMPUTER CHECK-UP\ACCAGNT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\PROGRAM FILES\NETRATINGSNETMETER\NETMETER\NIELSENONLINE.EXE
C:\PROGRAM FILES\WILDTANGE... Read more

A:Severe Slowdown in System, Spyware suspected

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(es) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Open My Computer>>View>>FolderOptions>>View Tab>>Advance Advanced settings box, under the "Hidden files" folder, select Show all files>>Apply>>OK

Download About Buster 5 and unzip it to a folder on your the Desktop. Do not run it yet!

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following IF listed.

WILDTANGENT
NETRATINGSNETMET... Read more

9 more replies
Answer Match 49.14%

Hi,

Could some one help with my computer which is running very slowly, especially when loading web page.

My HJT log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:17 PM, on 4/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ewido\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ZoneAlarm\ZoneAlarm\ZoneAlarm\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Media Key\MagicKey.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Media Key\OSD.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\HiJackThis\hijackthis\HijackThis.ex... Read more

A:Computer running slow - spyware suspected

14 more replies
Answer Match 49.14%

My computer's been running significantly slower than usual; I've done disk cleanup, defrag, and ad-aware and symantec scans, but none have helped thus far. I checked a symantec scan and saw the processes 9129837.exe and hide_evr2.exe, searched online, and found they're supposedly malware, even though I can't seem to locate them in the hijackthis log. I'm not an expert with these things and I have a hard time following the similar threads I've found, so hopefully you guys can help me out.

I checked the Preparation Guide, but the DDS log download link wasn't working for me; I'm posting the hijackthis log below, but I'm perfectly willing to download and run whatever other scans or logs that could help figure this out. I'd appreciate any and all help.

---
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:06 PM, on 3/20/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Windows\System32\ThpSrv.exe
C... Read more

A:Suspected malware/spyware with symantec & hijackthis log

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

28 more replies
Answer Match 49.14%

I suspected my computer is infested with spyware, but don't have any idea in how to solve the problem as i do not know how to interprete the Hijack This log....can anyone pls help me ??!!
Logfile of HijackThis v1.99.1
Scan saved at 4:03:44 PM, on 3/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\PHOENIX TECHNOLOGIES\BAYSWAP\BAYSWAP.EXE
C:\PROGRAM FILES\EZBUTTON\CP888M1.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TOSMEM.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\GUBJJWO.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRA... Read more

A:Help urgently needed with Hijack This log ! Spyware suspected !

12 more replies
Answer Match 49.14%

I've been making a lot of tweaks to my system lately, and think I picked up a bug somewhere. None of the virus or spyware scans that I've run have picked up anything, though.

The only virus detection that has picked anything up was AVAST about 2 weeks ago, but I believed it to be a false positive since it was identified only as a generic trojan that I couldn't find any info on. I quarantined the file anyway, and didn't complete any actions, so I thought I was in OK shape. But now everything is just slow as hell, even just copying files from one folder to another. Computer isn't responsive, even just clicking on desktop icons.

One of the tipoffs for me was that the clock in my taskbar is constantly wrong. Can't seem to get it of "24 hour" time.

Here's my logfile:

Deckard's System Scanner v20071014.68
Run by Corey on 2007-12-30 11:35:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Corey.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-30 11:39:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\... Read more

A:PC Slowed to a Halt - Spyware/Infection Suspected

happy new year! bump.

2 more replies
Answer Match 49.14%

Hi,
 
I suspect that my computer has been compromised/hijacked.
 
I have been having warnings of suspicious activity from my banking and social media sites and my web browser seems slower than usual.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Mike (administrator) on MIKE-PC (11-01-2016 22:00:43)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) ... Read more

A:Suspected hijack of computer + spyware/malware

hi Arlo1234,
 
At a glance dont see much to be worried about, some optional things maybe. Is your updated AV and Malwarebytes coming up clean after a scan?
What warnings from your bank/social sites are you seeing?

1 more replies
Answer Match 49.14%

Anything nasty lurking in here?

Logfile of HijackThis v1.99.1
Scan saved at 16:45:19, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.micro... Read more

A:Solved: Slow computer - suspected spyware

Hmmmmmmm looks fine
 

3 more replies
Answer Match 49.14%

Hi All,

Had some issues with Vista Ultimate on my PC. Dell XPS m1210

First clue was downloads were taking longer.

Second was the "windows error recovery page" on startup
Rebooted the system using the Vista cd and going to repair mode.

The crash occured after installing Trend Micro 2008, its firewall
was snafued otherwise it appeared normal.

Accomplished the five steps, with the following results

1. Panda just locked up
2. SpywareBlaster got a code 999 error. unable to register
unable to load library files
3. got the Zone out loaded not sure if i got it configured/op
4. MS update failed. code 92D MS 2007office suite sp1

the DSS scan is as follows ;


Deckard's System Scanner v20071014.68
Run by gman on 2008-02-19 17:00:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-02-19 21:41:33 UTC - RP33 - Windows Update
14: 2008-02-19 21:32:02 UTC - RP32 - Windows Update
13: 2008-02-19 09:31:08 UTC - RP31 - Removed Dell Support Center.
12: 2008-02-19 03:50:14 UTC - RP30 - Installed Microsoft Office Home and Student 2007
11: 2008-02-19 03:25:55 UTC - RP28 - Removed Microsoft Office Home and Student 2007


-- First Restore Point --
1: 2008-02-17 23:02:04 UTC - RP17 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThi... Read more

A:Windows Vista Suspected Malware/spyware

Oh well the old hard drive gave up the ghost today!! same error and symptoms as the other pc's drive . What would you all recommend
beyond Trend Micro for the new hard drive protection?

I was using adware se and spybot. microtrend has issues spybot i see?

And what about the files i managed to save? what should i cleanse them
with?

g

1 more replies
Answer Match 49.14%

Hello,

I was a previous poster when i was having issues with a laptop that i no longer own and now my new desktop appears to be infected with something. There are multiple users on the computer so I am not sure exactly where the issues are originating.

Symantec quite frequently has a popup balloon stating that a denial of service has been logged, and after this occurs internet access generally does not work until after a restart. I have also had a blue screen appear multiple times stating that windows must shut down and has undergone a critical error. Something like that. This is pretty much the all of the noticable symptoms but i feel that the computer is infected with something. The following is the dds log and i have attached the other in a zipped folder. Any other information that is needed i will gladly provide and thanks in advace for any help that i recieve. I am running windows 7, 64bit so i did not run the gmer tool.


Heres my system info as well:

Hewlett-Packard Company HP
Windows 7 Home Premium
model: p6674Y
AMD Phenom(tm) II X4 820 Processor 2.80 GHz
6 GB RAM
64- bit operating system
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kris at 18:44:04.85 on Tue 03/08/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.3928 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-... Read more

A:Suspected Spyware and Viruses//Blue screen

BUMP, please

19 more replies
Answer Match 49.14%

Hi I need some help. I cannot delete some files on my PC, and Norton cannot proceed with a normal scan, it stops halfway. Thank you for your help. Here's my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:29:22 PM, on 10/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\sys... Read more

A:Solved: Help Needed - Spyware / Virus Suspected

8 more replies
Answer Match 49.14%

Hello to whom it may concern, thankyou for firstly taking a look at my issue.

I recently downloaded a large .UIF file, 'Dragon Naturally Speaking', to help with dictating for word documents and etc.

I installed it after mounting it, with Daemon tools / MagicISO.

Then there wasn't a need for the .UIF file anymore.

After 3 days, I found Dragon Naturally Speaking, wasn't so useful, uninstalling it.

I've now tried to delete the .UIF file, from it's folder, from my D: HDD, seperate from my usual C: HDD (where windows is installed). The D: HDD is where I keep my music, and video files, a memory bank for my media.

I've been trying to delete this file for several days now, exploring forums for ideas and solutions.

My issue is with the folder itself. It constantly says 'In use, open in another file or folder / program is using it'. I've tried programs such as EMCO MoveOnBoot, Unlocker etc etc. But none of them are working. I've tried doing it safemode. I was going to consider System Restore, but System restore doesn't delete files, or so it didn't in XP (I am using Vista x32).

Is there any idea what could be done to help?

I've tried a full scan with Kaspersky Internet Security 2009 - Nothing detected. I'm pretty stumped. Also annoyed, it's a large 2GB file, that I wouldn't really like on my D: HDD much longer.

I will attach a HJT log, if that will help.

Logfile of Trend Micro HijackThis v2.... Read more

More replies
Answer Match 49.14%

Hello, I suspect that my computer is infected with a virus or malware/spyware. I get all kinds of weird issues with freezing and lag and random pop-up's when browsing the internet and my credit card was recently compromised. I do a lot of online shopping and I want to make sure that all spyware is removed from my system.
 
Thank you.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Mike (administrator) on MIKE-PC (19-08-2015 07:34:00)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\Free... Read more

A:Suspected Virus, Malware/Spyware ... Need Assistance

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\[email protected] [2015-08-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-01-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloa... Read more

5 more replies
Answer Match 48.72%

I recently downloaded Photoscape, a free media/picture editing & tools program along with Real Player the two seem to be linked and couldn't figure out how to get just one but anyway I have no issue with Real Player so I downloaded both.
 
I am trying to set Photoscape as my default photo program but it doesn't show up on the list of programs that Windows brings up.   If I try to open a photo file by using OPEN WITH Photoscape doesn't show up there either but it is on my computer so I'm confused what the problem is.
 
Photoscape appears to have a lot to offer.   Any recommendations or experiences similar?  Thanks.

A:Setting Default Programs - Not all Programs Discovered?

You say you downloaded Photoscape, but did you "install" it?
If you did not install it, Photoscape will not show up in your programs list.
If it is installed, it will be listed down near the bottom of your programs list.
Once you find it in the list, click on it to open it, you will then see two entrys, one to open Photoscape, and one to un-install it.
If you want a Desktop icon, simply right click on the Photoscape entry, choose "send to", and select "desktop".
But once again, simply downloading it is not enough, you must go to your downloads files and double click on Photoscape, and "install" it first.

6 more replies
Answer Match 48.3%

Hi,
I'm afraid that my Dell Latitude D620has become infested with several Trojans, Spyware and viruses. I would much appreciate your help in removing these. I am a 'medium level' user, and am already running Symantec Anti Virus as well as Comodo Firewall.

I ran 'HijackThis' and got the following Log File:
--
Logfile of HijackThis v1.99.1
Scan saved at 4:00:15 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system\msnntlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ntlmaps\ntlmaps.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quinnipiac.edu/
R1 - HKLM\Software\Microsoft\Internet ... Read more

A:Solved: Request help removing suspected spyware and viruses

8 more replies
Answer Match 48.3%

hi all

i'm running win xp home edition. only 2 users name created. user 1 with administrator rights, user 2 only basic rights.

my problem now is that i cannot log in via user 1 anymore, i did not change any password. i suspected i got infected with eirther a virus or spyware.

i have important datas in user 1 folder. any solutions that i can retrive my datas in it? i tried logging in via safemode but to no avail. any advise will be appreciated.

thanks
 

A:suspected spyware stop xp [moved from XP; Security help needed]

my life is doomed
 

2 more replies
Answer Match 48.3%

Last week Avast found a trojan virus on my computer--I tried to repair the file, was unable to, and so deleted it instead. The next day, when I turned-on the computer, what appeared to be the same virus was present. I found that it was located in a spyware file I had unsuccessfully tried to remove before (NewDotNet). I decided, somewhat rashly, to try and delete all traces of the program off of my computer--I ran a search in explorer and came up with four copies of newdotnet_###dll and deleted all of them.

Then, when I tried to connect the internet, my computer was not able to make the connection. I use a dial-up connection, and at the time I was using NetZero dial-up. NetZero would dial, verify userid/password, say I was logged-in, and then start redialing, over and over again.

After getting disgusted with NetZero's lack of tech support I installed AOL. I even managed to establish a new account and send/recieve email, but when I tried to browse the internet, I was told the page was unavailable.

An AOL representative told me that I needed to find a hardware technician to do something with my TCP/IP and Winnsoft. I did a simple installation of TCP/IP with my Windows restore disk, but that didn't solve the problem. I have no idea what Winnsoft is and I don't have a hardware technician readily available at the moment.

A NetZero representative had me run a scan (I think) on Windows with the restore disk to make sure all the necessary files were still intact. ... Read more

A:Removal of Spyware suspected to cause network connection issues.

7 more replies
Answer Match 48.3%

Hi there.Well this is my first post on a forum like this. Basically I am having strange problems with my pc. I have scanned PC with Adaware, SpyBot Search & Destroy and Microsoft Antispyware (Beta1), and scanned for viruses with Trend Micro. The system is now, according to all these applications, clean. However, my Microsft Antispyware keeps warning me that my IE explorer settings have been lowered to below the safe setting. No matter how many times I click to Block this move and restore my original settings, it keeps poping up with a warning. Anyway, this is a minor problem, just giving you the full score on whats going on. The problems start when I log on to the Internet, without starting IE, just logging on. After about 10-15 secs all these windows start popping up with various website addresses, but the windows are blank. These windows start popping up like crazy. My reaction is to close them all as they pop up. Then I notice in my Task Manager that for every page that has popped up, a little process is running, with names like : ysb.exe, ysb2.exe, c4t.exe, c4t2.exe, lc.exe, lc2.exe, top.exe, top2.exe. These files then live in this folder C:\Documents and Settings\Myname . I then proceed to stop all processes with these names and delete them from the folder. They return, every time I Log onto internet. These popups stop after 20 secs or so, then they dont come back. However, when I am surfing the internet with my 1mb connection, I often find it a struggle, w... Read more

A:Need Help with suspected Spyware/Trojan/Worm/Malware/Hijack

Hello SuperSkunk and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exeO4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exeO4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exeO4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exeO... Read more

5 more replies
Answer Match 48.3%

Hello again,

This post is a continuation from "Identity Theft--is it my computer?" http://www.bleepingcomputer.com/forums/topic454947.html
A few weeks ago my bank card was zapped by a few fraudulent charges. I went through the process of cancelling the card and ordering a new one. Two weeks later I was contacted a second time about charges made to a different credit card! The only connection I can make between the two is their use to pay bills and purchase items on my home computer. I am running Windows Vista 64bit. I have previously run the latest versions of Avast! virus scan, Malwarebytes anti-Malware software, and Spyware Terminator, but I've had no success in locating anything malicious. Can you help me make sure my system is clean?

As per your instructions in the prep guide, I backed up my data (to my wife's computer because I experienced an error every time I tried Cobian backup: ("ERR 2012-05-26 15:03 An error occurred when creating or refreshing the archive "G:\C 2012-05-26 14;52;52 (Full).zip": Cannot create file "\\?\G:\C 2012-05-26 14;52;52 (Full).zip". The system cannot find the path specified"), I made sure my firewall was up, I used DeFogger to disable any CD emulation software, and I ran DDS to create the log file below and the one attached. I did NOT create a GMER log since I'm running 64 bit.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112... Read more

A:Suspected Malware/Spyware--Identity Theft Victim

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

18 more replies
Answer Match 48.3%

Windows 7 Home Edition

Here is the dds.txt content:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by Scott at 19:07:57 on 2015-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.3989 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k Local... Read more

A:Suspected Virus/Spyware in Win7 Home Premium

Hi & to TECH SUPPORT FORUM!
My name is J?rgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both ... Read more

15 more replies
Answer Match 48.3%

(windows 7) I accidentally messed up the security settings in the "Default Folder" (a shortcut?) of the Users folder.
I removed administrators permissions , that caused my pc to be unable to restore to previous restore point correctly. However, I was able to re-add the admin permission and everything now is fine.
Yet I need help here.
1 could anyone post screenshots of the default "default folder" security settings? I need to set it back to the default one even though now it works fine.
2 why the hell does that folder NOT HIDDEN? Are yours not hidden as well? Of course the option to hide all system file is checked on my pc. The only reason I messed with that folder is because I thought it was just a normal folder and not a system folder. Anyway to get it back to be invisible?
Thanks for helps in advanced. And I don't want to go to Microsoft supports because they always give robotic replies with no helps at all.

More replies
Answer Match 47.88%

Sorry if I'm posting this in the wrong forum. I've been having some serious problems lately. (In case it gets moved, my OS is Windows XP home.) The problem is some programs, programs that I've used every day for over a month with no problems, will start to load, and then stop loading. A look at my task manager shows that the memory usage and CPU usage don't budge at all, sometimes stopping as early as about 70kb.

I ran a scan with AVG and Malwarebytes, both scans turned up clean. Another look at my task manager shows one process, MsMpEng.exe, is sometimes using up large amounts of memory and CPU. This isn't consistent, however.

Another suspect program is the Zonealarm firewall, since my problems seem to have started after installing the latest version. Has anyone else had problems with this one?

As an example, one of the programs that started giving me trouble is Pidgin messenger. When I open it, it opens up a blank window, and then memory and CPU usage stops, and I have to "end task" it. I tried uninstalling, re-downloading, and then re-installing the program, opened it, same result.

Any ideas?

A:Programs stop loading (suspected issues: MsMpEng.exe or Zonealarm)

Quote:




The mspeng.exe application is the core component of the Windows Defender




Zone Alarm has caused many conflicts with other programs. We suggest uninstalling Zone Alarm and uninstall AVG with the AVG Uninstaller and install Microsoft Security Essentials. MSE will disable the Windows Defender because it does the same job only better, It also enables the Windows Firewall. Having more then one AV product on your computer causes problems (Malwarebytes is not considered an AV product so it does not conflict)

18 more replies
Answer Match 47.88%

Hello,

My computer (XP Op system) has been running slowly for about a month. Programs are constantly closing unexpectedly (especially Yahoo Messenger and Gmail email notifier). Many times IE won't even open. I have AT&T Yahoo DSL which provides online protection (anti-spyware, anti-virus, pop-up blocker), but it doesn't detect anything.

Last week I ran a virus remover program that supposedly removed a couple Trojan viruses, but not I notice similarly named files are back in my C:\WINDOWS\system32 folder (__c008D1F2.dat and __c002224A.dat), which I suspect are new Trojan viruses, but they cannot be deleted - Access is denied.

Please help me get my computer back! Thank you for helping!

Here is my dds report:


DDS (Version 1.0) - NTFSx86
Run by HP_Administrator at 23:36:15.50 on Thu 11/13/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1351 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:... Read more

A:Virus Suspected - Computer slow and programs closing unexpectedly

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open notepad and copy/paste the text in the quotebox below into it:


Code:
File::
c:\windows\system32\__c008D1F2.dat
c:\windows\system32\__c002224A.dat
C:\xcrashdump.dat
c:\windows\system32\~.exe
c:\windows\system32\ezsidmv.dat

DDS::
uRun: [A00F59DDC49.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F59DDC49.exe
uRun: [A00F5A5A803.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F5A5A803.exe
mRun: [<NO NAME>]
Notify: __c002224A - c:\windows\system32\__c002224A.dat
Notify: __c00280F1 - c:\windows\system32\__c00280F1.dat
Notify: __c0069664 - c:\windows\system32\__c0069664.dat
Notify: __c008D1F2 - c:\windows\system32\__c008D1F2.dat
Notify: __c009B5E0 - c:\windows\system32\__c009B5E0.dat
Notify: __c00CC610 - c:\windows\system32\__c00CC610.dat
Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.


------------



Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure... Read more

14 more replies
Answer Match 47.88%

Running Widows 7 Home Premium 64 bit.
Upon first startup after having been connected to a public wifi network, McAfee Security Center Real-Time Scanning was disabled. I am unable to get it to turn back on. After each attempt it turns back off on its own within a few seconds. Attempts to run a virus scan with McAfee fail; the scan window opens but the scan never begins. Google Chrome began to run very slowly, and at that point I rebooted in safe mode to proceed.
 
In safe mode McAfee has the same problems.
I ran RKill, finding that Windows Defender and Windows Update were disabled as well (log below).
I ran Kapersky TDSSKiller, and it found no threats.
I ran MBAM, and it does not detect the infection.
I tried to run SuperAntiSpyware and the program won't activate.
 
Google Chrome is now not functioning normally, giving the following problem signature when I try to open it:
Problem signature:
Problem Event Name: APPCRASH
Application Name: chrome.exe
Application Version: 44.0.2403.125
Application Timestamp: 55b32ae2
Fault Module Name: chrome.dll
Fault Module Version: 44.0.2403.125
Fault Module Timestamp: 55b32315
Exception Code: 80000003
Exception Offset: 00000000000a32c2
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Information 1: ef68
Additional Information 2: ef6879b855c2234b97579ba26d03c76e
Additional Information 3: aa24
Additional Information 4: aa24301e202433a62bcad4f386329c65
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid... Read more

A:Suspected rootkit infection disabling multiple antivirus programs

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

5 more replies
Answer Match 47.88%

I have an IBM Thinkpad that is running Windows XP version 2002 service pack 3. It started running very poorly some time ago, and I am already aware that this is somewhat due to the number of processes that are set to run on start-up. I need to clean that up, but don't want to mess anything up. But I have noticed a pattern when the computer is running at its worst. There seem to be two different processes that are always running in the task manager. The first is ctfmon.exe and the other is rundll32.exe I end each of these processes, but they always pop back up pretty quickly. So I downloaded hijack this and ran a scan. I have attached the log to this post. I don't have any clue what to do from here, but could really use some advice. All help is much appreciated.
 

More replies
Answer Match 47.04%

I want to use different softwares as default softwares, but some are in portable mode and do not show up in

Control Panel\All Control Panel Items\Default Programs\Set Default Programs

I can see ''potplayer'' in the list, but I want to add ''nomacs'' to view my pictures, instead of ''windows photo viewer''. Nomacs do not show in the list of ''Set Default Programs'''. In nomacs, there is an options to make it the default program to show the picture, but I get an error:






Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

A:How do I add third party programs in default programs ?

Instead of going to "set your default programs" , go to "associate a file type or protocol with a program. Click on the file extension and just click change program.
Hope this helps.

more replies
Answer Match 47.04%

Hi

I downloaded Adobe Shockwave Player which is needed to view a file (.swf), and it appears in the control panel as an installed program. However, it does not appear as a default program when I am trying to use the "associate a file type or protocal with a specific program" even when I press the browse list. The program also does not appear when I "right click" the file itself and use the open command. The program also does not appear in the list of programs on the "All Progams: list when clicking the windows icon. So, can someone tell me how to get programs onto the default list....(Please, I have seen a number of threads that talk about how to "set" the default program which I am well aware of...I need to know how to get a program to be recognized and incoroporated as part of the list).
I have windows 7 64 bit .

Thanks for any help.
Linda

A:Add Programs to Default Programs List

Hello there, Linda.

I believe that you need to install "Adobe Shockwave Player" for viewing .swf content, not the Flash Player

Adobe - Adobe Shockwave Player

6 more replies
Answer Match 47.04%

I want to use different softwares as default softwares, but some are in portable mode and do not show up in

Control Panel\All Control Panel Items\Default Programs\Set Default Programs

I can see ''potplayer'' in the list, but I want to add ''nomacs'' to view my pictures, instead of ''windows photo viewer''. Nomacs do not show in the list of ''Set Default Programs'''. In nomacs, there is an options to make it the default program to show the picture, but I get an error:






Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

More replies
Answer Match 47.04%

I'm running Windows 7 and a few months back had to remove Snap.do and some other unwanted programs.  I managed to get them off, I beleive.  I'm not sure, but I beleive I had to delete some folders to get them off fully. Subsequent Superantispyware runs did not report any unwanted programs.
This morning Avast alerted me Snap.do was back.  I opened a browser and confirmed the home page was hijacked.  Avast said it could remove it for me and when I looked, the home page was back and Snap.do wasn't on my list of programs in control panel>prorams and features.
I ran malware bytes and nothing too bad was found.  I ran Superantispyware and it reported regcleaner pro, Advanced Sysrem Protector and AppsHat Mobile Apps were installed.  I let the Super antispyware try to remove them and also cleaned out some tracking cookies.  I cehcked programs and the 3 weren't there.  Re-running Super antispyware however keeps reporting they're in my system.
Any ideas?  Was my original removal not successful?  Can these apps hide?

A:spyware scanner found unwanted programs not listed in programs and features

Hello Splungee, this one is a bit tricky.Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

5 more replies
Answer Match 47.04%

I'm running Windows 7 and a few months back had to remove Snap.do and some other unwanted programs.  I managed to get them off, I beleive.  I'm not sure, but I beleive I had to delete some folders to get them off fully. Subsequent Superantispyware runs did not report any unwanted programs.
This morning Avast alerted me Snap.do was back.  I opened a browser and confirmed the home page was hijacked.  Avast said it could remove it for me and when I looked, the home page was back and Snap.do wasn't on my list of programs in control panel>prorams and features.
I ran malware bytes and nothing too bad was found.  I ran Superantispyware and it reported regcleaner pro, Advanced Sysrem Protector and AppsHat Mobile Apps were installed.  I let the Super antispyware try to remove them and also cleaned out some tracking cookies.  I cehcked programs and the 3 weren't there.  Re-running Super antispyware however keeps reporting they're in my system.
 
Boopme kindly walked me through the DDS process and I'm posting the logs
I did post on another help site before knowing the rule of no posting elsewhere.  I closed that thread, so please do not shut this down.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126
Run by Valued Customer at 20:40:49 on 2014-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8147.5962 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131... Read more

A:spyware scanner found unwanted programs not listed in programs and features II

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539247 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

10 more replies