Tech Problem Aggregator

# Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

Q: Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

Hi, my name's Katie and I'm having major virus/spyware,adware,malware removal issues! I

have a lot of different things going on here, and can't make any sense of it. I tried

following other people's solved threads, but they didn't solve my issues, so I guess I need

personalized help. I have Windows security running (well, I usually do when it's working

properly,) and I run Ad-Aware and Spybot regularly, but it appears that they cannot solve

my issue. Anyway, here's a list of things that have been happening to my computer since the

virus happened...

1. I KNOW the virus was contracted in AIM. An IM came in from a friend with only a link. It

didn't look suspicious to me, so I clicked it, and all of a sudden I had IMEd everyone in

them before My Computer's virtual memory ran out and crashed AIM on me.

2.When the computer starts up, sometimes a default background appears before the logon

screen with the user accounts appears.

3.After logon, the same thing in general happens every time. Spybot comes up with a bunch

of messages saying that there is a registry change to my homepage or something else

happening. I deny it, and it denies it over and over again to seemingly no avail. A .txt

file appears on the desktop. I have never opened this file, don't know what it is, and

delete it every time. My homepage is constantly being changed or almost changed. Then, an

error message appears. The window is labled "RUNDLL" and reads:"An exception occured when

trying to run C:\WINDOWS\system32\lhcmgr10.dll,DLLGetVersion." Also, something labled

"Project" tries to run every time I log on. Sometimes my theme changes and some icons or

programs are invisible; usually restarting remedies this.

4.Sometimes, I get favorites and icons added to my computer out of nowhere.

5.These programs called "Command Service" and "Network Monitor" are listed in my programs

and cannot be removed. They are shut down by Spybot when they try to run, at least that's

what the Spybot pop-up message tells me.

6.Once,while trying to browse the internet to solve this problem, my theme changed, then

the computer shut down. No idea what happened.

7.I semi-frequently lose my background. Annoying.

8.Having LOTS of pop-ups. They are overloading my virtual memory. VERY ANNOYING. They are

for the same websites every time; usually fake virus removal, personals ads,etc. I don't

even have to open Internet Explorer myself for them to appear.

9. Sometimes, my Ad-Aware files are "violated" and the definitions won't load and I can't

use it until I reboot.

10. Windows Security settings have been changed several times without any action on my

part. Sometimes I cannot turn on the firewall. Right now, it says it is on. This is

unpredictable.

11.I have opted to disable system restore until the virus is gone for fear of the problem

being restored.

12. Finally, sometimes I get this error message in a window labled "iedw.exe Application

Error" It reads: "The application failed to initialize properly (0xc0000142) click OK to

terminate"

I HAVE NO CLUE WHAT TO DO! Somebody, anybody who knows how to help me, please tell me what

I need to do. Thanks so much!

A: Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

16 more replies

Have being having lots of troubles. Installed a external hard drive and have being having troubles ever since - coincidence or not?
Computer froze up = would not load - had to do a PC recovery.
1.) MicroTrends popups
2.) Driviers for DVD/CD disabled - got them working again
3.) Norton Anti-Virus disabled
4.) Lot's of programs no longer working and needing to be reloaded. Others with missing DLL files etc.

Had troubles posting this thread - IE kept shutting down so now I am trying with Fire Fox.
I posted a similar post earlier - sorry I some how accidently clicked the Solved button - definately not Solved.

Here is the log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Owner at 22:00:57.89 on 08/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.524 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

A:Help! Lots of Troubles - Spyware/Malware/Virus?

2 more replies

I have been using AVG free for the most part and recently I have been receiving a message stating that:

Application cannot run due to an error while verifying its electronic certificate.

I have uninstalled and reinstalled AVG several times only to see the error message repeat the second I reinstall it. I even went so far as to completely wipe my hard drive, delete the partition using windows setup and reinstall Windows XP, only to find the same error message once I got Windows and AVG reinstalled. I am really afraid that there might be a Worm or a piece of malware on my computer that is attacking an anti-virus system file. I have tried a myriad of different anti-virus programs only to receive various different error messages telling me that their system files have been hijacked. Can someone please help me. Here is my hijack this log file:
Logfile of HijackThis v1.99.1
Scan saved at 12:58:48 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

More replies

A:Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

10 more replies

Hello All,

I'm experienceing problems running the internet. Each time I try connecting tho the Net, despite changing the default homepage which has been changed to c:\secure32.html I get a warning message about spyware

I have also run Spybot Search and Destroy and the Lavasoft Ad-ware and removed all of the critical objects.

Can someone please take a look at my Hijack Log and tell me what to delete?

Thank you very much for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:53:35 AM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\VOYETRA\AudioStation 32\VTray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\paytime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\winstall.exe
C:\Program Files\GetRight\getright.exe
D:\WINDOWS\system32\LSASS.EXE
C:\Program Files\GetRight\getright.exe

A:Solved: Lots of Internet Spyware Problems

16 more replies

Hi

I'm trying to fix my friends computer which has some trojan viruses and lots of spyware. I've ran superantispyware multiple times and AVG for viruses. the spyware and viruses keep reinstalling themselves on startup and I would really appreciate some help. I've included a copy of the hijack this log below and would be very grateful for any help. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:57 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\V2VuZHk\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

16 more replies

Below are all the notes I've been taking since I started diagnostics/repair on this computer. They're pretty detailed, but if you have any questions at all, feel free to ask. Also, I can't seem to figure out which motherboard is in the laptop. Dell is no help at all; I can't even talk to them without purchasing "premium service." Keep in mind that I can't boot to my OS, so downloading a program to identify the motherboard is out of the question. Thanks in advance for any help.

System Specs:

Model: Dell Studio 1735
BIOS Version: A04 (08/01/2008), there is an update to A05 (12/05/2008) on Dell's website
Processor: Intel Mobile Core 2 Duo @ 2.50GHz w/ 6MB cache
RAM: 4GB DDR2 SDRAM
OS: Windows Vista 32-bit is on the original HDD, but the new one (in it now) has nothing
HDD: Western Digital Scorpio Blue 320GB (WD3200BPVT), Original was a Western Digital 320GB (WD3200BEVT)
GPU: ATI Mobility Radeon HD 3650 w/ 256MB dedicated memory

Error Codes:

STOP: 0x0000006B (0xC0000102, 0x00000002, 0x0000000, 0x0000000)
STOP: 0x0000007B (0xF78D2524, 0x0000034, 0x00000000, 0x00000000)
Dell Diagnostics: 2000-0146

Problem:

Computer won&#8217;t finish loading OS. Would stay in an infinite loop at the Vista loading screen. Would POST properly for the most part. Sometimes took a while to POST (generally if I&#8217;d removed something such as the HDD previously). After running chkdsk (both /f and /r), system would POST and, after trying to load the ... Read more

A:Solved: Problem with HDD/Windows. Lots o' details!

Changing the Sata mode to ATA/IDE should indeed fix the 7B error.
If you do get XP installed you may have to search for drivers if the laptop was only shipped with Vista.
As long as the Network card works you should be able to get 7 on it I think but bear in mind you can't upgrade from XP to 7 it will have to be a clean install of 7.

3 more replies

Hi,

I sure need help  --- I do not know how to deal with viruses, trojans, spyware, etc.

My husband and I were traveling. We had to use public Wifi places to check our email on our laptop. when we got home and checked our email accounts on our laptops, we found some really weird looking email messages. I 'think' my husband opened one that had his name in the Subject line, but we deleted all he other ones that looked strange. We did not open those emails, just deleted them.

Now all 3 of our computers are doing really weird things. I have run scan after scan after scan, both downloaded one and online ones. Sometimes they find problems and fix them. sometimes the scans find nothing. Yet our problems just seem to be getting worse and worse. I DESPERATELY need a lot of help.

I know it would be very confusing to try to work on all 3 of our computers at once so maybe we can start with my husband's desktop computer.

I am currently running Avast on it and it has been running for hours. It is find TONS of things like these ----

"...is infected by win32:Funweb-K [Pup}"

"...is infected by JS: ScriptIP-inf [Trj}

etc, etc, etc.

I have very little knowledge of how to fix a computer problem and no idea what to do. And I have absolutely NO idea how our desktops became infected from our lap top.

Is anyone willing to help me? I know it is bad and will probably take a long time to fix, but I need help... Read more

A:Used public WiFi - LOTS and LOTS of problems now - Newbie needs help

CORRECTION to my post above -

When I said "when we got home and checked our email accounts on our laptops", i meant to say our deaktops, not laptops.We have 2 desktop computers and 1 laptop. They are all infected badly.

25 more replies

i need help, i can barely get on the internet, i have tons of pop-ups, and something called tagasaurus is on my computer, i put it in the recycle bin but of course i still need to get rid of the virus it seems to have brought. please help.

A:Solved: virus problems,something to do with tagasaurus, lots of pop ups

16 more replies

Hello, I was wondering if anyone could help me out, my computer has been dead for a long period of time, due to video card failure, so i just got it back up and running, ran a hijack this, and this is what iv'e found..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:34 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\dllhost.exeC:\Documents and Settings\justin\Local Settings\Application Data\CCP\EVE\c_program_files_ccp_eve_tranquility\cache\eveclassictopremiumpatch51200.exeC:\P... Read more

A:Infected By Lots Of Spyware/malware Xp

ofyjustin

Sorry for the delay. Could you post a fresh Hijackthis log please?

16 more replies

Ok, I have lots of XP problems:

Can't open My computer from the desktop, the computer just locks up whilst attempting to open it, showing me the animated torch, saying it is looking for files.

The computer is running really slow, locking up and crashing programs for no apparent reason.

Cant access the drop down box (shortcut key F4) in windows explorer/applications/anywhere.

Internet explorer refuses to do anything if I type a web address without the http:// into the address box. It worked before, but now it isn't for some reason.

Finally, when I restart windows, it locks up for anything up to 5 minutes when it comes back up. The windows bar with the start button on, when I pass my mouse over it, the pointer turns to an hourglass and I am unable to do anything unti it sorts itself out.

I have tried running several anti virus programs, including AVG, Mcafee and Norton. Only AVG came up with a virus, 'Dialler'. I cleared this and it didn't make any difference. I alos tried system restore from several points, but each time it told me that it was unable to restore.

If ANYONE can give me any help at all, I would be extremely grateful.

Yours,

Wayne Donnelly.

A:Lots and lots of XP problems - I'm tearing my hair out

6 more replies

------------------------- PANDA SCAN --------------------------

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I'm not seeing very much in those logs. Panda is showing mostly cookies.

This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
Click Exit on the Main m... Read more

1 more replies

Bitdefender Total Security 2011, Real Time Protection Disabled (WINDOWS XP >Says I have NO Anti-Virus) I really need help and I can't seem to find any. Its really making me sick..
Watch this
&#x202a;Bit Defender Total Security 2011 Real Time Protection Disabled&#x202c;&rlm; - YouTube

(This is all I know, and I DID A FRESH Install of my OS and formatted my pc well I did the Format then re-installed my OS then installed BD). That my good sir is when I hit a brick wall!!!

Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon XP
Thoroughbred 0.13um Technology
RAM
2.00 GB DDR @ 133MHz (2.5-2-2-6)
Motherboard
MICRO-STAR INTERNATIONAL CO., LTD MS-6390 (Socket A) 26 ?C
Graphics
COMPAQ FP7317 ([email protected])
S3 Graphics ProSavageDDR
Hard Drives
78GB Seagate ST380011A (PATA) 36 ?C
Optical Drives
HP DVD Writer 1040r USB Device
LITE-ON DVDRW SHW-160P6S
Audio
Realtek AC'97 Audio for VIA ? Audio Controller

Operating System
MS Windows XP Home 32-bit SP3
Windows Security Center
Windows Update
Schedule Frequency Every day
Schedule Time 3 am
Firewall
Firewall Enabled
Company Name BitDefender
Display Name BitDefender Firewall
Product Version 14.0.30.357
Antivirus
Antivirus Enabled
Company Name BitDefender
Display Name BitDefender Antivirus
Product Version 14.0.30.357
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $Da... Read more A:[SOLVED] Lots and lots of trouble with bitdefender and windows xp.. In Bit Defender, do a Live Update of your virus and software definitions. That should update you to the latest version. Or post to their forum, you will get a better response then in this general Microsoft Forum. or better yet, uninstall it and use Avast Free version and or Microsoft Security Essentials. 15 more replies Answer Match 92.4% The other day I got ahold of some spyware and its completely trashed my comp. I keep having my desktop changed to something saying I have a spyware problem, my homepage pops up as a spyware page, and I get nonstop spyware popups. Any help to get this thing clean would be greatly appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:38:06 PM, on 10/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE... Read more A:Lots of Spyware problems You have a MESS!!!!!! - Do ALL of the following Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : · Restart your computer · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; · Instead of Windows loading as normal, the Advanced Options Menu should appear; · Select the first option, to run Windows in Safe Mode, then press Enter. · Choose your usual account. · Open the extracted SDFix folder and double click RunThis.bat to start the script. · Type Y to begin the cleanup process. · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. · Press any Key and it will restart the PC. · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). · Finally paste the contents of the Report.txt back on the forum ===================== NOTE: If you have downloaded ComboFix previously please delete that ... Read more 2 more replies Answer Match 91.14% Hey, picked up a lot of bad things I believe. Symantic Antivirus detected but could not remove a load of issues such as: purityscan, vungotrojan, drivecleaner, and winfixer. I dont want to make the situation worse. I have included the hijackthis logfile and any help would be greatly appreciated. Logfile of HijackThis v1.99.1 Scan saved at 1:35:45 AM, on 5/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Progr... Read more A:Computer with lots of spyware problems..need help please Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. In the Files Created Within group click 30 days In the Files Modified Within group select 30 days In the File String Search group select Non-Microsoft Now click the Run Scan button on the toolbar. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please post the resulting log here as an attachment. 1 more replies Answer Match 91.14% Last week i started getting popups and my internet is running really slow. I have been trying everything to get rid of whatever is affecting my computer and nothing is working. I am also getting large fonts in AIM, AOL and IE.I dont know what to do!!! Here is my Hijackthis log: (I also sent it as an attachmnt)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:22:39 PM, on 7/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\DISC\DiscUpdateMgr.exeC:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exeC:\Program Files\Common Files\AOL\1147750439\ee\AOLSoftware.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\AGEIA Technologies\TrayIcon.exeC:\Program Files\Lexmark 5400 Series\lxctmon.exeC:&#... Read more A:Lots Of Problems--viruses And Spyware Hello xlostb4ux, Welcome to Bleeping Computer Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you. Thanks, tea 2 more replies Answer Match 90.72% I'm getting lots and lots of pop ups from IE not Mozilla. Here is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:32 AM, on 2/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE C:\WINDOWS\MXOALDR.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE C:\Program Fi... Read more A:Lots and Lots of Popups I think I have a virus Download SDFix and save it to your Desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re-enable the protection again afterwards before connecting to the Internet. Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Open the c:\SDFix folder and double click RunThis.cmd to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the remo... Read more 3 more replies Answer Match 90.3% Hi, My son (i'm using his account at his direction) has been a member for a while and has used these forums for lots of help; just wanted to say thank you in advance as he told me he was very impressed with the help that he has received in the past. With that said, my laptop his been acting very strange. I told my son I was having "issues" and he suggested that I start by getting malwarebytes anti-malware, run it, and go from there. I did as he told me and am still having problems. I'm having all kinds of obviously fake warnings pop up, one in particular is XP Internet Security (others include google searches being redirected and homepages being changed). I'm not sure if i'm posting in the right place (if not, sorry), but can you help? Where do I start and what do I need to do? Thank you again in advance Cathy A:Lots of Problems/Malware There is a detailed description of hor to remove your malware here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011 Neal 2 more replies Answer Match 90.3% I'm housesitting my dear old parents and I don't know what the heck they've done, but this computer is running slower than molasses. Programs take forever to open (AOL 5+ Mins), Internet explore takes forever to open, everything moves ridiculously sloowwwwwww. I've consulted this site before and had great success. I've included a hijack this logfile below. If you could help, I would really appreciate you helping these old-timers out. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:16:01 PM, on 4/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\iTu... Read more A:Lots of Problems...Not Sure if It's Malware Or What I don't see any anti-virus software running unless the SpySweeper is providing that. Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close any open browsers. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Under Additional Scans put a check in the box for Disabled MS Config Items Now click the Run Scan button on the toolbar. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Save that notepad file Please post the resulting log here as an attachment. Click on the blue Reply button scroll down to Manage Attachments Click in the box that says Upload File from your Computer Click the Browse... button and find the file then click open Click the Upload button Wait until you see Current Attachment and your file name Click on Close this window Then submit the reply. 1 more replies Answer Match 90.3% Logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:36:42 PM, on 10/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nusrmgr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\Media ... Read more A:Lots Of Problems, Popups, Trojans, Spyware Need Help Hi, Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible. 2 more replies Answer Match 89.88% Hello, Yesterday I download a file which I thought would install a simple free plugin for an audio program I use. It quickly turned out to be a virus. I happened to have my NOD32 virus scanner turned off (because of speed reasons for a videogame) but I quickly realised that I made a big mistake by installing it: it was malware. My PC immediately slowed down, got unresponsive and after 10 seconds or so I turned on NOD32 again. It immediately gave a notice that it was blocking things. 15 seconds later my whole PC froze. I rebooted but I kept getting a blue screen. Tried to get into safe mode... no luck either. Inserted my Windows XP CD, went to the recovery console to use the fixboot and fixmbr commands and repaired Windows via the CD. Now Windows boots again, so I have been running ESET NOD32 and MBAM to get rid of a lot of malware. However, it has become apparant that I keep getting malware files in my Temp folder, and no matter how many times I clean them, they keep coming back. There is definitely still a virus or malware on my PC. Also, the ESET firewall I have installed warned me that some obscure looking process wanted to access the internet (something like u2hf28fh348hg43.exe) which I obviously declined. My PC is defintely infected and I could really use some help! I would greatly appreciate it, thanks in advance Here is my HijackThis log, and I will also post an important part of my MBAM log. It was in Dutch, so I've translated the most certain important p... Read more A:Lots of malware and a virus Quick update, I don't really dare to go on the internet because those processes in my Temp map (that I can't get rid of) keep trying to access the internet. Looks like a virus that MBAM / NOD32 can't seem to delete 3 more replies Answer Match 89.88% All my browsers ares super slow, are there ads that jumping around all the time and also advertising text in all the sites the i visit, the name of the advertising is Awardhopspot, i look all around the web and nothing is helping. Excuse me for my bad English Here is my Comboofix Log ComboFix 13-12-04.01 - dioscaficho 04/12/2013 0:36.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.595.3082.18.8081.6077 [GMT -3:00] Running from: c:\users\dioscaficho\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dioscaficho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-11-04 to 2013-12-04 ))))))))))))))))))))))))))))))) . . 2013-12-04 03:41 . 2013-12-04 03:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-12-04 03:41 . 2013-12-04 03:41 &... Read more A:Awardhopspot: Virus Or Spyware? Lots of Ads in All My Browsers Hello dioscaficho I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more 10 more replies Answer Match 89.88% Ok well before I start off, I'd like to say that I have cleared the main annoyances of my problem. I registered here because I still think, however, that I am vulnerable to attacks. The firewall within Spy Sweeper is still picking up and blocking things. The problem I had before included many different trojans and spyware, that got wrapped into a single download my sister got. Apparently she doesn't know not to open 21kb .exe files... The precautions I've taken so far were as follows: 1. Turned off my internet, I knew a trojan would likely redownload itself until all of its virus and spyware files were removed. I put my internet back on when I thought this was the case. 2. Did a scan with AVG Anti-Virus Free, and it was unable to remove most of what it found... What remained, I was able to delete by finding manually with the help of the AVG logs. (Details about viruses will be below) 3. Did a scan with WebRoot Spy Sweeper, it found a lot of things and got rid of them. (Details about this will be below) 4. Found some IE plugins that didn't belong with the Spy Sweeper's Browser Helper Objects section and removed them. For the first time after doing that, I finally stopped having a hijacked homepage. Anyway, the problems were as follows: 1. Homepage was jacked by one of a million different "your pc is insecure" programs that tried to sell me on scams. This one took me to uptodateprotection(dot)com (don't want to make a link), as well as syssecurityp... Read more A:HJT Log and lots of details inside. It won't allow me to edit this so I'm just going to post. I have a quick update. I'm still experiencing every bit of the winlogon.exe errors, I've gotten what appears to be memory errors, a blue screen, and the send error report type errors when starting up the PC just now. Additionally, 2 more of the places my firewall has blocked are 216.80.7.64 and "OWNUSA(dot)INFO" (used caps). 4 more replies Answer Match 89.46% My laptop has been infected with several different types of malware over the past few weeks and I cannot get rid of any of it. Here are the symptoms: PC boots up as normal into Windows, then runs slowly. An error message comes up saying that Google Installer has encountered a problem and needs to close etc. I have tried to run Spybot - Search & Destroy but it will not actually run - Task Manager shows the process as running but nothing actually happens. I have also tried to install Malwarebytes Anti-Malware from the .exe on my desktop but again this will not install - the hour glass appears for a second then disappears. Here is the HJT log that I have just run: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:09, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C... Read more A:Lots of malware problems with laptop - please help! 7 more replies Answer Match 89.46% Ever since i was infected last year, it has been getting progressively worse, going from winantivirus pro to other things like jack9 just a few days ago. I've scanned with Spybot, spysweeper, ad-aware, symantec corporate edition, etc., but nothing works, so here is the hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 4:55:10 PM, on 4/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\{9CD3E346-0BB0-1033-0115-040322060001}\Update.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows NT\Accessories\wordpad.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\jess\LOCALS~1\Temp\Rar$EX00.687&... Read more

A:Lots Of Spyware And Adware Problems On My Comp, Maybe A Trojan Too -_-

First, make sure HijackThis is run from its own folder, so the backups it creates are secure. Backups allow the restoring of fixed entries when necessary.On the Desktop, right click an empty area, select New > Folder, and name the folder Hijack This. place the HijackThis.exe file in it, and then run the program from its own folder from now on... ~~~~Next, please download the following to the Desktop:VundoFix.exe* Double-click VundoFix.exe to run it* Click: Scan for Vundo * Once done scanning, click: Remove Vundo * A prompt asking if you want to remove the files appears, click: Yes * The Desktop goes blank as it starts removing Vundo. * When completed, a prompt to shutdown the computer appears, click OK * Turn the computer back on.A log is created and found in C:\vundofix.txt!~~~~Also download SmitfraudFix (by S!Ri) to the Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract the files to the Desktop A folder named SmitfraudFix is created. We will use this program later.~~~~Download SDFix and save it to the Desktop.Right click the SDFix.zip folder Select: Extract All to extract it to its own folder on the Desktop. Leave it there for now.~~~~Start > Run, and type in the following commands one at a time and hit Enter after each line:sc stop ?COM+ Messages?sc delete ?COM+ Messages?~~~~Next, run HijackThis, ScanCheck box for the following entries if still showing on the log:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - ... Read more

11 more replies

A few days ago i woke up, took laptop out of sleep mode, went to check email via MSN. It uses internet explorer to connect to the email client.

Anyway, a few seconds into reading my mail i got some pop-up's for illegal porn and whatnot. It was obviously some kind of hijack software.

Got HJK and ran a scan. There were a bunch of entrys in system32 that were just .dll's of random letters. Fixed a bunch of things that shouldnt have been there. However, there was one entry that would not go away. Every time i preform a new scan its there.

I found the .dll in my System32 folder. Cant be deleted because its running. Opened task manager and no obviously wrong processes are running. I went into safemode. Scanned with HJT, tried to remove, still there. Got Move-on-Boot program and told it to delete the file. Didnt delete it...

Now im back in normal mode and theres a second .dll now in System32 folder. Try and remove it, its gone. I decide to go to system32 and arrange files by date. I notice theres about 15 files from the same day, all random letters (obviously related to this problem). I delete them, one stays because its aparently associated with a running task.

Here is my most recent HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:54 AM, on 5/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:

More replies

I am currently accessing the internet in Safe Mode, my computer won't let me get on the normal way. I get a can't navigate message. The system runs slowly withtrojan warnings. I am somewhat knowledgeable about computers, but would need helping knowing what to do.

A:joke blue screen and lots of spyware problems

Hi

* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

1 more replies

Good Morning,
I am rehabbing a computer that was given to me and I've found a list of undesirable trojans on it - included below. I have attached the required scans. I'm hoping you can help me to save this old thing. I'm very grateful to you all.
I can only work on this computer weekdays.

System: (Dell)
Microsoft Win XP, Pro, V.2002, SP3
Intel(R) Pentium(R) 4 CPU 3.00GHz
2.99 GHz, 1.00 GB of RAM

Sophos Endpoint Security and Control; V9.5.

C:\Documents and Settings\All Users\Documents\myporno.avi.Ink
C:\Documents and Settings\All Users\Documents\pornmovs.Ink
Troj/FakeAV-DJP:
Troj/TDL3Mem-B, Troj/TDL3Mem-B, Troj/TDL3Mem-B Memory
W32/Autorun-BPE:
C:\Documents and Settings\All Users\Documents\setup201.fon
HIPS/FileMod-011
c:WINDOWS\Temp\1C5.tmp
Mal/AutoInf-A:
C:\Documents and Settings\All Users\Documents\autorun.inf
Mal/Behav-103: (All detected components of the virus/spyware Mal/Behav-103
C:\WINDOWS\Temp\ffpi\setup.exe

A:Lots of Trojans, Malware, Virus

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this ... Read more

10 more replies

Spyware galore, ultra pop ups. never got this thing to run right since we got it back from Geek Squad in September. This has been about a week, and I was trying to take care of it myself but am running out of options. Would someone be able to take a quick peek at the logs? Very appreciated.

Ran the HJT, DDS, and GMER:

ASUST, Desktop CM1730 series, Windows 7 Home Premium, Service pack 1, AMD Athlon II X2 220 2.80 GHz, 6.00GB memory, 64-bit Operating system Processor.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:35 AM, on 12/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pag... Read more

A:Lots and Lots of Spyware pop ups.

16 more replies

# AdwCleaner v3.215 - Report created 11/07/2014 at 19:10:31
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Rami-PC - RAMI
# Option : Clean
***** [ Services ] *****
Service Deleted : APNMCP
Service Deleted : BackupStack
***** [ Files / Folders ] *****
Folder Deleted : \SearchProtect
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\BerOwsae22savaee
Folder Deleted : C:\ProgramData\Searchh-NeWoTTab
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\SweetIM

A:lots of spyware/adware/virus' on teenage sons computer

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShortcutTarget: FastMediaConverter.lnk -> C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

4 more replies

I just moved back into my parent's house and my father has a Belkin N series router in the basement and I have a Windows XP PC on the second floor with a Linksys WMP110 Rangeplus wi-fi adapter.

Initially I had the PC on the lower level right next to the basement door and it worked great for the first night until I moved it upstairs and could get no signal whatsoever. After calling Belkin I realized that I am an idiot and while transporting the PC upstairs the card came loose so it wasn't plugged into the PCI slot all the way. Great start.

I plugged it in and left it on the second floor, reinstalled the software and it worked brilliantly. For a day. The next day I got home from work and found out I had lost my connection to the router and could not get it back. The software was stuck in a "acquiring network address" loop in which it would connect and disconnect over and over until I exited the program. I called up Linksys tech support and they had me downgrade to XP service pack 2 which I was not happy about. After that it still did not work so I called them back and they had me uninstall their software and walked me through setting the network up on windows zero configuration tool. It worked once again but once again only for a night.

I woke up the next day and the network connection icon said that I was still connected to the router but I couldn't load any webpages, use any IM clients, or anything else. I tried disabling the connection and re-enab... Read more

A:Terrible Wifi Connection -> lots of details :)

A) N isn't approved yet
B) Mixing brands for a non-approved standard is a bad idea
C)You yourself state that numerous people have problems with this adapter

That being said you can try a few things. Check for a firmware update for the router. If there are none then you might try using G only on both the router and the card, however this might significantly limit usable distance between the two.

2 more replies

I just finished cleaning my sisters' computer from various trojans, etc...atleast all of those I could find. I have scanned with Adaware, Spybot, AVG, and Bazooka, and installed Sygate firewall. I was wondering if there is anything that I should delete from my hijack this log? Thanks for the help!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:29:03 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Help\aolupd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe

A:Solved: Lots of spyware and trojans lately...

8 more replies

hi, i just found this board, so i decided to try it out.

at the start of the month, my computer got hit with a virus, so I had to reformat the drive. but after i did this, i found tons of adware and spyware on my computer, like drsmartload and look2me, among others, and i have no idea how it got there... I ran Mcafee, Ad-aware, Spybot, Avast! and Spyhunter, and got rid of most of the adware and spyware, but there's still some stuff left (i think), since i found programs like kybrdff_8, kybrdff_7, winde, nwmnff_7, which i never put there, and have no idea what they are. Also, when running Spyhunter, i found a trojan called Downloader Drev, but have no idea how to remove it. please help, as we need this for lots of official work... here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:46:01 AM, on 8/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

A:Solved: Help! lots of adware and spyware (i think)

16 more replies

hello i have down everything that i could find online to get rid of all my spyware but no matter what i run i keep finding more and my pc is really slow.I am running windows xp and i have 256mb ram which i know isnt alot but my pc is alot slower than normal.can somebody take a look at my log and see if there is something i can do?
Logfile of HijackThis v1.99.1
Scan saved at 5:31:49 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Documents and Settings\Owner\My Documents\winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

A:Solved: newbie that has tried everything lots of spyware

7 more replies

Ok, I'm just happy I was able to get onto this website. Just to start off, I have Windows Vista Home Premium. So basically, a day or two ago I started getting an error message saying that "Host Process for Windows Services has stopped working". When I clicked "Check online for solutions" it wouldn't connect me to the Internet and said the page couldn't be displayed every time I tried. I just clicked ok and everything was fine, a little slow, but fine. But yesterday, everything fell apart. I don't know if any of this is related, but here's what has happened:-My computer was really slow yesteday morning and still today. When I tried to type stuff (particularly on the Internet), only a few letters show up because it's really lagging I guess and I have to type Sooooo SLOOOWLY-I started getting the host error message and my computer kept freezing-After the message, my computer goes black and my taskbar at the bottom of the screen gets weird and now it looks different. It looks older and its white and the time doesn't display. It also sometimes disappears completely until I restart. My internet is the same -- it looks like an older version-Most annoying problem: When I go on the internet, random ads pop up in the middle of me doing something (this never happens -- my computer has so much anti-virus stuff and anti-spyware, I've never had a problem! My dad's a computer guy so he keeps it up-to-date. I know I should as... Read more

A:Lots of Problems that May be Related to a Host Error or Maybe Malware?

1 more replies

hello, hi, good morning, afternoon, evening what ever time you see this

not really sure where to go here and get the correct help i ran a hijack this log, and they are in the process of creating an update and don't have enough time to help everyone because of it, so they have redirected most to your site for help.

david c welch

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/23/2014
Scan Time: 5:43:37 AM
Logfile: scan.txt

Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369341
Time Elapsed: 4 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 9
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36]... Read more

1 more replies

Hi. A friends computer is infected with what appears to be a trojan hijacker. The browser is always redirecting to odd sites and there are popups for walmart sweepstakes and such. The big problem is that I tried from that specific computer to post on here with the hijack this log and such, but every time I would hit the post button I got a IE connection error and it wouldn't send. Is there anything anyone can suggest to help in this situation? Thanks so much!

More replies

I've read a number of threads on this site, and I'm a believer. I've got a handful of adware/spyware issues going on right now, many of them similar to some of the problems others have had. I'm sure some of them are related to a single file...but possibly there's multiple issues that need to be cleaned up. I've got the Security Toolbar in IE, as well as the pop-ups for spyworm.win32, and pop-ups from savetheinformation.com. Also, warnings for the [email protected] virus and the yellow triangle with the incessant warnings. I've also got something overriding my cookie handling (I have it set to "always prompt" but keep finding it being reset to "always accept"), so maybe you'll be able to help me out with that too. Here comes the Hijackthis log. I look forward to seeing you guys work your magic. I'm running XP. Thanks a million in advance.

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:46 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe

12 more replies

On a post I made a few days ago, I described that my computer has been progressively getting worse--I will be on the internet and then out of no where, I will get an Internet Explorer error and have to close the internet. after that, I will be able to open internet right back up and then again, a few minutes to sometimes an hour later, it will have an error again. now new major problems that just developed yesterday or the day before are spylocked stuff on my comp. and a lot of pop-ups saying that i have a ton of spyware and viruses. viruses that Trend Micro PC-cillin 2007 have quarantined are the following: isamini.exe, A0041188.exe, ISAMINI.exe, A0041250, A0042214.exe. I also get a system alert message at the bottom of my screen by the clock that says my internet has been slowed down by 39% and all this stuff, but I don't know if it is real or a virus itself. here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:44 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE

A:Solved: spylocked and lots of spyware/viruses!

6 more replies

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz, x86 Family 15 Model 2 Stepping 4
Processor Count: 1
RAM: 1022 Mb
Graphics Card: NVIDIA GeForce4 Ti 4200 (Microsoft Corporation), 128 Mb
Hard Drives: C: Total - 39997 MB, Free - 27639 MB; D: Total - 36310 MB, Free - 27077 MB; E: Total - 76316 MB, Free - 57488 MB;
Motherboard: Intel Corporation , D845GBV , AAA84538-301 , ABBV23838216
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled
Have been using Zone alarm, but may go to Comodo

I use primarily Firefox and keep current with updates. I try to scan my computer, a desktop put together for me by a family member, once a week. They installed McAfee Professional, but the rest is free stuff: SpyBot Search and Destroy, Malwarebytes Anti-Malware, SUPERAntispyware, Defraggler ( at least once a month ), No Script, Abine, and similar - all freeware. Oh yes, CCleaner. They do not seem to interfere with each other.

The problems are this. I have several Firefox Extensions and I think some of these are causing trouble. I ran Firefox in safe mode after disabling all extensions. This helped, but I think there may be Profile problems, too. I've had trouble getting good directions for fixing that. Mozilla is crashing a lot. Running in safe mode is much better, but it still crashes or turns white.

Plus, I'm starting to have tro... Read more

More replies

I'm helping my sister to fix her computer:
1) It has an error message when it's turn on
"ViewMgr has encountered a problem and needs to close"
2) The the computer detected a new hardware called "SM Bus Controller"
but my sister said she got no new hardware. She is using a Wacom Pen Tablet but I don't think that's that...
3) AVG is unable to get update from the internet
5) her computer will not go to any website including this one! I downloaded superantispyware and saved that in USB and tried to installed that in her computer but it also encounter error.
6) All she can do now is to check her gmail. Sometimes google might work but when she tried to click the links it pops up something else.

I ran lavasoft ad-ware but doesn't help.

Thank god I was able to install hijackthink from a USB. Here is the log:
Thanks so much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:55 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Devic... Read more

A:Computer has lots of problems, must be a virus! Help

3 more replies

Got infected with Downloader a few months ago and thought I cleared it up and this past Sat when viewing friend's pics on myspace, suddenly bombarded with popups and drastic slowdown of pc, found WinAntiVirusPro (promptly deleted) but there could be more and I don't know enough and want to be sure I clear everything up correctly. I hope someone can help. Here's my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:58 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

A:Solved: WinAntivirusPro- lots of popups - possibly more spyware

7 more replies

my laptop has been running unusually slowly lately and has been freezing up multiple times when browsing the internet. my school provides mcafee as a virus scanner and malware blocker, but when i ran a full scan, nothing came up. i followed the instructions followed here, and when i ran pandascan it found a virus (trj/downloader.coy) as well as multiple other adware. i'd really appreciate if this could be solved, and perhaps advised on what's wrong with my current virus scanner? i should probably alert my school about this.

hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 09:18:50 AM, on 12/29/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

A:lots of slowness, virus scan problems?

bump :(

3 more replies

My son's computer is driving me mad - he keeps getting error messages referring to Kernel32.dll and lots of virus alerts from the McAfee(V8 - last Dat file 16/03/05). The last file to be infected was: C:\windows\temporary internet files\ Content IE5\LFFJPXWE\Display(1).htm, the virus was JS/Nezew.
The PC is running on Windows ME and constantly hangs. He can connect to the internet via our home network as my PC (Win XP) is the gateway. I use mine for work and although I haven't seen any problems yet I'm worried that anything he's inherited will eventually come across the network. Does anyone know where I can start? Any help would be much appreciated.
Thanks
Andy

His analyser log file reads as follows:

Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05

***Security Programs Detected***

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

A:Kernel32.dll problems and lots of virus alerts

Hi andyrose, and welcome to TSF.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Unfortunately you have the se.dll infection. It is important that we attack this infection first as it has a 'spawner file' that regenerates the se.dll file after a few reboots or days.

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

We need both the StartDreck log and the new HJT log. G'luck.

8 more replies

spybot
spyblaster
script defender
ewido
can't get the norton to work I want to uninstall it, my friend didn't ativate it in time so I am goiing to have to call and get some stuff done but I would really appreciate someone reading this log for me. I will watch for an answer, Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:04:30 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~4\NORTON~3\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe

A:Solved: Windows XP HOME SP2-HJT LOG HAD LOTS OF ADWARE-SPYWARE GETTING IT CLEAN CAN SOMEONE R

16 more replies

dell inspiron 6000
running xp pro
here is HiJackthis list
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:20 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

More replies

Hi all,

I need some help fixing my computer and getting rid of a malware/spyware/trojan/virus.

When I start my computer I see lots of IEXPLORE.EXE process being run (by the user) under the processes in task bar.

Then i also see cmd.exe using 99% of my CPU.

i have attached the HijackThis log and the ComboFix log with this.

Thanks
Kamal

**********HIJACKTHIS LOG**********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:25 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

A:lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Hello,

ComboFix is frequently updated.

This machine does not have the Windows XP Recovery Console installed.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

---------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

* IMPORTANT !!! Place combofix.exe on your Desktop

Go to Microsoft's website => http://support.microsoft.com/kb/310994

For you, it would be:

Microsoft Windows XP Professional Service Pack 2

1 more replies

Hi!
Have used BC over the years, and always found you guys to be extremely helpful, knowledgeable, and efficient.  Always happy to recommend you to others. Uninstalle the ASPCA we-care virus with revo uninstaller.

My Norton is down, I know; my dad gave me the box with his Norton, but the code was cut out.  Working on getting Norton up and running again.
I paste dds and attach the attach, as requested.
---Mark Miner

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by mark miner at 13:35:13 on 2014-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2934.1428 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe

A:slow; lots of "program not responding,"lots of "this page can not be displayed."

10 more replies

Hello everyone

I've been getting this error again and again, and my computer is hungup or BSOD after awail...

Do you know what can I do to fix it? Or what the problem is??
Thank you!!

Asrock X58 Supercomputer bios 3.10
i7 920 (bloomfield) @2.67ghz -1.128vol.
Corsair 12GB (6X2GB) @1333
1st PCIE - Nvidia GeForce 9800GT
2nd PCIE - Nvidia GeForce 9500GT
3rd PCIE - Nvidia GeForce 8800GS
4th PCIE - Nvidia GeForce 8800GS

RAid5 4X 500GB Seagate ST3500410AS
1X 500GB WD500AAKS
TSST Corp CDDVDW SH-S203p

Realtek PCI-e GBE (onboard)
Realtek PCI GBE (1st PCI)

==========================================================================================
if the 2nd onboard Realtek Pcie gbe is Active I get this error
Driver PCI returned invalid ID for a child device (01000000684CE00000)
and after a will I get BSOD

The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800d488038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\071410-48359-01.dmp. Report Id: 071410-48359-01.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>

A:Lots of BSOD & Hungup - Lots of Event17 WHEA-Logger

Hi,

Btw, have you seriously got 4 graphics cards in your computer!

Regards,
Reventon

3 more replies

Using windows XP, normally used by my 11 year old. Macafee showed up malware.u files and quarantined them. I installed Spysweeper which found infected files and quarantined them. Also downloaded trial Spydoctor which found 102 more infected, can't quarantine as only trial version. I've saved the Spysweeper and Spydoctor logs if you want them. Computer is soooo slow and takes forever, keeps showing as windows virtual memory low! Internet is all over the place and e-mail not loading to outlook express although I can retrieve on the web eventually. really worried about the elevated and high risk files Spydoctor found but I don't know what are important files or not, not very up on all of this, so your help would be greatly appreciated. I've uninstalled limewire and AOL as not used. HEEEELP!!!

A:Solved: lots of malware.u and other infected files

14 more replies

Ok, Here goes...

I have a windows XP Home computer which i got about mid 2006 and basically ever since I got it I have been having problems starting up. It originally worked properly for a few months then the problems began.....

First it would not do anything whilst on the windows loading screen (progress bar etc worked but it got stuck on that screen and wouldn't advance), the HDD light would blink for a while and then it would just sit there. Usually i would restart until quite a while later I discovered that if i left it for long enough (about 5-10 minutes) it would eventually load. I have also performed several reformats in this time and the problem would disappear for a while then show its ugly face again. It wouldn't do this every time but a large majority of the time it would.

Now however, it does not do this, instead, it would go through the loading screen, finish that, and the screen would go blank (no signal detected etc) and then it wouldn't do anything at all, I have left it sitting there for about an hour once to see if eventually would work but it didn't. So to fix this I have to restart the computer and it would come up with the screen asking me if i want to use safe mode and usually i would either choose the Last known good configuration or start up windows normally, occasionally i would go in safe mode and restart from there and it would usually work but not always. I usually have to repeat this process several times for it to work. Whi... Read more

A:Lots and lots of problems which I cant seem to fix.

7 more replies

Can anyone help? I feel bad I messed up a friends computer

Logfile of HijackThis v1.97.7
Scan saved at 12:15:58 AM, on 10/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HAVIDC.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\MY DAILY HOROSCOPE\MYDAILYHOROSCOPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no... Read more

A:lots and lots of problems...

That's not so bad, elf. I would check it for a virus though at Trend Micro.
Also, will not address WeatherBug or Daily Horoscope here, but they can cause other spyware issues and probably should be uninstalled.

Let's see what we can do......

below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure
that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Hopefully Adaware has removed some entries for you already. So if you see that something doesn't exist anymore, Adaware probably
fixed/deleted it already. Just continue on with the other fixes/deletions.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click
Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\SYSTEM\HAVIDC.EXE <<<If you recognize this file, then ignore instruction.

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E1... Read more

1 more replies

Two days ago I began to be redirected to advertisements when clicking on links from google search. I discovered this was the Google redirect virus and ran a Malwarebytes scan. The malwarebytes scan came up with one infected item, a Happili Trojan. I removed the Trojan with malwarebytes and thought that would be the end of my issues. Please note im just a regular Joe and not a tech guy at all. After the removal of the trojan I continued to be redirected on google searches. I get a redirect once every five or so searches.

I have scanned my system with Rkill, Kasperkys virus removal tool, TDSskilller, and malwarebytes both in and out of safemode. None of these have been able to detect anything, however my problem persists. Also, since I was infected I get a message about a missing .dll whenever I turn my computer on. The message is:

There was a problem starting
C:\users\owner\AppData\Local\CPN\Chromium\puozlkmyj.dll
The specified module could not be found.

I am on a laptop running off of wifi internet. Several times since the infection my laptop has refused to connect to the internet for short periods of time (5-10 mins). This isn't a internet problem because my roommates laptop is connected while mine is faltering.

Like I said I am by no means a tech guy, but the guy I live with is good with computers and tried to help me by using the virus removal programs I listed but in the end he could not figure out why they were coming up empty... Read more

A:Google Redirect Virus, missing .dll, lots of problems.

15 more replies

Im getting a rediculous amount of popups!Logfile of HijackThis v1.99.1Scan saved at 12:05:58 AM, on 20/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\COMMON~... Read more

A:Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

4 more replies

since a week I have been getting the following spybot alerts whenever I boot up my computer. I keep denying the change, but not sure what to make of it. I don't think it's any good.

Spybot Search & Destroy
Category: winlogon
change: value deleted
entry: Shell
old data: c:\recycler\s-1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windoes\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe
new data: (blank)

Spybot Search & Destroy
Category: Winlogon
Change: Value Change
Old data: c:\recycler\s-1-5-21-0644449550-9642043494-812783143-2613\pv8g67.exe
New data: C:\RECYCLER\S-1-5-21-9516793152-0396749843-580062649-1820\pv8g67.exe

Spybot Search & Destroy
Category: System Statup user entry
Entry: qplsec
Old data: (blank)
New data: c:\windows\system32\qwmmmse.exe

Spybot Search & Destroy
Category: Winlogon
Change: value changed
Entry: Shell
old data: c:\recycler\s\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32,velplsme.exe
new data: c:\recycler\s-1-5-21-9516793152-0396793152-0396749842-580062649-1820\yv8g67.exe, c:\reclycler\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe

Spybot Search & Destroy
Category: winlogon

A:Spybot is detecting changes in Winlogon, lots and lots of blacklist pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:37 AM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NAVCOLR.EXE

1 more replies

Summary:

Lots of errors in Windows XP immediately after fresh install following a format.

PC Spec

AMD Athlon 3200+ XP
Radeon x800 XT PE VPU 256 mb
1024mb DDR 400 3200 RAM
2x 160gb HDD, 7200 rpm blah blah
Audigy 2 ZS Sound Card, Creative SB
Wireless Internet Connection (D-Link Wireless Router, 2.2mbps connection)
2x Optical Drives, DVDRW 4x, CDRW 50x

Problems Encountered

1) Windows Installation : Various files cannot be copied and/or not copied correctly. Giving blue screen of [enter] retry, [esc] skip or F3 to abort installation. Files constantly failing to copy : cyycoins or something, lots of .chm files, too many to mention. Curious thing is, same problems for both optical drives and both HDDs, varying both for many installations.

Eventually I held down [enter] and the files went in, well some didn't but Windows booted fine.

2) Warhammer Dawn of War : Winter Assault. wh40k.cab is corrupt. Changed optical drives during installtion, installed fine. Could be hardware issue with my cdrom?

3) Same game, when playing will crash to desktop. No error message sometimes, no indication of crash (no freezing or warning sounds or stuttering, just flat out BOOM, .exe gone. Sometimes error message appears to send error report, sometimes doesn't. Occurs while under load (heavy gameplay) and while idle (like leaving it in menu for ages. Go away to get food, come back game gone, only desktop)
I thought this could again be CDROM issue, with the copy protection not keeping th... Read more

A:Lots and lots of XP errors : Random program crashes etc etc.... >:Â¦

6 more replies

Hi,
Before I post my problem, I would like to thank everyone who pitches in here to help people affected by these spyware.

Problem: IE / Firefox slows down. Clicking on google waits for ever. Spybot finds a vundu in the scan. It is able to remove it but then next time it finds it again so removal is not permanent. One thing that I would also like to mention is that killing the explorer.exe ( not the IE) makes the system work like normal.

Hijack this log: ( also attaching it)
==========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:42 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe

A:Solved: explorer.exe affected by Vundu. Spyware Attack. Lots of popups

8 more replies

Hello,

I am running Windows XP, on an emachine. I only use Firefox, BUT the other day I had to access an IE accessible only program (webinar) which required ActiveX plug in and now my system is infected.

If there is a notepad log access in AVG I do not see it, so I will summarize. All but one of them on these files: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{each has a different NUMBER/LETTER STRING}. There are several but some are trojan.virtumonde, Trojan,Delf.nj, Trojan.bomka, Trojan.Goldun.u and many more.

The other one is: C:\Documents and Settings\Olga\Local Settings\Temp\comver.dll which is Adware Generic2.zsp

AVG has put them all into the virus vault, but every time I scan there seem to be new ones. I would like to permanently remove them.

Also I ran a scan (post AVG quarantine) with Super AntiSpyware and here is the log file for that: (as well as the HIJACK log file below that)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/22/2008 at 02:57 AM

Application Version : 4.1.1046

Core Rules Database Version : 3466
Trace Rules Database Version: 1457

Scan type : Complete Scan
Total Scan Time : 01:14:02

Memory items scanned : 366
Memory threats detected : 0
Registry items scanned : 3624
Registry threats detected : 0
File items scanned : 42545
File threats detected : 25

A:Solved: AVG Found lots of Malware with Trojans--HELP TO REMOVE!

8 more replies

Hi

I have experienced another problem, I also cannot seem to get into regedit it pops up but is all greyed out so I cannot edit please help . ,also keep getting message lsass.exe encountered serious problem , system will shut down status code 107374189..and then am redirected to Spyware sheriff.com , I wrote these guys an email then they sent me a link to correct and it goes there but page is blank . Geesh , See Hijack This log below Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:33:54 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Sec... Read more

A:Solved: Solved: Lots of weird stuff spyware cannot remove

11 more replies

could someone please take a look at this much appreciated

thanks pam

C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\hjt\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Gexus - {426F81A5-0B8C-4948-8115-11606FD3F389} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0... Read more

A:Solved: hjt log i have lots of problems

10 more replies

I have recently purchased a new computer and almost as soon as I got on the computer, I received numerous errors, spyware, trojans, and virus messages from McAfee and ewido, and critical system errors in the system tray. I have tried numerous times myself to remove the problems but they continue to arise. It seems as soon as I think i have the problem fixed, a new one comes along with the old. Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:02:17 AM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE

A:Solved: Lots of Problems

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies

OK, this computer I'm on has absolutely no protection whatsoever, so I am trying to get rid of all the bad stuff. Here's the hijackthis logfile. And thanks for the help!!

Logfile of HijackThis v1.99.1
Scan saved at 9:49:31 AM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by18fd.bay18.hotmail.msn.com/cgi-bin/HoTMaiL

A:Solved: LOTS of problems!!

16 more replies

my computer recently has been extremly slow and i am pretty sure that its virus/spyware/trojans...im not really that great with comps so if n e 1 could help me plzzzz...i ran hijack this and this is my thingy...

Logfile of HijackThis v1.99.1
Scan saved at 11:11:27 PM, on 7/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

A:Solved: Help Me Lots Of Problems!!

16 more replies

Ok, this afternoon my PC started acting really strangely. Firstly, I got alot of pop up windows in IE (which is strange because I use firefox), mainly they were to do with security programs. I closed them all, a little confused. Next thing I know, my current firefox window got redirected to the following URL...

http://89.188.16.13/trafc-2/rfe.php?...en&affid=66973

It was a blank page....but that was in the address bar.

I was then in My Computer, browsing my C: Drive and Windows Explorer closed down (I lost my taskbar and icons on my desktop).

Restarted the computer...

When it starts up I have a small icon in my tray warning me about Security issues - i've never had this icon before...

Anyways, I come on here to see how to solve my problems!

I ran ad-aware, cleared up everything I could on there. Ran AVG Anti-Virus - again clearing everything. Ran an online test at panda (i'll put the log below). Ran Spybot and cleared everything. Restarted in safe mode and ran spybot again. Cleared. Ran sybot again and there was one that was still there - "Smitfraud -c". I ran it again and it still turned up again. Anyways, restarted my PC in normal mode and did a HJT log.

My pc has these problems maybe every 30 mins or so on average. Just a note, after messing around in safe mode and running spybot I no longer have the icon in the system tray but im still getting pop ups in IE and stuff...

Hope you can help

ONLINE SCAN:

Incident Status Location

A:Solved: HJT log...lots of problems....

6 more replies

I did the following in (A) then the results happened in (B) which I need help with.

(A)
Click Start - Run, then type in %temp% and then click OK.

Click Start - Run, then type in c:\windows\temp and then click OK.
I deleted nearly everything in these temp folders.

(B)

At Desktop:
-can not open folders
-can open some Aps from here, some I can not
-can open Word + Excel files
-can move most files from desktop into folders on desktop

At Start: Can not open:
-my computer
-my documents
-other programs on left

From Start / All Programs:
Can not start any program when clicked

At Start Run:
Did chkdsk and ran til RAM ran out. Screen turned blue.

A:[SOLVED] Lots of Aps Problems. Help.

Hi brookbend,

If you're able, boot up and then go to START>ACCESSORIES>COMMAND PROMPT and type in "sfc /scannow" (no quotation marks). After that, repeat the process except type in "chkdsk c: /r" (again, no quotation marks and ensure there is a space between c: and /r).

Good day!

17 more replies

Logfile of HijackThis v1.99.1
Scan saved at 11:41:29 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe

A:Solved: lots of problems. need help

Hi, Welcome to TSG!!

Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Post a new HJT log with that version.

ALSO Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.

1 more replies

Firstly, I just bought an eMachine from a local PC Doctor since my previous desktop motherboard is fried. The guy at the store transferred everything to the eMachine, but when I connected it to my router it couldn't find my home network. It says that there is an internet connection, but it is not connecting to the internet.

I thought it was because my Linksys Home Network control wasn't installed that it wasn't finding the network. I disconnected the router and plugged my computer directly into the modem, but nothing changed. I went to my other desktop in my bedroom, but now it won't connect to the internet. It says that it is connected to my home network, but it says there's no internet connection. However, this Laptop I am currently typing on AND my iPod Touch are connected to the same network and are on the internet. The router and modem says that there is an internet connection, wireless signal and that all the computers are connected. I have no idea what to do because I can't find the disc for the router and the PC Doctor store is closed tonight and I am not sure the issue lies with my internet connection so I doubt that Comcast could really help.

PS. The router is a Linksys WRT54GS.

A:Solved: Lots of problems

10 more replies

Hi there, I have run across a few issues on my PC (XP) and I am hoping you can help get things back on track. I have run a HJT log and Panda Active Scan and am including the logs below. Any help you could offer would be great!

Thanks.

HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 7:33:23 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Solved: Lots of problems

16 more replies

There are quite a lot of problems with my system and many things i want to ask.

I have an AMD Duron 1800+ CPU with 1200 MHZ processor speed. I have 256 MB DDR RAM.I have both

Windows ME and Windows XP on my system. I used windows ME to play games and use Windows XP to use

the internet. Will this cause any problems for my system....like making it slow? Also, i have an

antivirus installed only in Windows Xp. DO i need to install one in Windows ME too?

Secondly, my internet is very slow as compared to before. I use a dialup connection. The pages in

IE load very slowly. I have run Ad-aware and Spybot S&D both of which have the latest updates

installed. I am pasting my hijackthis log below this message. Lots of times, when a webpage is

loading, the green progress indicator in the bottom is filled up, but the page doesnt come up.

SOmetimes the page comes after a while or it doesnt come at all and i have to resfresh. SOmetimes

the progress bar remains stationary mid-way and doesnt move at all.

Thirdly, signing in to MSN Messenger takes a long time. And lots of times i get error messages

saying that there is a problem with the internet connection. I havent fiddled with the settings or anything.

Fourthly, when i click on chat in Yahoo messenger, sometimes the chat rooms dont load.Or it takes

a very long time to load, like around 2 - 3 minutes Why does this happen?

Fifthly, I ran Disk Defragmenter on Drive E:. There was 34% free space on the drive. But aft... Read more

12 more replies

Ive been given a computer to sort out that seems to have a few virus/trojan problems. Ive tried to install malawarebytes but it wont get past the run page, it took a while just to get hijackthis to install. Pages will redirect or the computer will freeze up totally.Music and adverts play in the background even when the net isnt on.Could you have a look for me and see if you can help, thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:04:30, on 17/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\DCPFLICS\DCPFLICS.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\Explorer.EXEC:\Program Files�... Read more

A:Lots of problems in AVG virus vault, wont let programs install.

Ive managed to run malware bytes finally and just wanted to post a fresh hijackthis log as i have no access to the computer for a few days, if you could just check that everything has gone for me i would be very gratefull, thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:03:42, on 20/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DCPFLICS\DCPFLICS.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:�... Read more

16 more replies

I thought this started by opening a link on a news site, but I'm not sure now where it came from. Quick rundown- Was on wifi at work and noticed my computer became VERY slow. After numerous scans with MBAM and SAS, I found quite a few trojans, but even though all programs showed they were destroyed, the problem still continues. I posted a new thread in BC, and had some suggestions, but I'm still infected. Last night, I noticed that my AVG was turned off and I couldn't get it turned back on. Also, any Windows security program was turned off, including Windows Firewall, and I couldn't get it to come back on. I was able to download Avira and Comodo Firewall, but I'm still having issues. Here are the three results after the recommended scans.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by DylanBorns at 22:11:06 on 2011-12-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.452 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch

A:I have a root virus that is making my computer very slow; lots of problems

Here is the GMER result-

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 05:38:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2120BH_PL rev.892C
Running: 4u70sv8r.exe; Driver: C:\Users\DYLANB~1\AppData\Local\Temp\uxrdypod.sys
---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\DYLANB~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1032] USER32.dll!SetWindowLongA 7645E7CD 5 Bytes JMP 6E61C350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1032] USER32.dll!SetWindowLongW 764613B4 5 Bytes JMP 6E61C2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1032] USER32.dll!GetWindowInfo 7646428E 5 Bytes JMP 6E3CE363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

9 more replies

Never Mind.

More replies

PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
THNK YOU VERY VERY MUCH!
Logfile of HijackThis v1.97.3
Scan saved at 19:54:12, on 14/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
C:\Archivos de programa\Winamp\Winampa.exe
C:\ARCHIV~1\NORTON~1\navapw32.exe
C:\Archivos de programa\rb32\rb32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Orbit\update.exe
C:\Archivos de programa\Orbit\view.exe
C:\WINDOWS\webassist.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\rundll16.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe

A:Help PLEASE my computer is slow and i get lots and lots of popups

13 more replies

So recently, I had decided to format my hard drive to upgrade to windows 7 ultimate. Everything went fine, the setup was good, and so was installing my graphics drivers as well as my wireless adapter driver. However, as soon as I got to installing the drivers for my USB 3.0 port (Sabrant CP model), things started getting messed up. I connected my USB wireless adapter to the 3.0 port, and it recognized the USB, however, it didn't display any connections. The USB works fine, as I have tested my D-Link N150 Pico wireless adapter on another computer, and it was able to get to the internet. Not only that, but when I restarted my computer, I had to go and choose which hard drive to boot from. When I did, it told me to select between two different versions of windows 7. One last thing; when I went into my device manager, I clicked on my PC, and it had a caution symbol next to it. When I troubleshooted it, it told me that my USB controller drivers haven't been installed. I really dont know what this means. I'd really appreciate it if someone could help as soon as possible. Also, I dont know much computer jargon, so please keep it easy to explain. Thanks!

A:Solved: New Comp, lots of problems

10 more replies

Ok, first off I tried to use the SysInfo to get info on my computer through this site and this is what I got:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version:
Processor:
Processor Count:
RAM:
Graphics Card:
Hard Drives:
Motherboard:
Antivirus: None
I went to my system for info and am being shown that the info for my RAM and Processor is not available. I believe that I have 2gig RAM and the Processor is AMD Turion X2 Dual Core Mobile RM-72 which I found under Device Manager.
Now that that is settled, let me get to my problem(s). Computer starts slow, but with no problem. Once it loads and tries to start programs, I get a message that says: "This application has failed to start because wbemcomn.dll was not found. Re-installing the application may fix this problem". I have re-installed the numerous programs that I get this message with and still nothing. Even when I open up my device manager, I get the same message. Next problem, while streaming movies (NetFlix) or clips say from youtube or the such, the vidoe will start to stutter, but the sound continues on and that may continue for a minute up to two or three. Those two are my main concerns right now. If I can get those fixed I would be happy. I am running Avira Anti-virus, Spybot Search and Destroy, and SuperAntiSpyware. I have done complete scans on my hard drive and on my externals to ensure that I do not have any viruses. As far as the programs say, my computer is clean. Please help me if ... Read more

A:Solved: Lots of problems with my computer

8 more replies

Can you help me with this highjack log? also following the log are somemore questions I need answered if it is alright. This is for XP Home edition here is the log(hope I find you flrman1)

Logfile of HijackThis v1.98.0
Scan saved at 12:09:17 PM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Isass.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\TEMP\HIJACKTH.EXE

16 more replies

Okay, my brother had a bad virus, that one that basically hoses you up so bad, you need to try to reinstall Windows XP, but when you do that, it gets *almost* done, and then says it was unable to format the drive, the drive is bad or not connected properly - and had to replace the whole hard drive. I didn't know for sure that it was malware that did it until I talked to someone else who got the SAME problem and the same result, around the same time frame....

So, he got the computer back, the techs gave him a whole new hard drive, reinstalled XP for him, and all updates. They even installed Adaware and Spybot S&D for him too, which was nice

About a week after he got it back, he tells me he's having problems. I run the Adaware and SS&D, and find out he's got bugs all over the place. I clean them up as best I can, and install Sygate Personal Firewall on the machine and show him how to use it. (I researched how XP's firewall works, it's almost useless!) One in particular was sucking up all his bandwidth, an advertising downloader that was masquerading the downloads as Windows Updates on the system tray, but the new firewall put a stop to that...

5 days later, he says he's having problems again. I check it out, and the firewall was mysteriously disabled. I had to uninstall and then reinstall it. I ran the virus tools, and again the pc is crawling with malware. coolwebsearch showed up, so I loaded CoolWebShredder that I had downloaded &... Read more

A:Solved: firewall mysteriously disabled, possible hacker, lots of malware - where do I start??

16 more replies

HI there,

I have a serious problem with my pc, it is so slow and I have tried using Spybot, Adaware and AVG to get it to work right. But no joy.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:57:19, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\sistray.exe

A:Solved: My PC is so slow................lots of virus, I think

9 more replies

Hiya

Well, here again at somene's pc. To say its slow is an understatement. I've enclosed a log, but not run AddAware/Spybot or Mcafee yet, just in case. If they're needed first, I'll update, run them and post a new one:
Logfile of HijackThis v1.99.1
Scan saved at 13:49:54, on 10/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\NET NANNY\NNSVC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NET NANNY\NNTRAY.EXE
C:\PROGRAM FILES\INKLINE GLOBAL\PC BOOSTER\PCBOOSTER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE

A:Solved: Working on mates pc - Lots of problems

Hi Eddie,

There's nothing malicious in the log but far too many items starting up. Those should be trimmed back.

You can uninstall Logitech Desktop Manager from the Control Panel as it's not required.

I wonder if they just recently installed NetNanny? I've seen other problems with this program possibly slowing things down.
Run Ad-Aware and SpyBot and then do an on-line scan from Panda and post the log from Panda here.

Panda Active Scan.

3 more replies

Dell Demension B110
Pentium4 2.67Ghz
XP Home
80 & 120 gig hard drives

For months Windows Update has been trying to install a few security updates, beginning with Windows Media Player 10. At first the installation of the updates failed. Then it was able to get to the box where I could accept the agreement for the installation. That too failed. Lately, when playing music, the songs would sound really choppy. I installed the process explorer, and the Hardware Interrupts would go above 80%. I thought, maybe if I deleted Media Player 10, I could install Media player 11. I go to add/remove programs and windows media player is not there! Strange I thought so I proceeded to delete the shortcut links from my start menu, quick launch and desktop. I'm knowing that on one of these I'm going to get the message that I could delete the shortcut, but I have to remove the program via add/remove..etc. I didn't get that either. Now, Im wondering if that is the reason it cannot update. I delete the program folder for WMP and attempt to install MP11. It failed. So did Windows Update's attempt to install other XP security patches.
I tried to install IE7, that failed too. When I restarted the computer, all I had on my screen was my desktop, no icons, no task bar, nothing. 3 reboots later the task bar shows up, but its not like it was. The computer is so slow that it takes about 20 mins after logging on until I can see the icons on the desktop. I tried a system restore point... Read more

8 more replies

Hello.... My worst nightmare just happened.... I think I've lost 100gb of data......
Ok here is how it happened: I have a Western Digital 200gb hard drive, on a 1200mhz cpu, so I needed somthing for my disk space barrier. So I got the latest LifeGuard Tools from the official WD homepage.... everything worked fine, untill yesterday, then I started getting the messages of a corrupt file or directory, and windows advised me to use scandisk... Because I have winXP I had to reboot the computer to run scandisk.

Well It looked like scandisk fixed something, but the files were gone... that was just a small problem because these were just 6 mp3's and I had a backup of them....

But this morning I couldn't open my hard drive (its an extra drive, the windows is on another drive so it works fine) so I rebooted again and ran scandisk..... and when it was done I could open the drive, but it was empty...... over 100gb of data gone....
And I don't have bakup for all of it (about 50%)....

Are my files gone, or is it possible to recover them... And is there any solution for this problem, or is this disk not safe?

A:Lots and lots of data lost

10 more replies

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

More replies

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

More replies

My Dell Inspiron 530S running Vista (32-bit) Ultima has the very annoying habit of having a problem loadingb my user profile after it have been left logged into any other user (wife, or one of several daughters) Before I understood what the problem was I would simply shutdown and re-boot and I would seem to be back to normal. However, as I was trying to clean up the hard drive the other day, I noticed that the User director have 30+ extra profiles in it! They are in the form of TEMP.%computername%.000 thru TEMP.%computername%.030 - plus a few others that relate to a 'repair' of one my daughter's directory. I suspect that repair was faulty/incomplete but she seems happy with the directories she can access.
Questions:
1.) Why is it doing this? I have read other logon failure threads and have looked at the profile entries in REGEDIT
2.) Why doesn't takeown command allow me to get rid of all the excess USERS directory entries?

A:Lots and lots of user profiles

8 more replies

I just had my computer fixed in another thread not too long ago. However, I have a new problem and I don't know the cause or root of it. Lots and lots of pop up ad windows open at once randomly. Please help.

Thank you.

A:lots and lots of pop up ad windows open at once

Have each fix whatever problems they may find.

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.sfx.exe and run it. Uncompress the file and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Run a scan using Panda ActiveScan . Be sure to select any AutoClean Feature. Post the log from the Panda scan here.

Then get HijackThis . This program will help us determine if there are any spyware/malware on your computer. Run the scan, save the log, but do not fix anything yet. Many files it finds are harmless, and required for your system to operate.

19 more replies

Logfile of HijackThis v1.97.7
Scan saved at 6:07:23 PM, on 6/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\StoreFlag\dart trust.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\ACSSetup.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Rogers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Ex... Read more

A:Lots of spyware

10 more replies

I am trying to clean up a computer for a friend and it is super slow. Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad. I've noticed MANY poker/casino entries in the programs list, and there are so many, I'm not sure how to get rid of them all! I've downloaded/run hijack this, so here is my log file. Please let me know how to proceed!

Thanks so much! Kristin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:14 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\lwinupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

A:Help! Lots of Spyware I believe

Hi khorsed1018,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

--------------------------------------------------------------

Quote:

Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad.

No Wonder it was running slow... Running more than 1 anti-virus can slow down a computer. Please install only one active Anti-Virus, so that this computer is protected.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options &... Read more

16 more replies

Hello! I'm experiencing a browser hijack, lots of pop ups coming up on almost every other page I visit, and major computer slowdown. I tried running CWShredder, but it didn't seem to do much. I ran Hijack This... maybe someone can make sense of this log. Any help would be greatly appreciated, thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:08:31 AM, on 2/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\CMEII\CMESys.exe

A:Need help.. lots of spyware

11 more replies

My sister came home and borrowed my PC over the thanks giving break. She downloaded a bunch of stuff, and left me the presant of tons of spyware!

Took me about 10 mins to get to this page... Random programs are installing themselfs, i all of a sudden have a new tool bar that I've never seen before, a new list is in my favorites menu or stuff i didn't even install.

I usually run adaware once a week, and it always comes out clean. yesterday i ran it and it found over 500 bugs. I cleared them all and did it in safe mode. No matter what I do i can't get rid of this! PLease help!!! I am begging! This is a recent hijack this scan

Logfile of HijackThis v1.98.2
Scan saved at 6:01:10 PM, on 11/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssorpk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe

A:Help!!!!!!! Lots of spyware need help!

11 more replies

Hi, can someone help me please i have no where else to look =D

when i scan with, Spybot and MSAnti Spyware i got many spyware, these include,

ISearchTech.PowerScan
ISearchTech.SideFindISearchTech.ISTToolbar
ISearchTech.ISTXXXToolbar
DyFuCa.InternetOptimizer
180SearchAssasitant
and a few more

no matter what i have done (removed them with all Adware removal programs such as AdAware) they still come back and i have random proccesses running up every often out of no where such as msnmssrg.exe etc and things like ftp.exe dwwin.exe - I dont know what else to do

Here is my hijacklog someone please help me and do you think it could of something to do with the network? like installed some secret firewall because whenever i try to do a newtwork i know get errors and it only just started when i got all this spyware,

i think its something like Win32.RBot something that installs things day after day because ive tried deleting regestry settings and the folders in the program files and it still doesnt work

so i come for some expert help =D

heres my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 22:22:09, on 31/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe

A:Spyware and lots of it

Hello RaxeN and welcome to BleepingComputer.Your log shows that you are seriously behind on windows updates. It is essential that you update your operating system as otherwise any infections we remove could reoccur. After we get you all cleaned up, be sure to go to Windows Update and if it asks to install software, allow it to do so. Install the offered Critical and Security updates, reboot as requested and return until you have installed all available Critical and Security updates.You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder.Create a folder on the C: drive called "C:\HJT". You can do this by opening My Computer then double click on Local Disk (C:). In a clear area right click and select New then Folder and name it "HJT". Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder.Open the Control Panel then double click on Add/Remove Programs. Look for the following and uninstall them if found:- 180solutions- InternetOptimizer- IST Toolbar- SideFind- SideSearchor anything named similar to what you have seen listed in other scansConfigure Windows to enable viewing of Hidden and System files. Reboot into Safe Mode.Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:O4 - HKLM\..\Run: [Main Board ... Read more

2 more replies

Logfile of HijackThis v1.99.1
Scan saved at 10:00:09 AM, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cusrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

A:Lots of Spyware

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

2 more replies