Tech Problem Aggregator

Please help! im infected with Mircosoft Windows.hta and i dont know what to do!!

Q: Please help! im infected with Mircosoft Windows.hta and i dont know what to do!!

Thank you for any help i recieve. I have been googling it all morning and i keep reading forums and it looks liek the only way to get rid of it is to post and have someone analyize the hijack this program and give you specific instructions for proper removal. I noticed something wrong the other day when i try to click on links to pages, IE will freeze up and sit there forever.
here is the log
Logfile of HijackThis v1.99.1
Scan saved at 1:12:50 PM, on 4/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\luckynuggetMPP\MPPoker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\virus removal\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop" target="_blank" class="invilink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\System32\req.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Windows.hta
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Lucky Nugget Poker - {111BB773-894D-4fbb-B349-6E07E41DC00C} - C:\Program Files\luckynuggetMPP\MPPoker.exe
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Program Files\crazyvegasMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Please help thank you!

A: Please help! im infected with Mircosoft Windows.hta and i dont know what to do!!

11 more replies
Answer Match 56.28%

hello all, i am in bad shape right now. i used malware bytes and found some hijack properties after seeing a significant loss in performance. i then preceded to get help. i was told to download hijack this we went through the log. then downloaded unhackme we went through the registry to no avail then changed permission rights to get access to registry was told to delete the Dlg file. then was told i shouldnt have i restored did this process again without deleteing dlg file..... i am runnning vista 64 bit business i have 4 gigs of ram if any other info is needed please don't hesitate to ask as i a computer noob. lol i am trying i promise. oh and now my computer has been freezing up on aplication start ups and my cup usage has been jumping like crazy to 100 percent and is red most of the time in performace monitor in task manager.. i need help.here is my hjt log.. now.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:49:00 PM, on 9/13/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exeC:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Program Files (x86)\UnHackMe\hackmon.exeD:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\ASUS ... Read more

A:dont know what i was infected with just know i was hijacked.. cpu usage really high after thinking i got rid of it. dont know i...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 55.02%

Hey there,

I have a windows 8 on my toshiba laptop that is a few years old now and starting to break, I also have windows 8 on my desktop computer, I am switching over to my desktop and would like to transfer my account over although not use my hotmail account as my user account. How would i go about remove the other e-mail on my desktop and use it on my desktop?

Thanks
RitualJman

More replies
Answer Match 54.6%

My Windows XP got infected and i dont see any files under C Drive / desktop especially my Photos on a drive.

when i checked the properties, It does show that files are available. when i try to open the folder says, empty.

I ran Malware bytes (quick scan) it found some trojans and upon reboot, there does not seem to be any virus issues. But still no luck on the files.

I am running the complete systesm scan using Malware Bytes. It is already 2 hrs. still it is running.

Please advice what would i do.

A:My Windows XP got infected and i dont see any files

After i ran my Full Scan, Below is the log. still not able to see files on any of the folders.
Please help...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/29/2011 2:08:05 AM
mbam-log-2011-05-29 (02-08-05).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 408808
Time elapsed: 2 hour(s), 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

6 more replies
Answer Match 53.76%

I'm working on my friends laptop and she can't access her Mircosoft Outlook so I started looking into it and she can't access any files in her whole Control Panel. So I did a virus check and it removed the virus. But still can't access any folders other than her documents. If I try they all say something is missing from each of those files. I try to config and that will not open either. Also I try going and booting from the CD and also going in and doing the comands from Dos and it will not let me do that either. Is there any other way to get to her files in outlook express before I have to dump everything and start her over. thanks Starr
 

More replies
Answer Match 46.62%

Hi, today I tried to import an mpp file and I got the following error: java.class.path: eclipsito.jar;.java.home: C:\Program Files (x86)\Java\jre7: 24.51-b03os.arch: x86os.name: Windows 7Is there a way to stop this error? 

More replies
Answer Match 46.62%

Instead of installing all of office on a system, is it possible to just install word? If so, do I just browse the CD until I find it, please?
 

A:mircosoft word

6 more replies
Answer Match 46.62%

i deleted me ms paint and and can find a copy on the internet.....i need paint!!!
 

A:Mircosoft paint

Please......... Don't Double Post The Same Problem........
 

2 more replies
Answer Match 46.62%

i delete me ms paint and and can find a copy on the internet.....i need paint!!!
 

A:Mircosoft paint

What O/S

Try Start>Settings>Control Panel>add/remove Programs>Windows Setup

In that section look for Accessories and see it Paint is there. You may be able to recover from there.
 

1 more replies
Answer Match 46.2%

I am unable to find Language packs for Mircosoft Works 9 as i would like to change the language to English or is there another way.

A:Mircosoft Works 9, Language

hi not much on this however this may work http://answers.yahoo.com/question/in...0235133AA6zQpZ you may need to adapt it a little

1 more replies
Answer Match 46.2%

i cant print using office word but the strange thing is that i can print any internet pages no problem this is happening on three computers.Any ideas what the problem maybe thanks

A:Cant print using mircosoft office

What exactly happens when you try to print? Does the print menu appear on pressing Ctrl + P?

1 more replies
Answer Match 46.2%

Hello,

I'm having problems with the Mircrosoft Register Server saying that it has stop working.

I get this message when I try to install a program with Dll files.

I still can't install the program because of this problem.

I have vista home

Does anyone know how to solve this?

Any help would be appreciated.

A:Mircosoft Register Server

Originally Posted by jb001


Hello,

I'm having problems with the Mircrosoft Register Server saying that it has stop working.

I get this message when I try to install a program with Dll files.

I still can't install the program because of this problem.

I have vista home

Does anyone know how to solve this?

Any help would be appreciated.



Have you turned off UAC? Try turning it back on again, and then running the installer for your program with elevated priveleges.

2 more replies
Answer Match 46.2%

The_oracle was great and told me about the royale theme that I could use on my boring windows xp home without any patches. I was wondering if anyone else knows about more themes that I could use, without have to patch files. THANKS!!!
 

More replies
Answer Match 46.2%

How do Iget rid of this virus?

A:mircosoft restore virus

Start here.... http://www.bleepingcomputer.com/forums/topic34773.html

13 more replies
Answer Match 46.2%

sorry again a question with no idea about Operating systems

Is it possible that if i add a new Hard-drive to my PC that i could dual boot it with XP and media centre and if so how would i got about doing this ?

many thanks
James
 

More replies
Answer Match 46.2%

After reformatting my harddrive and trying to reinstall Mircosoft Office 2000 I get the following error 1305 Error reading from file E:\Windows\Msagent\AGENTSVR.EXE verify that the file exists and that you can access it. Can not access file due to current system settings. Contact your system adminitrator. I am using windows ME. Thank you for any help.
 

A:Mircosoft Office 2000

See this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q248263
 

3 more replies
Answer Match 46.2%

I have used Works for many years and like it very much for my limited purposes. Up to now, I have been using Works 8. I recently had my computer reformatted and he installed Works 9.

It worked for a while but now it's gone crazy. When I start a document and try to insert something into it using copy/paste, or using Yankee Clipper, when I click to paste the whole document disapprears, including whatever I had composed myself in the document, and in fact when I use Yankee Clipper the text I have copied in to Yankee Clipper disappears.

So I want to get rid of the current Works program I have and reinstall Works from the Works 8 disk that I have.

I'm just checking to see if anyone has a comment about what I am doing. I don't suppose I can remedy the Works 9 problem but maybe someone knows something I don't, which for sure is a certainty. I don't have the disk the tech used when he installed in after the reformat.

By the way, how do I determine what version of Works in on my computer?

Thanks, grandpaw
 

A:Mircosoft Works problem

"By the way, how do I determine what version of Works in on my computer?"

Open "Works," click the "Help" tab, click "About Works".
You have to "cancel" the Task Launcher dialog box first.

{redoak}
 

1 more replies
Answer Match 46.2%

I just realized I did something wrong. I posted a ComboFix log, and read afrtewards I was not supposed to do that. I don't know if I am infected. I have used superantispyware (found and removed some entries), spybot (same as superantispyware), ccleaner and (ooops) ComboFix. I also ran spyware doctor which came up with trojan-downloader.murlo. I didn't buy the removal tool because I am not so sure this entry was real. After running ComboFix I don't know if I am still infected, or what to do now. I have windows XP. I began scanning because on startup something was trying to install itself. Also when trying to use hotmail I could not log in to my account. Third problem: I use internet to log into my bank account and this was also acting strangely. Please help.

A:dont know if still infected

Your log is posted here.After posting a log for analysis and help with malware infection, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you... Read more

1 more replies
Answer Match 46.2%

Good Afternoon to all. I really need some help. Everytime I try doing an internet search I get redirected to random sites and I get error messages that im not authorized to open certain programs. I would really appreciate any help. Thank You.Running: Windows XP Home Edition Version 2002 Service Pack 3 Toshiba 1.6GHz 960 MB RamDDS Log:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 18:46:48.92 on Tue 04/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.571 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\explorer.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Administrator\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = about:blankmSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xm... Read more

A:Infected - Dont know with what!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 46.2%

Here's a link to my previous post .. http://www.bleepingcomputer.com/forums/t/271937/need-help-figuring-this-out/Since then, i now can't connect to the internet, i get a message saying i don't have permission. However, I still get pop up windows to random pages (which is how I'm on now.) I did a system restore, that fixed that part of the problem for about an hour before it started doing it again. I have Vista pro on my computer. Below is the DDS.txt log. Attached is the attach.txt log. I couldn't run the rootrepal, but attached is the crash log. If you can help me fix this I will be extremely grateful. Thank you so muchDDS (Ver_09-11-24.02) - NTFSx86 Run by mandee at 9:09:33.23 on Thu 11/26/2009Internet Explorer: 7.0.6000.16916Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1015.102 [GMT -5:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Fil... Read more

A:Infected - dont know with what

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

9 more replies
Answer Match 46.2%

Hi

I have some infected elements on my PC but cant get rid of them, my Ad-Aware gets stuck half way through the scan for some reason. Could anyone please look at my Hijack This log and advise what I should delete - many thanks. A free piece of software (Xoftspy - not registered to it fully though - wanted money) revealed that I had up to 9 rogue elements including diallers and trojans but CWShedder reveals nothing.
Completely confused - please help...

Logfile of HijackThis v1.97.7
Scan saved at 08:46:01, on 03/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program File... Read more

A:I'm infected but dont know where....pls help.

8 more replies
Answer Match 46.2%

Dont Know what I've got really so heres a HiJackthis log.. Any help would be appriciated..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:29, on 2008-12-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint�... Read more

A:Infected with something, dont know what.

This has gotten really bad in the past few mins..
-I'm unable to open most EXE's, i double click them and they dont load up (but they still appear in processes).
-I cant access this website (among others) without using a proxy?
-Images dont load unless I use a proxy
-Search engine links are redirected
-Cant run combo fix or other apps (does the thing where it wont load)
-Cant run combo fix in safe mode even.. (does the thing where it wont load)

This is really getting out of hand here

4 more replies
Answer Match 46.2%

Hey guys and gals. I recently came across this website: WARNING: Go to this site at your own riskhxxp://great-britain.ru/checker/key/?file0.6083815372548997=Linear%20Algebra%20with%20Applications%205th%20Edition%2​0|%20Otto%20Bretscher%20|%20digital%20library%20Bookfiand it just showed an empty screen on my browser and now I don't know whether my laptop is infected or not. I scanned the URL on virustotal and the downloaded file analysis showed that there was a malicious file. I was using Google Chrome at the time and my OS is Windows 8. I would like to know if I have malware or not on my system. Thanks in advance.

A:Dont know if I'm infected

Usually when a computer is infected with malware there most likely will be other obvious indications (signs of infection) that something is wrong. Is your computer exhibiting such signs?Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.Malwarebytes Anti-Malware 2.0AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.Important: Do not reboot your computer until you complete the next step.2. Install and perform a THREAT SCAN with Malwarebytes Anti-Malware 2.0.Be sure to print out and follow these instructions. When done, please post the complete results of your Malwarebytes scan for review.To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)Open Malwarebytes Anti-Malware.Click the History Tab at the top and select Application Logs.Select (check) the box next to Scan Log. Choose the most current scan.Click the View button.Click Copy to Clipboar... Read more

20 more replies
Answer Match 46.2%

Hi, and first and foremost thank you for your help!!!Some info:Im running Windows Vista x86 on a decent compaq laptop, and it was never so slow, but recently it has been getting slower and slower. I have windows firewall up and newest updated AVG running, and even scanning with MBAM did not find anything. Startup takes about 2 minutes, and right before it gets to the Log In screen the screen turns black for about 20 seconds, then finally gets to the log in screen. After that, the computer is slow as h3ll, but task manager doesnt show any resource hogs.I tried to follow the steps from "http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/", but my computer would not recognize the DDS.scr file (although screensavers do work), and then the next step I followed perfectly to scan with GMER, and about 10 seconds into the scan I got a BSOD.I am not sure how you want me to continue (HJT log maybe...), and any help would greatly be appreciated!!Thanks in advance, you people are my only hope!!

A:Must be infected, but dont know with what

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

18 more replies
Answer Match 46.2%

Ok so clearly I do not know how to read the instructions, in such a hurry to try to fix this machine . Here is the problem, Im fairly certain that the computer has a trojan but Im not entirely sure, I have pre downloaded combofix to the desktop to get ready. The computer randomly goes to websites and different links that it should not. I have run malwarebytes, norton, microsoft onecare scan, etc... Any help would be greatly appreciated. Thank you so much in advance!

Update: Pretty sure the main infected file is ws2_32.dll

A:Know Im infected, dont know how to fix

Please note the message text in blue at the top of this forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have perfor... Read more

1 more replies
Answer Match 46.2%

I got sent a mysterious link on steam regarding a trade. when i clicked the link i was a a blank page than i realized a little to late that it was downloading a .scr file. ive done my research and i know that it can be very dangerous i haven't opened the file but i have permanently deleted it in panic. i want to know if i'm infected i am preforming a full scan on windows defender right now on a quick scan it said nothing was wrong. but when i scanned the file on virus total it said there was a detection ratio of 27/56 and all a the bad files were a trojan. i want to know if im infected or not
 

A:I dont know if im infected...

please ignore the two identical ones and focus on the one with more detail sorry for inconvenience

1 more replies
Answer Match 46.2%

Logfile of HijackThis v1.99.1Scan saved at 14:08:15, on 22/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\runservice.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ATI Technologies\AT... Read more

A:Infected-dont Know What With Tho :p

Hello and Welcome to BC. You have/had a trojan which allows a remote intruder to gain access and control over the computer. It's a possibility that you computer may have been compromised. If you had any sensitivie information or done any transactions on this computer, I suggest you do the following:1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.2. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passords and transaction information. ======================================Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender: Open Windows Defender Click Tools Click General Settings Scroll down to Real Time Protection Options Uncheck Turn on Real Time Protection (recommended)After you uncheck this, click on the Save button Close Windows DefenderOnce your log is clean you can re-enable Windows Defender Real Time Protection.====================================Download haxfix.exe and save it to your desktop. Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix) Check... Read more

25 more replies
Answer Match 46.2%

cant use task manager to figure out what is running...it says my administrative abilities have been removed...help plz

A:I Am Infected Dont Know What

Hi and welcom to this forum

it would help to know which version of windows you are running

also; what protection programs if any you have installed and already run?

6 more replies
Answer Match 46.2%

Hi~this is my first post~heard about this site on Facebook. I am not too computer savy but my computer seems to be infected and I am hoping to fix it without bringing it in somewhere.

I keep having these boxes pop up from Internet Security 2010. One said;
Spyware Threat Detected!

SpyBot.Bank32.dll - High Risk
Worm:W32/Agent - High Risk
Trojan-Downloader.NSIS.Agent.a. - Low Risk

another one says:
Internet Security 2010
Security Alert
(There's a triangle with a red X here) User activity loggers detected! It is strongely recommended that you remove detected threats right now!

I also have gray boxes popping up. One said;

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion detection system(IDS software)
The other gray box said:

Critical system warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click yes to scan and remove threats. (recommended)

The gray boxes have a circle with a red X inside on the upper left corner.

Any help with this problem would be... Read more

A:Infected and dont know what to do~help please!

Hello maremur and welcome to Bleeping Computer!! Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure t... Read more

1 more replies
Answer Match 46.2%

try to make this short but completesony laptop model vgn-n365e had vista home prem 32 bit oem which totally failedno restore or recovery possible with retail vista disk/clean install or sony recovery media aft er many attemptshad purchased windows 7 home prem upgrade for this pc, and finally managed 'clean' install and activation installed licensed avast internet security yesterday and windows 7 keeps telling me there is no antivirus installed, yet avast says it is running, along with multiple errors in event logs and other issueshave worked with microsoft pc safety for hours, and they cant seem to figure out what is causing false notifications in action centertheir best answer is to just turn off the notification and ignore itpointed out that service software protection platform is set to automatic/delayed start but never starts or runs and even that got no response or concern from them, as it was delayed he claims it will start at some point, and now it's been 3 hours and still not startingtrusted installer and system seem to have all of the admin privileges, and i have very little, so if i try to make changes access is most often denied even when i am logged on under the admin user accountmy gut says something is causing all of this, so i am giving this a try...fyi, this is my son's laptop .. teenager... used limewire, itunes, frostwire, and played world of warcraft, before he gave it to me to fix a popup problem ...constant rundll32.exe pop ups, by the d... Read more

A:infected but dont know what it is

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

22 more replies
Answer Match 46.2%

I've waved the white flag, i need help.I have followed all steps, i've researched as many similar problems and solutions and followed that advise as much as i can. I cant get a clean system.when even i get one application to say "consistantly" clean, i run another which finds loads of trogans and virus's. And it figures, each program that finds new and exotic stuff, also costs another 40.00 to buy.I have bought StopZilla, which promised to remove all threats. Well it removed all that it found but spyware Dr. finds some that it apparently misses.I've run all the root fix programs, the free ware, shareware and pay-fer programs that i can get my hands on "Symantic AV" and McFee AV both run and do not find any problems.I am posting my Hi jack in hopes that you can walk me through removing these most stuborn trojans and programs.Oh, and i just un-installed my anti virus as it was preventing me from installing my other anti spyware programs.. I will re-install it after i get the system clean.Thank for for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:30:26 PM, on 11/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\sys... Read more

A:I Know Im Infected But I Dont Know By What

roodalphPlease download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.

16 more replies
Answer Match 46.2%

Logfile of HijackThis v1.99.1
Scan saved at 1:23:17 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ISPx Web Accelerator\slipcore.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs... Read more

A:dont know if im infected...help thanks

Log appears clean but let's do a perfuntory scan

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

1 more replies
Answer Match 46.2%

what ever it is it will not let me up date windows or trend micro it tell me i am not connected to the web


DDS (Ver_09-02-01.01) - NTFSx86
Run by Tony at 14:45:42.01 on Tue 02/03/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2038.882 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Prog... Read more

A:infected dont know what with

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 46.2%

My Norton Security system keeps on popping up saying that I am infected with trojans and winfixer. I have tried trojan guard, but that didn't help at all. Here is my Hijackthis log, if you guys have any suggestions on how to clean up my computer it would be greatly appreciated. Thanks for your time.Logfile of HijackThis v1.99.1Scan saved at 6:10:36 PM, on 9/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\Program Files... Read more

A:Im Infected And Dont Know How To Fix It

Hi,The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.Then I'll take a look. First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

2 more replies
Answer Match 46.2%

Heya guys,Having huge issues with a work pc. Clicked on a link from google and managed to get the pc full of spyware/malware. Ive spent the past 2 weeks trying to kill all the stuff off but am having no luck whatsoever. I've run adware, spybo0t s&d, nortons, Macafee, panda online, housecall to name a few. Each time these proggys are run they seem to find a different problem. I know its had spyware quake, syssecurity.com, bgates and the list goes on. I've researched each one it tells me and have used smitrem, smitfraud, virtumondobegone, vondu and each time it finds and kills the spyware but next time you dial up, you go back to square one, everything's back again.I'm guessing its hiding somewhere else as something and coming back with each net connection and it's beyond me.Following is the hijack this log for the pc. I've also included the start up list as well in case that helps. It's a network slave box and the master pc is not infected at all if that helps.I'd really appreciate your help before the boss fires me TinaLogfile of HijackThis v1.99.1Scan saved at 1:15:42 AM, on 06/08/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\P... Read more

A:Infected With I Dont Know What

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.You've got the latest Vundo infection i'm afraid.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to "Run VundoFix as a task".You will receive a message saying vundofix will close and re-open in a minute or less - Click OKWhen VundoFix re-opens, click "Scan for Vundo" button.Once the scan is complete, right Click inside the listbox (white box) and click "add more files"Copy and paste the 2 entries below into the top 2 boxes (no arrows): --> C:\WINDOWS\System32\vtuurpm.dll --> C:\WINDOWS\system32\mpruutv.*Click "Add Files" and click "Close Window".Click the Remove Vundo button.You will recei... Read more

13 more replies
Answer Match 46.2%

DDS (Ver_09-01-07.01) - NTFSx86
Run by Roger at 1:04:52,25 on 18.01.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.1022.465 [GMT 1:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\... Read more

A:Infected with (i dont know) :-(

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

2 more replies
Answer Match 46.2%

DDS (Ver_09-11-23.01) - FAT32x86
Run by Taimur at 15:07:09.21 on Mon 11/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.470 [GMT 5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analo... Read more

A:dont know what i am infected with

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 46.2%

Referred from here: http://www.bleepingcomputer.com/forums/t/279828/ie8-and-firefox-redirecting/ ~ OBSorry about my confusion on earlier post. I am unable to make a rootrepeal log as the application rootrepeal crashes with a exception error when I try and run it. It also crashes wit hthe same error when I try and run it while windows is in safe mode. I have sent the author of rootrepeal the exception error code. I am unable to get the following applications to runGMER = Will run and complete a scan but as soon as save or a copy aaction is used the system will hang and become non-responsive. Rootrepeal = Will run for a few seconds than it will crash with a exception error. Hi all,I am having the redirecting issue also. Meaning that sometimes when I click a link after doing a search I get redirected to some random site instead of the link I initially clicked on. I have used Superantispyware, Webroot Spysweeper and anti-virus, spybot S&D, Malwarebytes, and finally removed webroot from my system and installed avast pro. Avast found some malware and move it to the chest. That seems to have made my system run faster and more stable than before however the redirecting issue is still present. I have read though the forums about this issue and tried to follow some of the steps that where suggested to other folks as it pertains to my system. I downloaded OTL to desktop as well as GMER.exe and ATF-Cleaner. I was able to run OTL and ATF but GMER locks my system up to the point that ... Read more

A:infected with (I dont know)

Also I noticed that it does not occue all the time, but every time it does try and redirect me a I.P. address quickly (and I mean quickly as in a blink on an eye) flash at the bottom of firefox or I.E.8 followed by another I.P. again blink than the random page it is redirecting me to. I also noticed that when booting up my system that some start up objects flash into the TSR area by the clock and than disappear. I have that area enabled to show all running TSR's and so nothing should be hiding itself.

Just wanted to add these things since i just noticed.

15 more replies
Answer Match 46.2%

hi thereok ill start with the computer specwindows xp sp3 (running vista theam)modem = speedtouchRouter = Netgear wireless-N router WNR2000browser = Firefox 3.0.5anti virus/ fire wall = zone alarm secrity sute version 7.0.470.000Problems(1) Fire fox is redirecting web pages(2) Unable to download files(3) A pop up is popping up every min(one just poped up)URL http://c5.zedo.com bla bla balits about anti virusits in internet explorer (i use fire fox3)(4) anti virus will not update(5) cannot get in to router to change settingsOK so this is what i have doneran zone alarm and done a full scan (if only found some tracking cookies)ran ad-aware 2007 found some files (i cant rember what thay are now)installed avast 4.8 and done a full boot scan found 11 file and deleted themtried a system restore but after i click my restore point and click next nothing happenswhen i click a link down the bottom of fire fox an the left it come up with (wating for copy-book.com OK just got a windows internet explorer pop up messageATTENTION! If your computer is struck by spywhere, you could suffer data loss, erratic behaviour, PC fresses and crashesDetect and remove viruses befor thay damage your computerantivirus 2009 will perform a 00% FREE and quick sacn fo your computer for viruses, spywhere and adwhere.Do you want to install anti virus 2009 to scan your computer for malware now? (recommended) [ok] [cancel]i clicked cancel and a internet explorer browser poped up http://liveanitviruspcheck.com... Read more

A:HELP im infected and dont know what to do

update

boot.com is trying to copy to all my hardrives and flash drives

E:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008
action delete file

J:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008

action delete file

E:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008
action delete file
pop up browser

13 more replies
Answer Match 46.2%

Hi, My son was trying to install EA sports Cricket07, when my AVG prompted some 5 virus warnings(i think "win 32heur"). I promptly removed the infection but afterwards my AVG does not open at all and the tray icon has gone missing. i am posting below the DDS & gmer logs.I have since uninstalled AVG. please guide and help..UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_11-03-05.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 1/17/2010 5:55:36 PMSystem Uptime: 3/17/2011 9:04:35 PM (2 hours ago).Motherboard: HCL Infosystems Limited | | M7VMX-KProcessor: Intel Pentium III processor | Socket 775 | 2666/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 78 GiB total, 46.696 GiB free.D: is FIXED (NTFS) - 98 GiB total, 96.323 GiB free.E: is FIXED (NTFS) - 98 GiB total, 95.329 GiB free.F: is FIXED (NTFS) - 192 GiB total, 182.565 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP132: 12/16/2010 12:44:07 PM - Software Distribution Service 3.0RP133: 12/19/2010 7:42:44 PM - System CheckpointRP134: 12/26/2010 2:04:12 PM - System CheckpointRP135: 12/27/2010 10:10:21 AM - Removed 5DFly Photo DesignRP136: 12/28/2010 10:19:10 AM - System CheckpointRP137: 12/29/2010 7:23:00 PM - Installed AVG 8.0RP138: 12/29/2010 7:26:08 PM - Avg8 UpdateRP139: 12/31/2010 9:29:28 AM - Avg8 UpdateRP140... Read more

A:Infected by dont know what!

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

6 more replies
Answer Match 46.2%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

A:dont know by what i'm infected

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with the link to this thread.

Everyone else please start a new topic.

2 more replies
Answer Match 46.2%

Hi, recently when i plug my pen-drive into my laptop i found out all my files inside the drive is replaced with fake ones and addition of files named 'x' and 'porn'. My original file disappeared and i couldn't even open the fake files with the same name. I tried reformatting my pen-drive but the problem persist.

If any experts out there may help me ASAP, i would appreciate it very much. Thank you

A:i think i'm infected but i dont know what to do

Please do take these steps :Due to the nature of the infection, any usb or external device may have been infected. Please plug in any external device that you have used recently.Please download flash desinfector by sUBs and save it to your Desktop.Double-click to run it and follow any prompts that may appear.Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings.The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.==========

2 more replies
Answer Match 46.2%

hello and thank you for helping me in advancedmy computer was running very great around a month ago and all of the sudden , its acting really strange, freezing when programs our opening , as in never opening but showing a exe file, in the command prompt, also when running will just freeze when scrolling, this is also happening when im online, sertain programs wont even run , like windows media opens then freezes after opening i thought it might be my ram , so i deleted all the songs videos ect , and still freezingive run panda no result search and destroy freezez ,i run ccleaner daily ,any help would be welcomed here is my logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:25:28 AM, on 9/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC... Read more

A:Infected But Dont Know What

Hello BlahWolF,Welcome back to Bleeping Computer Go to Start>Run> type in, or copy and paste msconfig and hit Okay. Click on the Services tab and look for Ati HotKey Poller - ATI Technologies Inc. and stop that Service (Uncheck). Apply, close it out, and restart your computer. See if that helps and let me know. Thanks,tea

7 more replies
Answer Match 46.2%

I do not use Internet Explorer because it always seems to get infected or messed up so I have been using Firefox for a long time. Well this weekend I started getting pop-up ads on Firefox that came from Internet Explorer. I then go to Internet Explorer and open it up and it starts running like mad. It goes to "about blank" then a new tab opens up http//:400 error and cycles over and over again creating new tabs I lost count at 42. I try to close out the page and a new window pops up I had up to 11 of these windows before finally getting some to close, this even happened while my computer was no longer connected to the internet.

I have an eMachine with windows XP home on it. I am not technically savvy enough to feel comfortable trying to fix this myself and since I dont even know where to start I am asking for help. PLEASE!!!!

More replies
Answer Match 46.2%

Hi first of all let me apologise to the mods for posting my log in the wrong forum. I have tried sorting this problem out but i just cant seem to regain the full potential of my speeds since being infected. First of all zonealarm always finds and deletes some viruses and spyware although at this moment icannot tell you what they are. All i can do is post my HJT log and HOPE someone can help me. Any help would be appreciated, (not removing my posts would be too).Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:24:57 PM, on 2/23/2008Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\ZoneLabs\isafe.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\Rundll32.exeC:\Pr... Read more

A:Infected With Something But Dont Know What

Hello and welcome to Bleeping Computer. I apologize for the delay, the forum has been very busy.If you still need help, please post a fresh HiJackThis Log and an Uninstall List (Instructions forthcoming) in your next post/reply.Thanks.Step # 1: Make an uninstall list using HijackThisTo access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

3 more replies
Answer Match 45.78%

Sorry, this did'nt show up correct- let me re do it below. Please tell me if theres anything I should fix, Thanks. Security updates Vulnerabilities Check not performed IIS Security Updates IIS is not running on this computer.
Security updates Vulnerabilities Check not p
Windows Scan Results Vulnerabilities Check not performed Password Expiration Check is skipped on Windows XP Professional computers that are not joined to the d
Windows Scan Results Vulnerabilities Check failed (non-critical) Local Account Password Test Some user accounts (1 of 6) have blank or simple passwords, or could not be analyzed.
Windows Scan Results Additional System Information Best practice Services Some potentially unnecessary services are installed.
Windows Scan Results Additional System Information Additional information Shares 3 share(s) are present on your computer.
Windows Scan Results Additional System Information Best practice Auditing Check is skipped on Windows XP Professional computers that are not joined to the domain.
Windows Scan Results Additional System Information Additional information Windows Version Computer is running Windows 2000 or greater.
Internet Information Services (IIS) Scan Results Additional System Information Best practice IIS Status IIS is not running on this computer.
SQL Server Scan Results Product Status Best practice SQL Server Status SQL Server is not installed on this computer.
Desktop Application Scan Results Vulnerabilities Check not performed Macro Secu... Read more

A:Mircosoft Security Analyzer- results?

Security updates Vulnerabilities Check not performed IIS Security Updates IIS is not running on this computer.
Security updates Vulnerabilities Check not performed SQL Server Security Updates SQL Server is not installed on this computer.
Security updates Vulnerabilities Check not performed Exchange Server Security Updates Exchange Server is not installed.
Security updates Vulnerabilities Check passed Windows Media Player Security Updates No critical security updates are missing.
Security updates Vulnerabilities Check failed (non-critical) Windows Security Updates 4 security updates are out of date or could not be confirmed.
Windows Scan Results Vulnerabilities Check not performed Autologon Check is skipped on Windows XP Professional computers that are not joined to the domain.
Windows Scan Results Vulnerabilities Check not performed Password Expiration Check is skipped on Windows XP Professional computers that are not joined to the domain.
Windows Scan Results Vulnerabilities Check passed Administrators No more than 2 Administrators were found on this computer.
Windows Scan Results Vulnerabilities Check passed Restrict Anonymous Computer is properly restricting anonymous access.
Windows Scan Results Vulnerabilities Check passed Guest Account The Guest account is not disabled on this computer.
Windows Scan Results Vulnerabilities Check passed File System All hard drives (1) are using the NTFS file system.
Windows Scan Results Vulnerabilities Check failed (non-critical) Local ... Read more

1 more replies
Answer Match 45.78%

I have tried to do a system restore using several different restore points, but it always says "incomplete data installation" or something to that effect. Anyhow the files is still there by it's file name, but contains no data. Any help retrieving these documents is greatly appreciated!
Thanks, Texastracker

A:mircosoft word files are there but blank?

Try ShadowExplorer. See vista free software list

2 more replies
Answer Match 45.78%

hi everyone,

When i click 'send/receive', that some new email to 'Inbox' you can see how many are new email in 'Inbox' bracket like this 'Inbox (6)', you know i mean.

Right, i have sort out for new email message to my new list of folders, not Inbox, from Rules Wizard, then when i click 'send/receive' other day, its working new email message to my list of folders BUT... its no show bracket on my list of folders when new email in there! i would like put setup like bracket () on my list of folders or not?

Understand?

im grateful if anyone help.

Thanks.
 

More replies
Answer Match 45.78%

hey there guys. i have ALOT of trouble with microsoft word 03 and 07. let me start from the beggining;

i got my laptop in july. and it had the 60 days free trial of microsoft office 07. so i used this as if it was for granted, but then one day it ran out. unfortunate for me, it was on the weekend when i had this HUGE school assignment due, and i just needed to get it fixed. so i called this computer guy that i know, and he came over and un-installed it and installed 07 again, from his cd.. must have been some sort of crack cos i dont recall him adding a key. (can u belive that i had to pay him for that?!) . while he was here, all was good. later that day my vista was complaining about memory problems. u know, the warning sign when windows says sometihng in the terms of: "windows is out of virtual memory, please close some programs to get it back and to save ur work" etc. after that my laptop went nuts. i quickly un-installed it and that problem ended. the next day i asked the tech dudes at my school about it, and they said that 03 would work with no problem. (since the first tech guy said that microsoft 2003 could no way in hell, work on vista... argh)
so i went home and found a CD that i had with microsoft 2003. unfortunaitly the key which came with it, had already been used too many times. so i had like 20 or so times to open it. those 20 times went way faster than i expected even though i tried to limit my word usuage as much as i could. so yea, this sunday it ... Read more

More replies
Answer Match 45.78%

Microsoft yanks Outlook 2007 update

Cites multiple problems, including connection and performance issues
By Gregg Keizer, Computerworld
December 19, 2010 04:31 PM ET


Microsoft last week pulled an update for Outlook 2007 issued just two days earlier, citing connection and performance problems for the unusual move.
The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.
"This latest update results in Outlook 2007 being very slow in changing folders and the archiving functionality appears to have been removed," said someone identified as "alspar" on a Microsoft support forum early Wednesday morning. "Is this an error or by design?"
To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft last week pulled an update for Outlook 2007 issued just two days earlier, citing connection and performance problems for the unusual move.
The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.
"This latest update results in Outlook 2007 being very slow in changing folders and the archiving functionality appears to have been removed," said some... Read more

More replies
Answer Match 45.36%

Hi,I'm not the best with these types of things so I do apologize.I have PCtools spyware doctor and I came across 2 files that i was unable to remove. They are both medium threats "possible website hijacks" and were associated with spywareinfo.comRecently my computer has been running slower and i sometimes have trouble with shutting down my computer. Also, I tried running malwarebytes in normal mode and it kept freezing on me. I ran it in safe mode and it worked but it came up clear.And I had previously had been attacked by a rogue anti-virus program (computer went into an IT guy who cleaned it up).Any help would be greatly appreciated.below is my hijackthis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:39:49 AM, on 2/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.e... Read more

A:possibly infected... dont know what

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

15 more replies
Answer Match 45.36%

Well, after stupidly downloading maleware, my pc got infected.  It happened i guess around 3 or 4 days ago.  My system was running slow so I decited to run a scan with Hitman pro(it expired so I wasnt able to remove the virus) and after scanning it found like 81 tojans or something!!!  I dont know how to remove them (I use norton too btw)  Any tips???  If anything like logs are needed I dont mind giving.

A:I am infected and I dont know how to remove it!

Hello RedRay I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

19 more replies
Answer Match 45.36%

at first my ipod was infected by "NUDE SEX SCANDAL.vbs"
then when i plugged it in the computer, i can't access task manager and my hidden files that were initially shown can't be accessed, also my folder options. please help. thank you.

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by bigfoot at 12:30:18.32 on Sat 03/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.201 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bigfoot\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bigfoot\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\bigfoot\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\bigfoot\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://blogtq.blogspot.com/
uSearch Page = hxxp://search.live.com
uSearchMi... Read more

A:please help, my computer has been infected and i dont know what to do

Hello -


Quote:




the gmer didnt work




What happened when you tried to run GMER?

4 more replies
Answer Match 45.36%

Hi. Thank you for helping. One of the family members was downloading music and there was a popup which asked if we wanted to preview the song before downloading. To preview the song we were asked to press run. As soon as we pressed run the screen crazy with many popups and then it said that the computer was infected and asked if we wanted to run antivirus. We said yes but nothing happened. It just kept popping again asking if we wanted to run our antivirus scan.I have 3 user accounts on the computer. We were in the user account called "Mark". We now cannot use any of the applications in this user account. The other 2 user accounts are still usable. The folders in the user accounts are not the same. Many of the files are hidden, a new folder has been created called 'Mark.YOUR-8ABC512Da0 and this has happened for the other 2 user accounts on the computer. DDS and Attach are copied and attached here but I could not get gmer to finish. I got an 'out of memory...." type error after it ran for about 3 hours.Here are the logs and thanks again for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Mum at 21:53:29.48 on Thu 02/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.1918 [GMT 10:00]AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\... Read more

A:infected but dont know name of virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

30 more replies
Answer Match 45.36%

DDS (Ver_09-03-16.01) - NTFSx86
Run by abacus at 18:52:46.45 on 03/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2813.1890 [GMT 7:00]
============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\Prevx\prevx.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Prevx\prevx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\FlashGet\flashget.exe
D:\Program Files\Prevx1\PXAgent.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\yabftjk.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Documents and Settings\abacus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=localhost:7171
uInternet S... Read more

A:Infected -Dont know exactly what to remove or how

Hello abacus_x,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.**************Download Lop S&D Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. To see how to disable security programs visit this tutorial: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs You can enable them after the scan. You can find a detailed instructions with visuals here Double-click Lop S&D.exe If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan. Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)************** Please disable any running anti-virus program before running Kaspersky Online Scanner.If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/Close any open browsersPlease do a scan with Kaspersky Online ScannerYou can refer to this animation by sundavis.Note: If you are using Windows Vista, open your browser by right-clicking on its icon and sele... Read more

2 more replies
Answer Match 45.36%

My computer will not allow me to update windows defender nor my anti virus and spyware. When i search via the toolbar in internet explorer it will redirect me to another search engine site with results and not the typical list of results. When i click a link on a google search it will redirect me as well. These are the main problems i am encountering. I have tried to update and it will say unable to complete update. Also, when i try to run malwarebytes, a windows pop-up will say that it cannot run and it does not give an answer for why.
DDS (Ver_09-06-26.01) - NTFSx86
Run by owner at 21:05:01.43 on Tue 07/14/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1982.1239 [GMT -7:00]

AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svc... Read more

A:infected with malware but dont know which

Hi, koolmanc34 Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not att... Read more

2 more replies
Answer Match 45.36%

Hi guys, My computer is infected by a winself.exe and a wmsdkns.exe right now, googled them and there both trojans and i'm tried to fix them except that i can't get to safe mode w/F8 and can't do it the run method because my computer is so slow and freezes(task manager says CPU Usage=100%). Another thing they do is block my internet, so i cant get onto the internect. I've ran both avg and spybot and neither detects the viruses. I really dont know what to do and am desperate please help.
thanks

A:Help? Infected And Dont Know What To Do(desperate)

can somebody please answer or answer why no one has answered
please help

10 more replies
Answer Match 45.36%

Hey guys

I know my computer is infected badly by viruses all of a sudden I was just surfing some sites that I am always on an I must of clicked somthing I shouldnt off an now a 1000 adds pop up an give me nothing but trouble I have used mircosoft antispyware spybot an ad aware an nothing will get rid of all of it I was hoping you could all help me

A:Infected Computer Dont Know What To Do !

Hi StylinTAs you have submitted a Hjt log on this problemPlease do not try anything else or change anything as this could well change your log.Once you have submitted a log, please wait for instuctions from one of the Hjt Team and no one else.The team are very busy, but someone will answer your log, please be patient.

2 more replies
Answer Match 45.36%

Hello,

My computer appears to be infected again. I did not go onto any unusual sites, just email, yahoo, facebook etc. The only one I can think of is flashflash revolution, and I will definitely not go there again. I do not know why these problems keep popping up!
Also I am not able to run hijackthis. I can download it from the site but it does not install. It gives me this message:

C:\Documents and Settings\desktop\HJTsetup.exe si nto a valid Win32 application.

I never have had a problem installing this program. I would be extremely grateful for any help.
 

A:dont' know why i am infected again, maybe because of flashflashrevolution?

Hi,

I am pretty sure that my computer is infected. I cannot use hotmail and my mcafee was diabled. I recently got rid of the vundo trojan, but maybe it is back. I am not sure. It may be another one. Here is my Hijackthis file (I was finally able to download it):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:59 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Mi... Read more

1 more replies
Answer Match 45.36%

* first sorry for my bad grammar HelloI was infected by the following rootkit: (and its also keylogger)http://www.bleepingcomputer.com/startups/1...edr5-13803.htmlI tried to remove it by my own but I dont know if I succeed.I want to be sure that my PC is clean from this rootkit.so that what I did:I took the SAM, SECURITY, SYSTEM, DEFAULT, SOFTWARE files from "C:\System Volume Information\_restore{CA652DDF-F83F-4B6D-8A14-8CE08CA413F2}\RP20\snapshot"(its the registry's backup one day before I was infected by this rootkit)and I changed their name to SAM.new SECURITY.new etc... and I placed them in C:\WINDOWS\drivers\configthen I switched to Windows Recovery Console and I renamed the current files to *.old and renamed the *.new files to the original names (SECURITY, SAM, SOFTWARE etc ...)by this way I think I cleaned my registry from this rootkit but I'm still not sure that I'm cleanI tried also to use "ComboFix.exe" and here is the log that I received when it was finished:ComboFix 07-12-31.4 - Administrator 12/31/2007 15:17:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.592 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to... Read more

A:I Was Infected By Rootkit And I Dont Know If Its Already Gone

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Answer Match 45.36%

First let me say Hello because I am new here.

I have windows xp home edition.My computer has been running slow but it got a little better since I installed Mc Afee's trial.First time I noticed something was terribly wrong when my computer internet connection has been shut down saying my proxy something something will not connect and the only thing that would allow it to connect is to restart my computer.I ran a computer clean up on mc afee but it only deleted a few things.Now while I search the internet on my computer.

My computer will not go to the exact link it would go to something completely different then the link that I searched for.For an example if I search for mc afee's website and clicked on it from yahoo some other type of site would show up.Now everytime I search on my computer I have to copy the link from my mouse pad instead of clicking on it directly from the search engine.And something odd happens every time I shut down my computer.It's running updates on the blue screen and telling me not to shut my computer down.I have never seen that before.Last but not least,If I go to bestbuy website.It only shows up links and not the best buy website design.Can someone help me please?

sorry I couldn't make a better topic title.

A:My computer is infected but I dont know what to do.

Hey...The Mods must be like sleeping lolill help you with first step[url=http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe] Click Here[url] to download MBAMRun it and then run a quick scanPost the results here and hopefully a moderator will help you out after thTat stepRegardsJake

8 more replies
Answer Match 45.36%

recently I've been having problems with firefox (not reponding, lagging badly and crashing) and now I've begun to get notifications from my antivirus program, Comodo, about an infection ([email protected]) I dont know what it is or what its doing. My computer has been running extremely slow lately while it should not be as it has lots of memory and has never been this slow. I cannot use firefox at all and have had to resort to internet explorer which I hate and other web browsers.
here is a copy of the dds log and attach.txt is attached as well.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Twiss at 11:14:20 on 2011-11-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6089.4091 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServi... Read more

A:Pretty sure Im infected but dont know how/what

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 45.36%

i am working now with my computer trying to fix it..
here is the problem:

i open my yahoo messenger, and when i log in it suddenly close..

what should be the problem of my computer?

i try Noob.Killerz hoping it will fix the problem but doesnt work..

please help..

im using Windows XP SP2...

A:I Am Infected..but Dont Know If It Is A Virus

Hello and welcome nimbuscloud,let's start with a scan and a log.Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opers browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sur... Read more

1 more replies
Answer Match 45.36%

I am using Windows Vista.When i scanned my laptop with AVG antivirus, it says that my ntoskrnl.exe and my hosts files have been changed under virus results.Object C:\Windows\system32\ntoskrnl.exe result/infection: change status: changedObject C:\Windows\system32\drivers\etc\hosts result/infection: change status: changedAVG says that there are no threats found after the scan is finished, and it did not give me any instruction or actions to take such as quarantine or deleting etc.I dont know how to solve this and neither do i know if i have been infected. Am i even infected with any malicious prgrams? If i am, what should i do to solve it.Here is my HJT log, hope it helps.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:09 PM, on 2/2/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeC:\Program Files&#... Read more

A:I Think My Computer Is Infected But I Dont Know What To Do

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 45.36%

Hello,

For the past few weeks, my computer has been taking 10 minutes to start. That is, when I turn on the computer, it boots into windows, then I am stuck at the desktop for 5 minutes before I can do ANYTHING. I am sure it is not a virus or malware. Sometimes it would give a message saying there is a problem with pfmod.dll. Also my windows updates fails to install correctly alot of times and i have problems installing programs too. Also i get alot of messages saying that EXPLORER.EXE and other programs stop responding and freeze up all the time.
Alot of times my computer will not let me select anything and it will freeze up and i have to manully restart the computer. The computer has gotten really slow for anything from internet to just trying to open something. Sometimes i have to wait up to 2-3 minutes just to open a program. Im not for sure what all is going on but i know my computer is not working properly since i let my cousin use the computer and he was looking up porn on the computer so im betting its a virus or malware.
If you could help me find whats wrong with my computer i would appreciate it alot. Thank you
System: Dell Dimension 4500, Windows Vista Ultimate, 1 GB memory, 250 GB Hard Drive

A:Infected! Many Problems Need Help Dont know what to do?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

10 more replies
Answer Match 45.36%

Ever since I bought my PC (has Windows XP Professional installed) and whenever I "write" e-mails, I get the following displayed on my PC: -

"Preparing to install. Please wait while Microsoft Office 2000 Premium is installed"

Then get:-

"The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert Microsoft Office 200 Premium Disk and click OK".

I simply press 'cancel' and can then send e-mail's no problem. I also download Word files from work on my home PC and everything is fine.

So, why am I getting these messages and is there anything I can do to put it right once and for all ?????

Thanks in advance.
 

A:Mircosoft Office 2000 Premium Disk ???

Do you have office 2000 on your system ? If so it sounds as if it needs to be reinstalled.
 

3 more replies
Answer Match 45.36%

My Internet explorer is corrupt, i was using version 6 download 8 but it still corrupt will not let me enter proxy setting and save security keep changing to high any help would be great got mozilla to work but that not good on other application i need to use.

A:Mircosoft 2003 Internet Exployer problem

Welcome to TSF

Remove IE8 completely. http://support.microsoft.com/kb/957700

Try reinstalling. If this does not help remove IE 8 again but then Run the System File Checker

Go to the Run box on the Start Menu and type in:

sfc /scannow ( sfc if not reconized) (Note that there is a space between sfc and /scannow)

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.
In all likelihood you will be prompted to insert the Windows XP CD.

After running SFC reinstall IE8 again to see if the issue still persists.

Have you tried IE7?

1 more replies
Answer Match 44.94%

my dad's system seems badly infected with malware. MBAM removed 700 or so threats. Also scanned with ad-aware and spybot and eset online virus scanner. I am trying to install microsoft security essentials but the system seems to prevent that. it seems to create random alphanumeric folders in the D drive and then cant find the MSE installation file and I cant browse to it.Also, the mouse is double clicking instead of single clicking and I cant find a mouse setting to change this.System has been infected a while. Dad uses system restore when it gets bad, but it doesnt seem like that is a permanent solution. Thanks in advance for your help.Here are my logs..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Jerryberube at 19:42:30 on 2012-01-01Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3075 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\program files\dell\media experience\d... Read more

A:infected with malware - dont know what kind

Hi Bubba7827,

I will be handling your logs to help you get cleaned up. Please give me some time to look them over and I will get back to you as soon as possible. Thanks in advance for your patience.

61 more replies
Answer Match 44.94%

I've spent the last 48hours trying to get this off my computer. When it first started, I could not run any antivirus/spyware programs and my online searches were corrupt. Several hours later, I now have control over those, but I can not seem to keep bratsk, zcfsvgvy and bgvovsvk out of my msconfig or registry.So far, my malware programs have shown: virtumondo, smitfraud, antiviruspro 2009 and some win32 trojan w/ files that start w/ TDSS. Several of my logs can be seen here: http://www.bleepingcomputer.com/forums/t/190413/infected-virtumondo-antivirus-2009-bratsk-and-buddies/I have run SmitFraudfix, vundofix, mbam, spybot and sdfix. It originally took SDFix to regain control over my computer, but the problems are still there.Please help. I'm running XP service pack 3.Thank you,Ben

A:Infected with (easier to list what I dont have)

Hello mach430,I apologise for the delay, the forum is extremely busy.----------------------------------------------Download and Run HijackThis Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please.Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

17 more replies
Answer Match 44.94%

I have been trying to uninstall an application but after sometime it gives the error with the registry - Error 1402. Could not open key:HKEY_LOCAL_MACHINE\Software\Classes\adbanner.adbanner\CurVer. Verify that you have sufficient access to that key, or contact your support personnel.After hitting OK button, the uninstall processs cancels itself and gives the messageFatal error during installation1. Tried using Administrator Account to login, but same error2. Tried several times to repair the application, and then uninstall, but same errorOS-Win XP SP2AV-McAfeee 8.5.0iApplication-Adobe Acrobat 6.0.1 Professional Ran RegCleaner (4.3, Build 780 by Jouni Vuorio, homepage www.jv16.org) which found over 500 corrupt registry items and deleted them all. I have been able to install and uninstall this application on several previous occasions. No idea what could is wrong with the system registry? Dont know if it related to this topic: Vbs/autorun.worm.k, but I have been having a problem before this came up.Checked the registry and there seems to be several items whcih have been duplicated. The second entries are with the number 1 added to the end.Any help is highly appreciated.ThanksSaurav

A:Registry Infected / Hijacked Dont Know

You have an opened HJT log postedyou should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply I... Read more

1 more replies
Answer Match 44.94%

heres my story- went to ticketmaster.com and the first thing that happened when I got there was adobe reader popped up and the address it was listed with looked bad??? It was just a blank adobe page. please copy and paste the link below- This will bring you to the Norton community were I posted this same story about ticketmaster.com.

http://community.norton.com/norton/b...cending&page=1


By reading through that thread does it sound like Im infected?

A:Ticketmaster.com virus I dont know if im infected

Hard to say without reviewing any logs, which is what we want members to do before posting for possible malware removal assitance.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 44.94%

i dont know whats going on in my computer. all these things pop up telling me im infected and telling me that i should download their spyware remover. plus three shortcuts installed themselves onto my computer. one is a spyware and malware remover, error fix, and privacy protector. well i just did a HJT and this is the log.

PLEASE HELP!!!

Logfile of HijackThis v1.99.1
Scan saved at 4:35:59 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program ... Read more

A:Solved: please help!!! infected with... i dont even know anymore.

8 more replies
Answer Match 44.94%

This happened to me a few months ago and I was able to remove it then.  The virus seems to have updated itself and now I can't enter into ANY of the safe modes and I don't know what to do.  I have a Dell Inspiron running Windows 7 and I'm lost.  I've spent hours searching for a solution but NOTHING is working! In 16 hours I'll be heading out of town and won't be able to get on this computer for 2 weeks, and I'm afraid of what'll happen if I just let it sit like this for 2 weeks.  PLEASE HELP!!!!

A:Infected by ICE Moneypak virus and DONT KNOW WHAT TO DO!!!!!

Hello annoyedwithmydell I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "... Read more

3 more replies
Answer Match 44.94%

I used the available resources I have and dont think anything abnormal showed up I have logs in them i guess. I use MBAM, Spybot s&d, and eset nod 32 - 4.2.71.2 one day I had a problem I dont recall what it was but i restored to a point that was a couple hours before i noticed it. and a bunch of things seem missing. also now start menu is completely off from what I had. Now when i click all programs go to a folder open and it says empty, also frequent progs i used were pinned next to start button and are missing. I went to their folder and replaced them though. afew libraries I added are missing also. I sure there is more going on but i havent dug? any help is appreciated.The folders missing i cant find but i typed a word into the search bar when you click on start button and some of those files showed up but i can only get to those folders in that way. and i cant think of all the search words i could use to see each one C:\Users\John Doe\Downloads\Torrent Complete\video\squirt is the location it showed in properties. i cant find where that library and a few others are so i created them again for all the new stuff i got. Oh yeah I use Black Vipers sugested services settings the one labled safe. i tried reading all details of dervices i dissabled but didnt realize a few kept me from conecting to my wireless. and after diagnoseis it said wireless card not connected i think. so i went back to services and fixed that problem almost forgot i have... Read more

A:dont know if im infected but stuff is missing

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

39 more replies
Answer Match 44.94%

I had a USB that I placed in my computer yesterday which had at first glance an icon for some "slideshow" thing, and a folder, which then was quickly found by MSE and taken off of the USB drive. I scanned the USB Drive again and there were some hidden files that it took care of: backdoor:MSIL/Bladabindi.BWorm:Win32/Gamarue.N and Gamarue.F I took precautions and also downloaded Malwarebytes, did not find anything, scanned again with MSE, did not find anything, Downloaded Zemana just incase im being keylogged, ran Rkill: Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 10/06/2014 01:17:27 AM in x64 mode.Windows Version: Windows 7 Professional Service Pack 1Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * C:\Windows\TEMP\irstrtsv\scrncap.exe (PID: 2744) [WD-HEUR]1 proccess terminated!Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * No issues found.Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * No issues found.Program finished at: 10/06/2014 01:17:... Read more

A:USB Potentially infected, need to know if I dont need to worry!

Greetings Xenon366 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter prob... Read more

12 more replies
Answer Match 44.52%

Dear All,

Please refer to the attached excel file. i would like to create a user form for this document. but i do not know how to do so...

can some experts teach me on that?

thanks...
 

A:Using Mircosoft excel to create, edit and find an entry

Hi Allen,

Welcome to the forum, the tag of your post "Using Mircosoft excel to create, edit and find an entry" and the question about a user form.
What do you need to have in the user form?
I haven't looked at the file, so probably the whole explanation is there, but before anyone downloads a file the question has to reflect what the poster need.

I'll download the file and take a look but it you think you have additional information, please post it.
 

1 more replies
Answer Match 44.52%

i dont no how much spyware there is but i thinks its alot i get messages every 5mins and warning ballons on the taskbarheres the three skan results u wantedKASPERSKY ONLINE SCANNER REPORTTuesday, June 03, 2008 5:18:48 PMOperating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 3/06/2008Kaspersky Anti-Virus database records: 825458Scan SettingsScan using the following antivirus database extendedScan Archives trueScan Mail Bases trueScan Target My ComputerC:\D:\E:\F:\G:\H:\I:\J:\L:\Scan StatisticsTotal number of scanned objects 347083Number of viruses found 6Number of infected objects 13Number of suspicious objects 0Duration of the scan process 02:57:06Infected Object Name Virus Name Last ActionC:\Boot\BCD Object is locked skippedC:\Boot\BCD.LOG Object is locked skippedC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skippedC:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skippedC:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skippedC:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skippedC:\Program Files\InstallShield I... Read more

A:Infected With Alot Of Spyware I Dont No Wot Any Of Its Called

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following...Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of t... Read more

26 more replies
Answer Match 44.52%

Logfile of HijackThis v1.99.1Scan saved at 2:37:06 PM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exeC:&... Read more

A:Dont Know If Im Infected,or What With But Month Old Toshiba Laptop

Mcafee keeps saying trojan found and cleaned, then the same one five minuets later, and five minutes later, and it wont stop, and now it wont let me open mcafee virus scan.here is the log:Logfile of HijackThis v1.99.1Scan saved at 12:50:49 AM, on 7/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.... Read more

4 more replies
Answer Match 44.52%

Moved to appropriate forum,Virus, Trojan, Spyware, and Malware Removal Logs.~~boopmeLogfile of Trend Micro HijackThis v2.0.4Scan saved at 12:19:32 PM, on 6/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Microsoft SQL Server\MSSQL$... Read more

A:am I infected, I dont know how to interperet the results of Hyjacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 44.52%
A:Infected with TDD & google keeps redirecting. Dont know how to remove it

Hello stashz I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

15 more replies
Answer Match 44.52%

Using windows vista. Task manager does not come up as an option when i use ctrl-alt-del, and using run and typing taskmgr doesn't work either (I get a message saying it has been disabled by administrator, I have 1 account only on this laptop and i am the administrator and i've done nothing to disable it).

Also the windows firewall has disabled itself (internet security and malware protection options are still ticked and running, just the firewall has been turned off) and cannot be turned back on (the off box is ticked and all options are greyed out and unclickable).

I have run full system scans with avg, avg-as and windows defender turning up nothing.

A:Possibly Infected But Scans Dont Show Anything

Welcome to BC daedulusSome types of malware can indeed place restrictions on your computer and disable tools like Task Manager.Have your tried running your scans in "Safe Mode"?Then perform at least one Online Virus Scan:(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)ESET Nod32 Online Scanner <- Choose the option to remove threats. (Vista compatible but Internet Explorer must be Run as Administrator. To do this, right-click on the IE icon in the Start Menu and select "Run as administrator" from the context menu.)F-Secure Online Scanner. <- Follow the directions on the F-Secure page for proper Installation. (also checks for rootkits) (Vista compatible)

1 more replies
Answer Match 44.1%

Hi,

I am trying to make a new letterhead for my business, and I have an image that I would like to appear on the right hand side of everypage. Basically I want to be able to put the image in something like a side header but I dont think these exist. I was hoping someone new how to make a text box do the same job as a header and footer and then I could put the text box on the right hand side of the page, but you will no doubt have a better solution. Additionally, I need to lock the image if possible so nobody can type over the image or move the image around. Is this at all possible.

Thanks for looking and hope you can help.
 

A:How to make an image appear in the same place on everypage in Mircosoft Word 2003

If you don't mind having a faded image, you could insert the image into the Header, right click on it and choose Format Picture and on the Layout tab choose Tight. Position the image where you will then exit. When you now type in the document all text will wrap around the image and not over it. If you increase the contrast of the image via the Picture Toolbar before exiting it will appear more clearly in the document.
 

2 more replies
Answer Match 44.1%

Logfile of HijackThis v1.99.1
Scan saved at 3:22:29 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\All Users\Application Data\cbszufad\ufohgdif.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\qrsjatgt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Hijackthis\HijackT... Read more

A:pop-ups, trojan.zlob have infected my computer and i dont know how to remove them

Hi Welcome back to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fix... Read more

1 more replies
Answer Match 43.68%

hey everyonejust today my computer was what seems to be hit with a malware infectionit wont show cached google links and opens new links into new windowssome malware programs will not work to install them.shown below is my hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:38:50 PM, on 3/20/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Dell\QuickSet\quickset.exeC:&... Read more

A:hijack this log: malware infected so that google links dont work

Hello adocherty Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you.I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please perform the following:Do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Onc... Read more

25 more replies
Answer Match 43.26%

PC is infected with so many different things I dont think it'll be good to try to list them all here. But I had trojan-gen and virtumonde and the bsod screensaver. It's just that in the last three days I have run spybot and av scanners so many times, in normal and safe modes, and there is still something here that I can not find. I hope someone can help. Here are the log files from the dss scan and I am sorry but I am unable to connect to kapersky. I keep getting kicked out. Don't know if it's my system or if the site is unavailable. Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-07-31 17:03:47Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-08-01 00:03:55 UTC - RP8 - Deckard's System Scanner Restore Point7: 2008-07-31 23:36:50 UTC - RP7 - Software Distribution Service 3.06: 2008-07-31 23:16:21 UTC - RP6 - Software Distribution Service 3.05: 2008-07-31 22:34:10 UTC - RP5 - Software Distribution Service 3.04: 2008-07-31 17:07:44 UTC - RP4 - Removed Google Earth-- First Restore Point -- 1: 2008-07-31 15:06:09 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------logfile has ... Read more

A:Infected With I Dont Know What. Hijacked My Desktop And Screensaver And Is Sending Virus Emails

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

2 more replies
Answer Match 43.26%

my computer has been through a lot this past month. First it crashed somewhat and gave me an error on startup. I moved a seperate master harddrive and installed a copy of windows XP on it to fix this problem. On that newly installed version of windows it was fine for a while after activation but then later the computer began to stop running programs, no windows system programs would work. IE, Most Control Panel functions. After this i switched to the formerly courrupted drive. Computer worked fine for a lil while but then things stopped working just like the other computer even though the Harddrive isnt connected to it now.

As of Now this is a list of the programs that dont run.
They just show the load icon for a split second then nothing:

WINDOWS EXPLORER (on startup i have to open it manually using task manager)
SYSTEM RESTORE
INTERNET EXPLORER
DESKTOP MANAGER
CONTROL PANEL (Folder will open but absolutely nothing in it will run)
WINDOWS INSTALLALLER (some programs wont open)

Ive tried a couple of programs but im open to recommendations if anyone has had or heard of this problem I NEED HELP HERE IS MY

also sometimes when i try to install things windows intstaller gives me the problem that theres somthing wrong with my Windows Authencation

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:16 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WI... Read more

A:MAJOR COMPUTER PROBLEM... INFECTED >>> VIRUS? MALWARE? REGISTRY? dont kno

Anyone Please Help>>> }
 

1 more replies
Answer Match 41.16%

i dont know what do to and how to update the drivers i dont have a cd player on laptop so how would i fix this problem
 

A:My dell latitude speakers or head phone jack dont work help(i dont have cd player)

i searched for drivers on dell and it says there is 1 crystal something audio driver thats avalible for my laptop can i download it as my current thing is a sigmatel driver should update it
 

2 more replies
Answer Match 41.16%

Hi, I am Emy from the Netherlands. Wish you all a nice day!

I have troubles with - at least - one of the computers in the little network here. I will describe some of the troubles.
-Links to internetpages on the desktop dont work. I need to paste those in a blank window.
-2 weeks ago the home internetpage was blocked. After looking in a lot of forums I found how to change the homepage to Google. (by changing the registry)
-Online scanners for spyware dont start/are interrupted or dont find anything wrong
-Windows installer is coming up after every click I make to install Symantec Antivirus. But Symantec is already installed.
-I tried programs like Ccleaner and ATF; also Combofix. The last one was also interrupted (black screen). I installed the recovery console. Dont know how to delete this console.
-Even when I dont use this computer, it is like the computer is busy - at times (sounds like when using a program busy converting media files)
-I couldnt activate my membership. Not using the first link, nor the second one. Got a message that something wrong.
-I found srchassctl in the registry. Erased the Search Assistant. After rebooting ACMRU was gone, but SrchAssCtl is here again
-I found msmsgs a lot of times on this computer. I think the problems started with a message in the Live messenger.

Now I will paste the properly files to this topic. DDS and Attach
DDS (Ver_09-02-01.01) - NTFSx86
Run by nel at 16:12:09.10 on 2009-02-16
Internet Explorer: 6.0.2900.5512 Bro... Read more

A:Malware but scanners dont start/are interrupted or dont find anything

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

25 more replies
Answer Match 41.16%

ComboFix 11-07-22.02 - escritorio 22/07/2011 16:45:36.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3319.2810 [GMT -3:00]
Executando de: c:\documents and settings\escritorio\Desktop\download\ComboFix.exe
.
ATEN?AO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERA??O INSTALADO !!
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))
.
.
2011-07-22 13:17 . 2011-07-22 13:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-22 12:20 . 2011-07-22 12:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-22 12:14 . 2011-07-22 12:15 -------- dc-h--w- c:\windows\ie8
2011-07-21 20:41 . 2009-07-23 03:13 306 ----a-w- c:\windows\myClean.bat
2011-07-21 20:22 . 2011-07-21 20:22 -------- d-----w- c:\documents and settings\escritorio\Dados de aplicativos\ElevatedDiagnostics
2011-07-21 19:56 . 2011-07-21 19:56 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2011-07-21 13:04 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-21 12:59 . 2011-07-21 12:59 -------- d-----w- c:\windows\system32\NtmsData
2011-07-21 12:54 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-07-21 12:49 . 2011-07-21 12:49 472808 ----a-w- c:\windows... Read more

A:iexplorer dont work with javascript and mcafee dont install

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410725 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

2 more replies
Answer Match 39.9%
A:Got a used laptop with k9 web filter on it and i dont want it i dont know password

6 more replies
Answer Match 39.9%

when i try to turn off my computer or reboot , my computer do nothing , what i do its i turn off with the Windows Task Manager some programe in the one by one and each time i ask to turn off my windows xp. and when i turn off the one called xpwin.exe . the windows turn off corectly. now i try to find whats is this programe do it . now Riskyone101 ask mee to do some programe and i give you the result.

thanks for your help. and have a nice week end.




DDS (Ver_09-05-14.01) - NTFSx86
Run by marc at 9:27:00,61 on 2009-06-20
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.281 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pho... Read more

A:the computer dont turn off or dont reboot

j'ai fais un scan avec BitDefender Online Scanner - Rapport virus en temps réel



Généré à: Mon, Jun 22, 2009 - 11:39:21


--------------------------------------------------------------------------------





Info d'analyse



Fichiers scannés
88522

Infectés Fichiers
28








Virus Détectés



Adware.Webhancer.A
2

Application.Webhancer.AE
2

Application.Adware.NewDotNet.B.Dropper
2

Adware.Webhancer.C
2

Adware.Whenu.BSR
3

MemScan:Trojan.Generic.967157
4

Spyware.Webhancer.U
2

Trojan.Generic.1142005
1

Spyware.Webhancer.F
2

MemScan:Trojan.Generic.1427433
1

Trojan.Generic.1747387
2

Gen:Trojan.Heur.GM.006040E022
1

Adware.Generic.66017
2

Adware.Generic.60122
2

3 more replies