Tech Problem Aggregator

Desktop infected with malware; locks up; disables web page

Q: Desktop infected with malware; locks up; disables web page

Hello
I have an HP desktop that runs Windows 7. It is infected with various viruses and malware.
I had Norton installed until about a week ago (it expired), but it didn't really help me. I recently
found out that in spite of being declared clean, this computer and the USB drives that I back up
to are infected. When I tried to use some files I copied from C: to a USB on another computer,
I got an error message for the USB when it was inserted stating that it was infected and it listed
all of the infected files. Also I notice that Google search now only works some of the time. It is
my default homepage. The computer stalls and takes forever to browse a web page sometimes.
Until recently, if I was not constantly using it, like if I stopped typing for a few minutes, it would
lock up and I would have to reboot to get it going again.

Can you recommend a software for my home PC that will check the USB drives for viruses when
they are inserted in addition to protecting the hard drives.

Thanks very much for any assistance that you can give.

Here is my system info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 6050 Mb
Graphics Card: Intel(R) HD Graphics Family, -1262 Mb
Hard Drives: C: Total - 941879 MB, Free - 857139 MB; D: Total - 11886 MB, Free - 1455 MB;
Motherboard: PEGATRON CORPORATION, 2AC2
Antivirus: Norton Security, Disabled
Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:27:56 PM, on 11/1/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Office\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141" target="_blank" class="invilink">http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Price Check by AOL - {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{N360211018-SHPD-FSD40014}] C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe /m (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{N360211018-SHPD-FSD40014}] C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe /m (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware View USB (vmware-view-usbd) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: VMware Horizon Client (wsnm) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe

--
End of file - 14168 bytes

A: Desktop infected with malware; locks up; disables web page

Also, this keeps showing up. Not sure why. I bought a legal copy from the
Norton website.

1 more replies
Answer Match 68.88%

Hello!I am infected with some Virus/Malware which has totally disabled my Firewall.Recently I was using Sygate Personal Firewall and AVG Free Edition antivirus.One day I noticed in my Firewall strange process named "CSRCS.EXE".I manually tried to kill it within Sygate Firewall. I rebooted my computer and (avg free edition) detected: "TROJAN HORSE ROOTKIT-AGENT.DI" but was unable to remove it. I also noticed that my Sygate firewall didn't start anymore. Reinstalling didn't help.I tryed System Restore to previous checkpoint but it did not help either.Another problem was that some autorun-virus spreaded on every usb flash drives I had connected recently (autorun.inf file was infected on all drives). And when I used those usb flash drives on other computers it spreaded along. I manually disabled autorun function on WinXP on all computers and deleted all infected files (autorun.inf) on my usb flash drives.I used Online Eset Scanner which has removed csrcs.exe, rootkit-agent.di and autorun-virus.I also checked computer with "Malwarebytes' Anti-Malware" and "Ad-Aware".Now I am using only Kaspersky Internet Security but firewall and Network Attack Blocker is still disabled by virus. Kaspersky has found "korn.exe" and some other threads on my computer and successfully removed them. But it can not remove firewall blocking virus. Kaspersky doesn't even detect the virus/malware. Virus obviously starts when WinXP is booted and disables... Read more

A:Infected with Virus/Malware which Totally disables FireWall

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Answer Match 68.04%

I have caught a virus that locks my desktop with a web page or impostor that threatens me to pay otherwise my machine will be locked. I cant open task manager or anything, i even try to open windows as safe mode. Don't work.
 
What can i do
 
Thanks in advance
 
NB: The infection seems to be a ransomware with name : Rogue Antispy-AH
 
From a live cd i run ROguekiller. It seems to clean it but another scan by this tool get me a folder not found error in iexplore /shell/
 
 
Update: I finally manage to clean the ransomware buy using rootkiller in Safe mode. Before my first usage of Roguekiller the block existed in the safe mode too.
Thanks anyway. I would write here for people who will suffer the same fate.

More replies
Answer Match 65.52%

I uninstalled adobe reader and reinstalled it, now computer locks up after desktop loads and goes to a blue screen error message. I can get to safe mode but can not uninstall adobe reader.
 

A:Home page loads desktop then locks up with blue screen error mesage

7 more replies
Answer Match 64.68%

Hello. I was sent here from my previous thread http://www.techsupportforum.com/forums/f10/pc-desktop-sometimes-freezes-up-800034.html#post4911298
to see if my PC desktop's constant freezing is from malware.

Here's DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dashel R at 5:16:01 on 2014-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.285 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.e... Read more

A:Desktop Frequently Locks Up Malware Check

Bump, please; it has been four days.

3 more replies
Answer Match 57.54%

Hello All. I seem to be infected with some rather malicous malware. It redirects most search engine results upon click to advertisments. I have followed a trusted friends advice and booted into safe mode, ran Rkill, then scanned with Malwarebytes and someinfections were found and removed. However, when i boot back into normal mode AVG still prompts to remove the following infected files:

c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini

Threat name: Trojan horse backdoor.generic15.AXLA

However, the "move to vault" option fails with AVG in normal mode.

I am not sure where to go from here, and any help would be greatly appreciated.

Thanks!

A:Infected with Malware. GAC_32\Desktop.ini and GAC_64\Desktop.ini

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment. If you still don't have internet access in Safe Mode With Networking, you will need to download the installers onto a flash drive from a working computer and transfer them to the problem PC.Also, if you have any of the following programs already installed on your machine, download the latest version along with updates, then run the scan.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click ... Read more

4 more replies
Answer Match 55.44%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 23:25:27.39 on Tue 04/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.372 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoin... Read more

A:Infected with malware (automatically opens IE and shows some web page)

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Answer Match 55.44%

Help! I can't seem to access my yahoo home page without getting a malware pop up telling me to order malware wipe to get rid of a W32.Myzor virus. I can't seem to restoremy home page to yahoo. Also, I am infected with a trojan virus. I seem to get alot of pop ups and had ADWARE get rid of alot of them.Logfile of HijackThis v1.99.1Scan saved at 8:34:22 AM, on 12/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Video ActiveX Object\isamonitor.exeC:\Program Files\Video ActiveX Object\pmsngr.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXEC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Comm... Read more

A:Infected With Trojan Virus And Malware Is On My Home Page

Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.Please do not run any other options until you are asked to do so.

4 more replies
Answer Match 55.44%

EDIT: After doing the Panda scan, it appears my IE home page is no longer hijacked, but my desktop still is and the other problems still persist, although I haven't seen a Norton alert since after I restarted my computer after the Panda online scan, which hasn't been too long now. However, before restarting my computer but after the Panda scan, I was getting the Norton alerts described below.

Hello,

Just today my PC has been under attack from a bombardment of virus popups, my desktop being hijacked, and slowdowns. My Norton Antivirus has automatically deleted some stuff, and I did a scan with that as well as Panda Online scanner, AVG Antivirus and Ad-Aware. I'm still getting some Norton alerts, and my desktop and IE home page are still hijacked. Most noticeably, my PC is running slow, and oddly some things aren't working properly, like I can't open notepad (used Word to view the logs below), and when I right-click on my desktop and hit properties, no window comes up. To combat this, I tried going to the Control Panel and double-clicking Display, but again no window came up. Then out of curiousity, I tried the other Control Panel functions, and none of them were popping up windows when I double clicked them. This is really annoying, and I hope some of you great people can help me out!

The main alerts I've been getting from Norton are W32.Virut.B!dam (http://securityresponse.symantec.com...030710-0506-99), which is scary, since the description s... Read more

A:My PC is infected, running slow, and my desktop and IE home page are hijacked

16 more replies
Answer Match 54.18%

I have an HP desktop with Windows XP.

I can't install spyware removers because windows installer no longer works.
System restore and Malwarebytes do not work either.

I have spent countless hours trying to fix my computer without any success.

Please help.

DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 19:55:58.12 on Sat 10/03/2009
Internet Explorer: 6.0.2800.1106

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
mStart Page = hxxp://us7.hpwis.com/
mSearch Bar = hxxp://srch-us7.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.D... Read more

A:hp desktop pc is infected with malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 54.18%

Hello,
I have a completely non-functional desktop computer.
When I opened Firefox today it had a message that I needed the latest version of Java. In the process of downloading Java a lot of of other programs were downloaded too. It initially looked legit, so I don't know were and how I went wrong.
I run Malwarebytes and it reported I had multiple viruses and malware. I quarantined them all, and I was told to reboot. At this point it all went haywire. When the computer restarted there was an unending succession of pop-up windows telling me that a .dll program did not belong to Windows, and it seemed like it was the same program listed repeatedly in reference to many other programs/software I have(for example Skype). I could't get rid of the pop-up windows. I also couldn't open Malwarebytes because when I OKed its access to my computer I got back a pop up from Malawarebytes that read: "error 3.. the file is read only file". I could reboot or turn off the desktop either, so I disconnected it from power.
Now I don't know how to give you all the specifics of the desktop because I thought that it was risky to turn it on again, and I am writing to you from my laptop. Could you get that info from my last post (about a previous problem)? I have Windows 7 and a Dell Studio XPS. I'll wait for your instruction on what my next move should be. Could it be that I got all this malware from infected or malicious version of Firefox? I also got an e-mail form XFinity that told m... Read more

A:Help! My desktop is infected with a bot/malware

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I can't answer your questions about how you got infected, even if I could look at your logs. It would at best be speculative.

Also, we can't help you without looking at logs from our analysis tools, so you will have to run the tools on your machine.

------------------------------------------------------

First, use your laptop to download Farbar Recovery Scan Tool to USB drive on your laptop.

Next, disconnect your computer from the internet. Boot up to Normal Mode and see if you can run the tools.

If you find it impossible, turn off the computer and try booting to Safe Mode: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode and press 'Enter'.
------------------------------------------------------

If no luck with Safe Mode, try Last Known Good Configuration

---------... Read more

16 more replies
Answer Match 54.18%

Hi folks,This is my first post and any help/solution to my problem would be appreciated.A few days back, my desktop computer got infected with some malware. I was recieveing tons of popups in minutes and it extremely slowed my computer.There were various messages, warnings, popups asking me to install "System Defender" or "Antivirus 2008" and as far as I remember, this malware, did install Antivirus 2008 on my system since there was a Shortcut on my Desktop which I deleted.Thinking that creating a new Windows user might help me, I went ahead and created a new Computer Administrative user. It did help me for 2-3 days but today I am seeing the messages asking me to install "System Defender" or "Antivirus 2008".I have tried using Xoftspy, Lavasoft, Trojan remover etc with no help.Then after extensively exhausting myself, being a non-techy person its hard for me, I found the following topic on this site, Laptop Full Of Malware - http://www.bleepingcomputer.com/forums/ind...howtopic=152234which is a pretty similar bleepuation to mine.So going according to the "Preparation guide For use...." topic, i am pasting my DSS main and extra text files. I didn't do Kaspersky internet scan, no reason.Main.txtDeckard's System Scanner v20071014.68
Run by Amandeep Singh on 2008-07-06 03:20:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully ... Read more

A:Desktop Infected With Malware!

okayyy....so since I was unable to keep myself waiting I went ahead and did some more searching and found this article http://www.bleepingcomputer.com/malware-re...-antivirus-2009I followed it and have seemed to solve the problem since neither Malwarebytes nor Xoftspy are able to find any trojans/malwares etc. on my PC.Does that mean I am all set or is there anything left?

11 more replies
Answer Match 53.76%

so...I've got a western digital hard drive that i used to back up an old xp machine that was dying....

plugged it into a a vista home premium dell inspiron 1525 laptop to download some of the data on it....while vista was searching for a driver on the western digital drive, i clicked on my computer.....no icon for the hd....so i waited (longer than i would have expected), until vista said the hd was ready to use...

but the external drive never stopped running

i clicked on my computer again to find the external drive icon....the window opened with the "location bar" at its top, but nothing else...when i clicked in the window, it's header added "not responding"

so i tried to close it....eventually it closed, and took the desktop and the quick launch bar with it, leaving the background and the sidebar, and an open firefox window (still functional)

i unplugged the hd from the usb port, and all returned to normal

not a conflict i can live with

anyone have this problem? (couldn't find it iin a search of this forum)....or a fix...
i'm off to see what i can find on google.
any help would be appreciated.
thanks
 

A:Solved: external hd disables desktop

16 more replies
Answer Match 53.34%

Upon initial boot, everything is very slow to respond. Eventually, the desktop appears, but then a high-low tone is heard, then a low- high tone is heard. A few seconds later, another high-low tone and then a shorter pause before hearing the next low-high tone. The pause between the two tone combinations gets shorter and shorter, until the screen goes black and either shuts down the computer OR brings up a BSOD.  Because of the decreasing amount of time, I am unable to do anything to stop it from reaching the endpoint of its behavior. Please help me get rid of this!

A:Desktop appears to be infected by malware that does this:

I would strongly advise you not waste heaps of time & headache chasing ghosts... rebuild it or put it back to Factory.
 
Cheers,Drew

 

3 more replies
Answer Match 53.34%

Hi. My computer is infected with various malware. I have tried various malware removal tools that say it can't remove the following viruses: Orsam!RTS, Omarik.tdl4 & Alureon.A. I keep getting Stop Notice 10000001E with system restarts. IE doesn't work on the first try. I was using Google Chrome, but it would shut down half the time when I linked to a website. Here are my logs that are required. (Thanks for your help in advance! Eric)

(Hackthis log)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:40 AM, on 2/5/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hp\Digital Imaging\s... Read more

A:My Windows 7 64 bit desktop is infected with Malware

10 more replies
Answer Match 52.92%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, Intel64 Family 6 Model 23 Stepping 7
Processor Count: 4
RAM: 4094 Mb
Graphics Card: ATI Radeon HD 4850 Series, 512 Mb
Hard Drives: C: Total - 715401 MB, Free - 587598 MB; M: Total - 238414 MB, Free - 90369 MB;
Motherboard: PNY Technologies, MBM630I7100
Antivirus: System Shield, Disabled

Hi. So my System Shield gets disabled by this virus. My antivirus shows that it blocks: AVmanagerunified.dll...; FWmanager.DLL.....; GCCheck.exe_6357166.......... and GTBCheck.exe........... The dots indicate many numbers that foillow the file extension. Yes, I get popup ads, AVG temp tells me I have over 290 problems to solve but wants a subscription to solve. Not sure if its legitamite or not. Please help.
 

A:Malware disables System Shield

Also, I had noticed the following:

browser modifier:win32/couponRUC and W32/Heuristic-COC/Eldorado
 

2 more replies
Answer Match 52.92%

I use winxp pro sp2 in my laptop.I got this malware from a phone sometime back.what it does is disables the keyboard,sometimes completely sometimes partially.after a forced restart it is alrite but for a few mins or hoursI have already formatted the whole drive 3-4 times,and used updated avast,KAV,AVG and even all of these online scanners,but to no avail. The keyborad is disabled even during fresh O.S installation.there are 2 files in Documents n setting-"jinitiator3122.trace" and "NTUSER.dat".sometimes the cursor moves by its own and makes sounds while the windows r minimised.PLEASE HELP

A:Malware disables keyboard even during o.s installation

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 52.92%

Department SOP is to remove the suspected HD and Slave it to a known good Bench PC then update/run McAfee AV, Malwarebytes and Spybot S&D at least 2x. If that doesn?t do it I just wipe it (NOT FDisk & Format... I mean WIPE!) then re-image and return to service. All data is SUPPOSED to be saved to a Network Home Directory. I?m actually working on this one cuz the user has a ton of downloaded programs used for his job. (And the experience will make my Kung Fu stronger.) And I wanna do the Malware Stuff here after I get the required number of posts.

McAfee was disabled so I mapped the HD to my PC and scanned it as a network drive. 1st time around all (McAfee AV, Malwarebytes and Spybot S&D ) found something and removed. 2nd scan turned up nothing.

Wohoo Success!

Made the formerly infected HD the Master to do a routine clean up/defrag before returning to service. Oops, now I can't use Ctrl+Alt+Del to logon in either Normal Boot or Safe Mode. I see the mouse/KB being recognized during boot and both Caps lock and Num lock light up on both of the KB?s I?ve tried.

It?s time for some Malware High Mojo!

BTW, we're using XPsp3.

A:Malware Disables Ctrl+Alt+Del Command

Hello...We need to disable Spybot S&D's "TeaTimer" if running.TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyTASK MGR DISABLEDThis step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp... Read more

9 more replies
Answer Match 52.92%

I seem to have gotten a nasty malware infection that disables all of my security software, thereby preventing any attempts to remove it.

I am running Windows XP SP3 on a QuadCore Intel Q6600 with 4Gb of RAM.

I originally had the Internet Security 2012 bug but was able to remove it manually using suggestions from this forum. No more popups or fake infection messages. But when I tried to scan my system using SuperAntiSpyware and MalwareBytes they would start up and then die before completion. There seems to be a process which detects that they are running and kills them. Trying to run it a second time yields a message saying "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I am able to reactivate the program using inherit.exe, but this does not help it run to conclusion.

I tried various suggestions I found such as changing the .exe extension to .com or.scr to no avail. Neither does renaming the executable to a fake name or even changing the name of the install file. These seem to have worked on previous versions of this malware, but no more.

Windows Task Manager works fine and shows one suspicious process named 2291299609:3867831671.exe. I cannot kill this process. I found a few entries in the registry with the same name but was reluctant to delete them.

My AVG software has been disabled and I cannot get it restarted.

The strange thing is that other than the security software, most gener... Read more

A:Malware disables all security software

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

28 more replies
Answer Match 52.92%

work computer I was on CNN.com and security system popped up / could not exit / ran that, and it said I had a lot of malware...wanted $ to clean...ckecked Inet and other advice was to get a spyware removal program would help...again $ to clean. Ran system restore / system slow---might have bad things on sys still.

A:xp desktop runs slow and infected with malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 52.5%

DDS Log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 15:59:50 on 2011-07-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1050 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.E... Read more

A:Infected with a virus that disables all antivirus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408990 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

25 more replies
Answer Match 52.5%

my runs perfectly I mostly use my computer to play video games and internet,but since last I reinstalled windows 7 x64(was using the same version before) occasionally malware anti malware bytes and bitdefender antivirus stop working and my pc freezez and i am not able to access control panel or shut my pc down or anything i have to forcefully shut my pc and when i restart it everything works fine.please let me know if I can provide anything else regarding my problem,its my first post on this forum so please forgive me for any inconsistency in my question.thanks in advance.and i will be waiting eagerly for a reply.
 

A:BitDefender antivirus and malware disables itself and PC freezes

Your (C)hard drive may be dying...
 

6 more replies
Answer Match 52.5%

Hello all- I'm running XP Media Center with SP3 installed.

Malwarebytes Pro Installed. Security Essentials installed.

Was able to run a scan w/ MWB last night, with no evil found. Attempted to update Security Essentials last night- but something is blocking updates via Microsoft.

Today, MWB pro won't open at all, gives error "run time error 372: failed to load control from ieframe.dll" etc.

Browser (IE8) will now not open.

All this appears related.

Anyone have any insight?

Thanks in advance!

A:malware on XP SP3 disables Malwarebytes and Security Essentials

Thanks for the move, hamluis.

Clearly I'm new to the forum. Hopefully someone has some insight.

9 more replies
Answer Match 52.5%

//Mod edit: See this thread for additional information. http://www.bleepingcomputer.com/forums/t/131417/rhond-a-adware-ipwins-infection/Dear Folks,My system ( Destkop running Windows2000 ) is infected with spywares and malwares. It displays annoying popups and RED X mark on systray. I had earlier posted this in the incorrect forum and as per the expert advice, I have followed all the instructions and have created this new thread.Please find the attached HJT log. Sincerely appreciate your response in cleaning up my pc.Thanks_______________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:31 PM, on 2/19/2008Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINNT\System32\svchost.exeC:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINNT\System32\SCardSvr.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\devldr32.exeC:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEC:\Program Files\Offline Course Player\OlpSynch.exeC:\Program Files\Common Files\... Read more

A:Desktop running Windows2000 is infected with spywares and malware

Hello YARO and welcome to the BC HijackThis forum. Let's see what else we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change... Read more

15 more replies
Answer Match 52.5%

I keep seeing "a write command during the test has failed to complete..."
"System Message"- Write fault error.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by gyimah at 17:06:46 on 2012-09-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.5668 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSp... Read more

A:Infected with Malware or a virus that erased all of my files on my desktop

Im sorry im infected with spyware thats why all of my files appear like they are deleted, please help

3 more replies
Answer Match 52.08%

Hello all, I am a new member so I will try and follow all rules. I haven't run the hijack this script/app yet, more information to follow. I shouldn't need much step by step direction as I am a pretty savvy IT user.

I clicked on a weblink within Piratebay (I can get you the specific link if you want) and when redirected, I got sent to a site with some nasty javascript that installed malwaredefender on my Vista PC. Here are my corrective courses so far:

1. Denied all registry changes via Avast when the install was happening
2. Tried running spybot S&D right after the icons were on my desktop and the application was installed
2a - Spybot has stopped working error
3. Automatic reboot of my PC (I did not send a shutdown command)
3a - rebooted into normal mode
4. Vista let me know (politely) that Avast has stopped working
5. Downloaded Kaspersky free trial and Spybot S&D installers
6. Installed new Kaspersky and Spybot,
7. Rebooted into normal mode
8. Kaspersky and Spybot has stopped working error
9. uninstalled kaspersky
10. booted into safemode with networking
11. installed kaspersky/spybot
12. apps just do not come up within safemode
13. booted into normal mode
13a Kaspersky, Spybot, IE and Mozilla have all stopped working error from vista
14. tried doing a system restore
15. bluescreen
16. booted into normal mode

When I leave the PC in idle mode in normal mode, I find that IE is running hidden and skypenames.exe is being run off and on. Also... Read more

More replies
Answer Match 52.08%

I was recently called to help a friend with a spyware attack. The visible threat was a version of the Internet Security Suite 2010.

Safe-Mode was disabled, taskmanager was disabled, the installed AV/Firewal/Spyware product was "running" but had obviously been compromised (Trend Micro Internet Security Suite).

MBAM was having trouble getting installed, even after re-naming the file (I see now that your 'site has added an "mbam.exe" download). I had previously found a link to your ComboFix app, and had downloaded it (I see now that you guys have added a lot of warnings about using it). I ran ComboFix and it worked superbly (Thanks!). And I will be getting MBAM running on it to double-check the cleaning process, as ComboFix reported rootkit issues.

Upon returning to your site I now see all the warnings about using ComboFix. I'll certainly be a lot more circumspect about using it in the future. But after all that I have a few questions.

1. What issues are you seeing as a result of ComboFix being run on Windows XP systems?
2. Is Vista more tempermental than XP for a ComboFix attempt?
3. If the threat worked-around the installed Trend Micro Internet Security Suite in the first place, is that software any good now, post-infection? Or does it have to be replaced/re-installed to have any chance of being effective again?
4. Are you seeing any problems with AVG 9.0 / ZoneAlarm/ Ad-Aware/ MBAM (free)?
5. Do you recommend doubling/tripling-... Read more

A:Malware suite disables safe-mode & MBAM

Forgot to ask: Are you seeing any issues with using USB drives to install the fix-it tools? Can the USB drive be compromised itself?

I used to burn CD's of the tools, figuring it was a safe method to use to install the tools, but with the updates coming so fast, I was going CD's like mad, and the USB drive is so dang handy...

1 more replies
Answer Match 52.08%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:35 AM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Pro... Read more

A:Malware disables TrueVector Internet Monitor Service

Please disreguard this hijack-this post. The problem has been solved by uninstalling
and then re installing Zone Alarm.
Sorry and thanks to you all.
Yesproblem.

2 more replies
Answer Match 52.08%

Here's a puzzler in a newly installed XP Home-SP2 computer with OE6. When mail is accessed via OE6/dialup, then read normally, then OE 6 is closed; the desktop appears to become almost frozen - certainly the icons on the desktop become inactive. None of the desktop programs/icons will launch a program. I don't think they can be launched from the start menu either - but I'm not sure, since I didn't try that while helping a friend with this issue.

BUT - If I just log off, then back on, (even while leaving the dialup connected and active)....the desktop seems to recover and all icons/programs on the desktop work normally. Odd?

joesam
 

More replies
Answer Match 52.08%

I'm sorry, but I don't know the name of the infection. When Windows XP first starts up, I see my desktop background and AVG antivirus briefly appears in the system tray. A few seconds later, AVG disappears, the desktop turns blue with a message saying my computer has been compromised, and I get a fake system message saying I need to download an antivirus software it prompts me to purchase. Also, a phony malware scan begins and says I have a bunch of malware that only this software can fix. Googling the symptoms turned up lots of results for smitfraudfix. It started a few days ago. Scan done in safe mode.
DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Administrator at 20:20:49.43 on Tue 08/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1686 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper... Read more

A:Desktop hijacked, disables antivirus and prompts for software download

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current co... Read more

2 more replies
Answer Match 51.66%

Hi all, first i would like to let you know I'm not a native English speaker so I'm sorry about the grammars and spelling errors.

First I'm a former paramedic in the army and due to an injury i started a new career in the IT as a coder in .net last year. So I'm not a expert but i pass the last week doing research and trying to understand the problem.

Since I'm a student i was able to got legal Microsoft Development Software such as Visual Studio, Expression, SQL Server etc..

Desktop 630i Specs
Dell XPS 630i (Windows 7 64 Bit Ultimate)
Visual Studio 2010
SQL Server 2008
Office Professional 2010 (Bought from the ultimate-steal student offer)
Netbean
Adobe CS5 Master Collection (Bought educational license)
Aptana Studio
Filezilla
EasyPHP
Asus Laptop

OS Version: Microsoft Windows 7 Édition Familiale Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4095 Mb
Graphics Card: NVIDIA GeForce GT 320M, 1024 Mb
Hard Drives: C: Total - 28901 MB, Free - 3842 MB; D: Total - 14996 MB, Free - 14902 MB;
Motherboard: ASUSTeK Computer Inc., K50ID
Antivirus: Norton Internet Security, Updated and Enabled
Here is the step I've done.

Everything started when i found my browser Internet Explorer 9 hanging almost all the time and a adobe flash player update each time i reboot my Desktop.
So i check my Windows Update and i was surprise to see any update installed withi... Read more

More replies
Answer Match 51.66%

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.7.2
Run by Luc-Michael at 15:22:16 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5942.2683 [GMT -5:00]
.
AV: Rogers Online Protection Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Rogers Online Protection Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Rogers Online Protection Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin�... Read more

A:Infected with Trojan virus Disables computer if removed. Need Help.

MBAM-Log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luc-Michael :: LUC-MICHAEL-HP [administrator]

Protection: Disabled

06/01/2013 6:20:43 PM
MBAM-log-2013-01-07 (15-36-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267442
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Luc-Michael\AppData\Local\dplaysvr.exe -> No action taken.

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Luc-Michael\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\update.exe (Trojan.Agent) -> No action taken.

(end)

27 more replies
Answer Match 51.24%

After updating McAfee virus signature and rebooting, RealTime Scan keeps disabling. Also received a pop-up that said:
Security Threat
Warning! Your Computer is at Risk of Malware Attacks.
http://www2.realsafepc2yp.xorg.pl says.
Click OK.

McAfee website posted a statement that they know about problems with the update and list the problems it caused. However there is NO mention of the Realtime scan disabling or the Malware popup.
I would appreciate it if someone can help.

This is my HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:19:28 PM, on 4/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Progra... Read more

A:McAfee update disables Realtime Scan - Malware Warning

7 more replies
Answer Match 51.24%

My laptop screensaver had a Spyware warning asking me to click here and it kept taking me to:<http://windows-privacy-protection.com/?aid=444.471>The system tray kept popping up warnings, every now and then a red dialog box would do the same. I uninstalled Internet Explorer from System Components, but it still pops up now and then, but can't access anything from it. The message on my screen is no longer there because I uninstalled IE, but it said something to the effect of "Your computer is infected with Spyware, it's in danger, people are attempting to attack your computer" and then at the bottom, had a link to that windows privacy thing asking me to buy something. At the very end of this message, I've added a log from Malware's LOG (mbam)Deckard's System Scanner v20071014.68Run by Jigna on 2008-06-15 17:50:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-16 00:50:23 UTC - RP174 - Deckard's System Scanner Restore Point2: 2008-06-15 22:56:18 UTC - RP173 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.1: 2008-06-15 20:30:00 UTC - RP172 - Removed Symantec Client SecurityBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jigna.exe) --------------------------------------------... Read more

A:Malware / Virus Infected Laptop And Desktop Screensaver And System Tray

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

2 more replies
Answer Match 51.24%

Hello,

My problem is whenever I open up a page that has either a video or music being played on an embedded Windows Media Player, my whole browser freezes up...

At first i thought that maybe it was one of my Firefox add ons acting up, but it happens in regular internet explorer as well

sometimes I will even get a message that says something like: "can not create directshow player"
when i get that message though, the browser doesn't freeze up
can anyone help me out here?
 

A:Web Browser Locks when WMP is on a page

Try this:
Start> Run> type regsvr32 jscript.dll and then click OK.
Next type regsvr32 vbscript.dll and then click OK.
You should receive a message after each that the dll was successfully registered.
 

3 more replies
Answer Match 51.24%

Hello,

After having a birthday party for my 9 year old son, whose friends were all using the computer, Internet Explorer opens up and tried to load the initial web page but never finishes loading and becomes unresponsive. I upgraded to IE7 but the same thing is still happening. Thank god I have firefox already loaded, because that is the only way I can access the inter now.
I have done a hijackthis log and will post below, if anyone can help me get IE working again I would greatly appreciate this.

Logfile of HijackThis v1.99.1
Scan saved at 5:14:54 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
F:\WINDOWS\BCMSMMSG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\bak\vptray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI... Read more

More replies
Answer Match 50.82%

Greetings = I wouild appreciate any help you can provide. Recently purchased, I use an HP G72 running Windows 7 (64 bit), and until recently IE7. Recently had my backup email compromised with spam sent to my contacts(my new email actually the only contact on that account). Downloaded Spybot & AntiMalwarebytes and ran both. Spybot identified some Java files as Trojans and quarantined. Did get one blue screen bit didn;t associate it at the time, also some random popups. Later downloaded SuperAntiSpyware amd Stinger10101243 which identified and deleted the following file:
C:\ProgramData\WildTangent\cce3413e-970c-4a71-8c00-6c078273746c-extr.exe\27.nsis
Found the Artemis!78AD4DC8DBF6 trojan !!!
C:\ProgramData\WildTangent\cce3413e-970c-4a71-8c00-6c078273746c-extr.exe\27.nsis is infected with the Artemis!78AD4DC8DBF6 virus !!!

Had a lot of temp files on hard drive so also ran CCcleaner and deleted a lot of those temps. Security notifications started that AntiVirus and Firewall were not active and I was not able to start them or access the McAfee website using IE8, but was able to use firefox. Later recieved many wireless network messages that internet was not availabe (even though I was able to access this site).

DDS log follows, bit GMER was not run - it there is a 64 bit version I will run that.


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Sheila at 13:43:50.52 on Thu 12/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

=============... Read more

A:Malware/virus disables McAfee AV/firewall and affects wireless access

Bump please. Thanks!

19 more replies
Answer Match 50.82%

I'm using Windows 7 Ultimate 64bit. I have tried HitmanPro, Avira, Ad-Aware, and Housecall. Some of these have detected some stuff, but none were able to fix my problem. I don't know if these are relevant or not but I figure I'll post them incase they are.HitmanPro found:C:\Windows\SysWOW64\pbsvc.eveC:\Windows\SysWOW64\GameMon.dexC:\Users\MT\AppData\Local\Temp\ICReinstallAd-Aware found:Description: c:\users\mt\appdata\local\temp\gnstvn.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 799954ca0a8359b741774ba3a5e3417cDescription: c:\users\mt\appdata\local\temp\ikstun.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cd60e5417d0c0d55b382f4f156866508Description: c:\$recycle.bin\s-1-5-21-1088705886-981287941-3149203639-1001\$reaay32.dll Family Name: Trojan.Win32.Buzus Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 5855a1853c83728294ffb3285a6731b0Description: c:\$recycle.bin\s-1-5-21-1088705886-981287941-3149203639-1001\$rm2pxe3.rar::arcane.dll Family Name: Trojan.Win32.Buzus Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: Avira found a few too but when I checked the logs all the scan results said No virus or unwanted programs found.I also had problem downloading DD... Read more

A:Malware redirecting Google search results and disables Windows Security

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

18 more replies
Answer Match 50.82%

Guess I have got some Virus or Malware as today a number of different problems started with my PC.Firstly the keyboard stopped working, the message in Device Drivers was "Windows cannot load device driver and there is a previous instance of it still in memory (code 38)" - I managed to fix this by uninstalling then reinstalling the keyboard driver but it stopped working again about an hour later. Obviously I fixed it again to be able to type this.Then new browser windows started opening up automatically (firefox) - one directed me to a site called theclickcheck.com via various other forwarding sites. Another tried to open a PDF file: the_compelling_case_for_conferencing.pdf don't know what the hell that is but shut it down straight away.I ran Superantispyware and Antivir which found nothing. I also tried to run Kaspersky online but this would not run nor would Trend Micro Housecall (they both failed at the final stage of definition download).I opened IE to search for what these problems might be and when I clicked on any of the google results i was redirected off to weird pages that had URLs totally unconnected to what I selected.really hope someone can help, thanks in advance.MCEDIT: 6th June - While using the PC this afternoon Antivir alerted me about RKIT/Bezopi.G in C:\WINDOWS\temp\rdl117.tmp I quarantined this. Here are my logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Home user at 21:30:19.75 on 05/06/2010Internet Explorer: 7.0.5730.11 Brow... Read more

A:Malware or Virus disables keyboard, opens browsers, redirect to theclickcheck, etc

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Answer Match 50.82%

Untill I get a laptop of my own, I'm using my great aunt's netbook (Eee netbook which uses Windows XP) since I just moved out to a dorm to attend the new college I'm at right now. I wanted to use my roomates printer, and since the netbook doesn't have a CD drive, I decided to try and find the software online so I could use it without installing the disk. Bad idea.

A few hours after installing the program (which did nothing but freeze up, but I had to run to class, so I didn't have time to worry about it), the computor restarted itself, and all of a sudden, there were these two new icons on the taskbar; a red circle with a white x in the middle. Whenever they popped up, they said something about how I have spyware, and that I had to download something for it. I ran Mcafee, and it said that the system was clean, but after the scan, after I clicked on one of the new icons, mcafee came up, and told me that it was a trogan and that it was deleted. I was kind of confused, but I disabled the alerts on the taskbar for the new icons, and I didn't think about it further.

Today (two days later), however everything has been acting strange. Popups have been coming up saying that a certain website needs a new font thing installed, and everything from aol and google had a pop up ad where there weren't any before. Also, when i used a search engine, I'd get an add instead of the link that I clicked on. Mcafee freaked out, and after a scan, it told me to restart the computor to get rid of a ... Read more

A:Malware: resistant to McAfee; blocks malwarebytes, disables task manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 50.82%

First off, THANK YOU SOOO MUCH for taking your time to look at this and help me out.

On 09/22/10 , our computer around 6PM got a fake antivirus virus that popped up and installed automatically. I went and removed it off my computer. That one was called "Malware Doctor". Later, about 2 hours later, I got another one that popped up on my task bar called "Antivirus 2010". That one didnt install and I removed it. On 09/23/10 i started up our computer, and I got Antivirus 2010 again. I exited out of it, and removed it. Then I could not access the internet via Google Chrome, so i tried AOL. AOL worked, but it was freezing as always. I decided to restart my modem and my computer.

When I turned it on, It would go past the XP screen and continuously reboot. I then hit F8 many times, and got the menu(not sure what its called) and make it so it would not auto-reboot on system failure. I then got this error on a blue screen when i booted and had it set to not auto-reboot:

Stop: c000021a {Fatal System Error}
The Windows logon process system process terminated unexpectedly with a status o
f 0xc0000022 (0x00000000, 0x0000000)
The system has been shut down.

I do not have a XP installation disc, but I do have the windows recovery disc. In this thread I got help, and found that 3 files the virus was messing up.

These are the 3 files in the WINDOWS\SYSTEM32 folder that were messed up:

Winlogon
Userinit.exe
msgina.dll

I took... Read more

A:[SOLVED] Infected by multiple instances of malware/viruses -No desktop,start menu, or

Sorry for bump, but I have more info and I cannot edit the post.

I keep getting redirected when I am on any site, whether its yahoo, or even tech support forum. It keeps taking me to "google-analytics.com" and then a site that has a fake malware scanner, then it give me a javascript pop-up when i exit saying I am infected.

About every 5 or so pages I go onto it does this. I got a screeshot of it luckily, but not of the malware scanner thing, i closed that as soon as I could (not enought time to take a screenshot, save and take another).

Here is the screenshot.

19 more replies
Answer Match 50.82%

I've been enjoying gmail for months, but suddenly, my computer locks when it reaches the loading page, just after I sign in. I've gone to troubleshooting help, and followed directions to uncheck enable third party browsers, and clear cache, to no avail. I am unable to reach my gmail account on this computer.
 

More replies
Answer Match 49.56%

Please help. I was looking for PIA PRO, a property investment program and was stung by this virus. 
My home page has changed, when I click on something, another page will open then lock with a warning message with a voice letting me know that my private details are at risk.
 
Thanks in advance.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Silvana (administrator) on LENOVO-PC (11-09-2016 11:29:52)
Running from C:\Users\Silvana\Downloads
Loaded Profiles: Silvana (Available Profiles: Silvana & aurif_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\Eps... Read more

More replies
Answer Match 48.3%

Hello,

I'm running Windows XP SP2 on a Intel Core2Duo E6420.
I am infected with an unknown virus.

The symptoms:
- my antivirus got disabled (Bitdefender 2008); in the meantime I tried to reinstall it and failed. Now I have no antivirus installed.
- task manager and registry tools(regedit,gpedit) are disabled.
- online virus scanners are unaccessible - I tried bitdefender and eset and the page does not load; also, the homepage for mcaffee, bitdefender and kaspersky does not load
- I get no disk errors for most of the applications I am using. E.G. "windnwl.exe - No Disk There is no disk in the drive. Please insert a disk into drive \Device\HardDisk1\DR8"

What I did:
1. Before coming to your site, I tried using some malware removal tools I had. I ran a HiJackThis scan, then Combofix, then MalwareBytes, then Combofix again. No use. I know now, it was a bad idea. However, I have saved logs from each of them and can provide them if requested.
2. I made an account here and ran DDS. DDS.txt is copied below and Attach.txt is attached.
 Attach.txt   6.09KB
  0 downloads
3. I tried running gmer, but it stalls somewhere during the scan. The last line is "Disk \Device\Harddisk0\DR0 sector63:root-like behaviour; copy of MBR".
Also, during the scan, the following error keeps poping up:
"windnwl.exe - No Disk There is no disk in the drive. Please insert a disk into drive \Device\HardDisk1&#... Read more

A:Infected with unknown virus that disables task manager, registry tools, antivirus, blocks online scanne

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

15 more replies
Answer Match 47.88%

I have run Spybot, Malwarebytes and SAS successfully, however my computer still locks up after a few minutes on the internet. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:46:06 PM, on 10/14/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18975)Boot mode: NormalRunning processes:C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exeC:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exeC:Program Files (x86)HPDigital Imagingbinhpqtra08.exeC:Program Files (x86)McAfee Security Scan2.0.181SSScheduler.exeC:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXEC:Program Files (x86)HPQuickPlayQPService.exeC:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exeC:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exeC:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exeC:Program Files (x86)VerizonVSPVerizonServicepoint.exeC:Program Files (x86)Common FilesJavaJava Updatejusched.exeC:Program Files (x86)AVGAVG8avgtray.exeC:Program Files (x86)HPHP Software UpdatehpwuSchd2.exeC:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exeC:Program Files (x86)Common FilesRealUpdate_OBrealsched.exeC:Program Files (x86)Hewlett-PackardSharedHpqToaster.exeC:Program Files (x86)HPDigital ImagingbinhpqSTE08.exeC:Program Files (x86)HPDigital Imagingbinhpqbam08.exeC:Program Files (x86)HPDigital Imagingbinhpqgpc01.exeC:Program Files (x86)Internet Exploreriexp... Read more

A:no malware, but pc still locks up

Hi Vlad68!!.. It looks like you're using a pretty old version of AVG: 8... There seems to be a bug in one of AVG's components - linkscanner, see here: AVG 2011 Bug Affects Browsing Experience, Could Also Hurt Websites (other versions of AVG could also be affected)... That's why I suggest uninstalling AVG completely and either upgrade to the newest version of AVG (AVG Anti-Virus Free Edition 2011) or install another antivirus of your choice, for example one of the programs recommended on my site: Recommended protection programs ... Let me know what you decide and what problem persists...

7 more replies
Answer Match 47.88%

Hey, the previous thread on this expired, but I have new information so I'll repost it.

New desktop locks up periodically
Hey, I got a desktop from cyberpowerpc about a month ago. However, I'm having a very odd problem. The computer runs brilliantly 95% of the time, but sometimes it just locks up for no apparent reason. I could be watching a video or just browsing the web, and suddenly it just makes this very odd noise (brrrrr), well its hard to describe the noise, but basically it just completely freezes on whatever screen I had up. I can't do anything, including move my mouse or bring up task manager, I just have to do a hard restart of the computer. The first time it happened, maybe a few days into using the computer, I got a BSOD. I restarted it, and it worked fine for a while. Now it happens on an every-other day basis, but I never get a BSOD anymore, just freezes as described. Sometimes after I restart it, it will freeze on me a few more times, others after restarting it, it won't happen again for days. I really have no idea what's wrong. I don't think its a virus/trojan or any program because it started happening quite randomly, not after some kind of installation. I'll post full computer specs and speedfan info:

CAS: Sigma Gaming Orca Mid-Tower 400W Case
CASUPGRADE: NONE
CS_FAN: Default case fans
CPU: AMD Phenom(TM) X4 9950 Black Edition Quad-Core CPU w/ HyperTransport Technology
CD: LG 20X DVD+/-R/+/-RW + CD-R/RW DRIVE DUAL LAYER... Read more

A:New desktop locks up periodically

You can do some troubleshooting however if this system is only 1 month old, you might want to send it back.

If you want to troubleshoot the system, do the following;

1 Download and run memtest for at least 2~3hr. If it returns one error, that is too many.

2 Download and run the hard drive maker's diagnostic utility for checking the drives.
Note both of the above run from bootable media so no os even needs to be loaded.

3 Download HWMonitor and let that run for a while. See if your 12V rail is going up and down. If it is, then you probably have found your problem.

BTW it would help if you posted the brand of pw supply. 580W means next to nothing.
 

1 more replies
Answer Match 47.88%

My WinXP SP3 laptop started not allowing the destop to work. Then the desktop stopped showing up at all. Now the only way I can run the machine is in safe mode. Tried running Malwarebytes no viruses found. Went through the steps to report a new problem. Attachments included. Any help appreciated.

Yellowjacket 55

A:Virus locks up my desktop

Hi,I don't think this is a malware related issue here though. I think the cause is the multiple Antivirus installed + eventually your Zonealarm. They are clashing up here.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems, programs not working properly and a serious system slowdown. So, what we can do here is to temporary uninstall all the ones you are having now. You can reinstall only 1 afterwards again. But we need to uninstall them first to resolve the problem first.Go to add& remove programs and uninstall the following:avast! Free AntivirusAVG Free 8.5Ad-AwareZoneAlarmZoneAlarm Toolbar <== this toolbar is not required anyway.Then REBOOT! Important!After reboot, post a new DDS log in your next reply.

4 more replies
Answer Match 47.88%

Hey, I got a desktop from cyberpowerpc about a month ago. However, I'm having a very odd problem. The computer runs brilliantly 95% of the time, but sometimes it just locks up for no apparent reason. I could be watching a video or just browsing the web, and suddenly it just makes this very odd noise (brrrrr), well its hard to describe the noise, but basically it just completely freezes on whatever screen I had up. I can't do anything, including move my mouse or bring up task manager, I just have to do a hard restart of the computer. The first time it happened, maybe a few days into using the computer, I got a BSOD. I restarted it, and it worked fine for a while. Now it happens on an every-other day basis, but I never get a BSOD anymore, just freezes as described. Sometimes after I restart it, it will freeze on me a few more times, others after restarting it, it won't happen again for days. I really have no idea what's wrong. I don't think its a virus/trojan or any program because it started happening quite randomly, not after some kind of installation. I'll post full computer specs and speedfan info:

CAS: Sigma Gaming Orca Mid-Tower 400W Case
CASUPGRADE: NONE
CS_FAN: Default case fans
CPU: AMD Phenom(TM) X4 9950 Black Edition Quad-Core CPU w/ HyperTransport Technology
CD: LG 20X DVD+/-R/+/-RW + CD-R/RW DRIVE DUAL LAYER (BLACK COLOR)
FLASHMEDIA: INTERNAL 12in1 Flash Media Reader/Writer (BLACK COLOR)
FAN: CoolerMaster Hyper TX2 Gaming CPU Cooling ... Read more

A:New desktop locks up periodically

I assume you are using VISTA?
Is the noise you mention like the hard drive accessing all of the time - does it display a constant red light for example? If you leave the computer for a few minutes without rebooting see if it unfreezes.
Have you tried rolling back to an earlier time when it worked fine using System Restore?
Have you updated the BIOS to the latest version?
Have you updated all the latest VISTA patches and drivers for your kit?
If all of these dont work are you using McAfee Antivirus? some have reported problems with it and VISTA
 

1 more replies
Answer Match 47.88%

HOW DO I change the logon idle time before it locks the computer and the only one who can unlock the desktop is that user or an administrator... students will not log out then it locks the desktop. Or can I force a log off if left idle?? There must be a place in win2003 server to change this perhaps in policies???

THIS IS NOT a screen saver question. This happens only the computer is idle. The workstations are running xp pro but they are authenicating on a new 2003 server. Not many default setting were touched. Infact, I only changed 1 or 2 small items with internet explorer. any help please!!
janet
 

A:desktop locks when idle

I know and have used a product called deepfreeze. This product automatically shuts down a computer after a set period of idle time and then reboots the system with the original settings and programs that were installed. Students can't change desktops or backgrounds, install programs, etc...if they do the program deepfreeze reboots computer to original configuration.

As for settings what happens when windows standby thereby requiring reentering of password, that might be able to change in the power management section. Keep looking for other more intelligent help
 

1 more replies
Answer Match 47.88%

Hello everyone, I am new to forums and have always relied on others to fix things for me, this seems like a much better option

I recently had a new vid card installed, an nvdia9800 gt . also had to put in a new power supply supply to support it. When my desk top is idle for 20 minutes or so it freezes. I can use my mouse but cannot open anything and have to manually restart. If I am idle in a game or program I have no trouble. My screen saver is diabled, but makes no difference. PLease help I am tired of having to keep turning my computer off when I leave the room, as I cannot shut it down the proper way when it freezes up.

Thank you

A:desktop locks up while idle

I have the exact same problem! I have to keep counter strike (a game) running 24/7 so my computer doesn't lock up. I also put in a new power supply so that might be the problem. Someone help!

1 more replies
Answer Match 47.46%

I have been working on a fix for my system lock-ups.
At first I thought maybe my PSU was dieing. The lock-ups did not get worse as I suspected they would, and even became less frequent.
I can get locked when I'm on the web with 5 pages running. But not all the time. I could have no web pages open, but lock-up with just the e-mail running. or with just one web page open. Or i could start the system, log in, walk away, only to come back to find it locked-up. As I am typing this the system is running fine. It never locks up when I am playing Battlefield 2142.
AVG finds nothing when it runs all the way though. Malwarebytes, and SuperAntiSpyware locks up on complete scan in the same file. (C:\Windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lang\chtskf.dll). Quick scan with same programs only finds tracking cookies. I ran MalWareBytes with rrkill several time to the same lock-up outcome.
Spy-Bot S&D runs all the way though but finds nothing.
I ran Check Disc in repair mode. Ran the System File Checker. and am still having same problem.
When I had enough..I slaved the disc onto another machine and externally scanned with AVG9. Nothing found.
My system :
I built 5 years ago.
AMD Athlon 64 2800+ ASUS K8N Mobo
2.5 Gigs Kingston DDR400 PC3200 RAM
Maxtor Diamond9 80 Gig drive
Original MGE PSU 480 Watts that came with case.
Windows XP Professional Service pack 2
I was hoping someone might have an idea that might... Read more

A:Locks up during malware scans

Hello , I feel this may be a soft or hardware issue. I am moving this to XP. If they deem it necessary we can come back.

21 more replies
Answer Match 47.46%

First, Hello,
This is my First Post, I just found your forums here during a search for Tech chat rooms.. (kinda weird looking for a chat and finding this forum )
But I feel this is a blessing in disgiuse.

Now for the problem, My Freind was online playing a turn based game, last night. There was a power outage at his house, lasted less than a second he said, but long enough to shut his computer down, when he tried to reboot, it did, but once it gets to his desktop the computer freezes up..
This happens everytime, my freind just started his own small computer company and has access to some programs and things that I don't, he says he has program that runsoff of 6 floppy diskettes, that scan's the hard drive for errors and virus's, and he used it and since you run it by booting the pc with diskette #1 and then run thru the disks as they ask for them, and it does this before the computer boots-up that it worked, but to no avail it found no problems with the hard drive and no virus's.

So can anyone help us??
Thanks in advance to all those who try
Also I hope this is in the right Topic as I said this is my first post
 

A:Computer Locks up after booting to Desktop

Possibly a single corrupted file, what OS is your friend using? It may be the case that a simple "over the top" install will solve the problem if the errors lie within the OS startup files.
 

2 more replies
Answer Match 47.46%

I have a gigabyte ga-7ixe4 mobo with 1.2 athlon cpu and with latest bios updates and a tnt2 vid card with latest drivers . lots of ram (256) with 85% free a sb sound card with latest drivers. Nascar4 crashes to desktop about 20-30 seconds after i get in the car or while watcing a replay. I have tried every update and driver known to man and can not get the game to run properly.
 

A:nascar4 crashes to desktop or locks up

Try a lower screen resolution, sometimes it's as simple as that...Rhett
 

1 more replies
Answer Match 47.46%

Not sure if this is the right place to post this but here is a description of my problem.
While playing games or playing video my computer sometimes locks up. It becomes non-responsive to any input, if there was sound playing it loops, and the monitor displays the last frame, sometimes there are purple or green artifacts but usually the screen just remains the same.
It seems to happen more or less with different games, I rarely get this problem with Diablo 3, but get it quite frequently in Skyrim, and sometimes during Arma 2. It happens from time to time while watching video, whether it be Youtube, some other stream or even playing .mkv on VLC media player.


Here are my specs:

OS: Windows XP Home Edition SP3
Motherboard: EVGA nForce 790i SLI Ultra, 132-CK-NF79
Processor: Intel Core2 Q9550 @ 2.83 GHz (4 CPUs)
Memory: Patriot Signature 4GB DDR3 PC10600 1333MHz CL9/HS (PSD34G13332H) (I realize xp home only recognizes 3 gigs)
GPU: EVGA Nvidia GeFore GTX 260
PSU: Coolermaster 850w, product no. RS-850-EMBA

I've already tried reformatting my harddrive, and reinstalling Windows to no avail. Installing drivers, rolling back drivers to no avail.
Since I don't have extra parts to swap out with, I'm not really sure what could be causing these problems.
Also I ran memtest a couple times with no problem, will consider running for an extended period just to make sure. I also checked system temps and voltages, which seem to be in acceptable ranges, so I don't think t... Read more

A:Desktop Locks Up During Video or Gaming

Hi Welcome to TSF

Is your computer or Graphics card overclocked?

Go into your BIOS > Under Health Section can you provide the voltages on 12v rail

12 more replies
Answer Match 47.46%

Hello, I have been having problems with my cpu lately. Upon loading when the cpu gets to the desktop it freezes entirely. I can move the mouse but cannot click on anything and alt cntrl del does not work either, i can only reboot. I have eset nod32 and malware bytes, both negative except for malware bytes says something is in my system restore points. I have went into msconfig and was able to write to you guys here by booting in diagnostic mode with just essential services enabled. Strange thing is that I have windows xp sp3 and when I change something in msconfig it says I need administrative privlidges to change something...but it changes what I do anyway....strange. I really hope you guys can help me, im out of ideas and not sure what do do, thanks..ps: my log is from when i booted up with some services disabled or it would lock uppps : I had a virus"antivirus live" a few weeks ago, eset told me to system restore and I did, it worked, theni ran malware bytes and it detected a few things and deleted them.DDS (Ver_09-12-01.01) - NTFSx86 Run by Valued Customer at 15:42:06.10 on Wed 01/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -5:00]AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\s... Read more

A:system locks upon startup at desktop

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

2 more replies
Answer Match 47.04%

Hello,

I recently started getting intermittent freezes at the welcome screen or desktop (No new programs had been installed for weeks). At first, they happened every few reboots, and progressed to the point of happening after each reboot.

A few days ago I decided to perform a clean install in an attempt to track down the issue. After the installation completed, I installed the motherboard drivers and let Windows begin the automatic updating process. The computer worked fine until this morning, when I encountered my first freeze. Aside from the windows installation, here are the programs I have installed:

Mozilla
Google Chrome
Steam
Deathadder (drivers)
Nvidia Experience (drivers)
Filezilla
CCleaner
Origin (for BF3)
Core Temp (Monitor CPU Temp)
Itunes
TeamSpeak 3
Microsoft Office 2010
MSI Afterburner (Monitor GPU Temp)

The only programs installed today were MSI, Nvidia Experience and Itunes.
My computer loads safe mode w/networking each attempt. It also loads Windows when I perform a selective start using no services or start items, and when only Microsoft services are de-selected.
I use CCleaner for the purposes of clearing temp. files and do not utilize the registry cleaning portion.

Should I assume a Microsoft service is the culprit?

How should I go about troubleshooting this issue?

Thanks,
Daniel

A:Computer Freezes/Locks at welcome screen or desktop

  
Quote: Originally Posted by dewviking




My computer loads safe mode w/networking each attempt.


Hi dewviking.

Boot into Safe mode with networking and post it following the Blue Screen of Death (BSOD) Posting Instructions.

It will help us to answer your question properly.

9 more replies
Answer Match 47.04%

Computer starts bootup and passes HP logo screens and gets to user selection boxes and freezes. Touch pad won't move pointer. Have tried in safe mode and same result. Tried Fn F7 no result. Tried old restore disk and cd drive works but does not show any files. Don't have old Win XP disks. Have tried holding down power button and that does not work. Am hoping to find a boot disk that will work without screen pointer to try and fix problem without any action by user until fix is made. Thanks for help. 

More replies
Answer Match 47.04%

Alright so, i am usin Win xp SP2 32 bit, to start it off. I bought this pc off a friend, it runs good other than the random freezing/locking up (sometimes) and random pc restarts. It mainly does it when im playing games, or i can just be on the desktop browsing the web or anything and it'll lock up sometimes. When i mean lock up i mean totally lock up as in cant move the mouse, cant ctrl alt delete, nothing everything is frozen solid. Also a day or 2 ago, my PC got 2 bluescreen errors in game and pc restarted. Any help is appreciated, and if you need any more information i'll be gladly to post
 

A:Desktop randomly freezes/locks up and restarts PC

What did the errors say and how much ram is in your gaming pc and what graphics card are you using.
 

12 more replies
Answer Match 46.62%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 46.62%

Hello, and thank you in advance for your help.

I have been through the whole Preparation Guide and have the logs ready to post here.

I have a computer, running windows XP that has a virus or malware that disables or shuts down anti virus software or other programs. I had some trouble getting the GMER scan to complete since it would run for hours then shut down at some point. So after 3 attempts I saved the initial findings that load and have them here to post.

I have no idea what type of virus this is, so I need help determining what to do next.

I have attached the Attach.txt file (from the DDS scan) as well as the ark.txt file from the GMER scan.

Thanks,
DaddyOf3

DDS Log here:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 16:09:25.03 on Sun 12/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.139 [GMT -8:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\svchasts.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\... Read more

A:Virus or Malware that Disables Anti Virus Software and other programs

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

60 more replies
Answer Match 46.62%

My 5-year-old Dell used at home with XP and SP3 has a malware/virus and I need help. My McAfee virus scan does not detect it and their technical assistants refuse to help. . .

SYMPTOMS: Starts with booting-up sometimes it will take multiple starts/shutdowns to start computer. Explorer opens to a window asking if it want to go to last session or open new window. If last session is opened anywhere fro 25-70 ad pages will try to open and will lock things up. The search line is typically directed to "fulldotfind.com." Music, ads, talk show will spontaneously play over speakers. Using Yahoo as a browser will redirect searches to ads. I'm sure there are other things I'm leaving out.

HAVE TRIED: 1) Spybot- app will not open (it was successfully removed). Smitfraud Fix- app will not open (it was successfully removed). 3) Hijackthis-app will not open (it was successfully removed). MALWAREBYTES- app will not open. CANNOT remove it. It states app is being used. All items in its program folder were deleted except for "mbamext.dll 1.1.0.0" (status: still there). 5) McAfee "deep scan" no effect" still installed and running.

ATTACHED: 1) DDS filed zipped 2) GMER would not run (click on "Run", the hourglass appears then nothing), so it is not here.

Please Help. . I am an older person and not very computer sophisticated but I am will try my best to follow instructions.
This is our family's computer, it is used a lot and is... Read more

A:Malware disables spyware redirects to "fulldotfind"

My 5-year-old Dell used at home with XP and SP3 has a malware/virus and I need help. My McAfee virus scan does not detect it and their technical assistants refuse to help. . .

SYMPTOMS: Starts with booting-up sometimes it will take multiple starts/shutdowns to start computer. Explorer opens to a window asking if it want to go to last session or open new window. If last session is opened anywhere fro 25-70 ad pages will try to open and will lock things up. The search line is typically directed to "fulldotfind.com." Music, ads, talk show will spontaneously play over speakers. Using Yahoo as a browser will redirect searches to ads. I'm sure there are other things I'm leaving out.

HAVE TRIED: 1) Spybot- app will not open (it was successfully removed). Smitfraud Fix- app will not open (it was successfully removed). 3) Hijackthis-app will not open (it was successfully removed). MALWAREBYTES- app will not open. CANNOT remove it. It states app is being used. All items in its program folder were deleted except for "mbamext.dll 1.1.0.0" (status: still there). 5) McAfee "deep scan" no effect" still installed and running.

ATTACHED: 1) DDS filed zipped 2) GMER would not run (click on "Run", the hourglass appears then nothing), so it is not here. (GMER report added thanks to Ried 03/23/09)

Please Help. . I am an older person and not very computer sophisticated but I am will try my best to follow instructions.
This is our family's ... Read more

16 more replies
Answer Match 46.62%

Hey guys, if someone can check to see if anything is wrong, I feel as if my PC is infected.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:12:21 PM, on 1/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WIND... Read more

A:Possibly Infected With Something.....locks Up With Jpg Files

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 46.62%

Hello forum experts, I hope you can help. I have a bleeping computer situation!

My machine is a Windows 7 Home Premium SP1. I was looking at Google Images (for pics of Bear Grylls), clicked on one, and Firefox immediately resized to approx 1" square. There was a brief indication of a fake security scan but was moving so fast I couldn't read it.

I've tried running Malwarebytes and Microsoft Malicious Software Removal -- they both freeze up the computer and I have to use the Power button to shut it down.

Please advise.

More replies
Answer Match 46.62%

Hello everyone. I'm trying to solve a problem. My PC has been running slower than usual lately, and while online web surfing my PC often becomes unresponsive for no apparent reason.

Then I started getting this popup saying "Either there is no default mail client or the current mail client cannot fullfill the messaging request. Please run Microsoft Outlook and set it as the default mail client."

I have Windows XP installed and I use Comcast Cable for my internet provider. I have Norton Security Suite, (comes with comcast), I've tried some other free utilities, Glary Utilities and Wise Disk Cleaner, none of which seem to help.

I've also noticed when I try to log into my credit union account, after I click sign on, I get the pop up twice, and then instead of taking me to my account information, it takes me to a page that requests credit card number, pin number, etc...see attached printscreen below the log. I'm afraid to enter my personal account data into that screen. Thank you
Below is the hijack this log I just ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:15 AM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.... Read more

A:Possible Malware - Annoying Pop Up and computer locks up for no reason

Problem solved. I ran a full scan with Norton's security software and it did not find a single problem. I then uninstalled Norton and installed Microsoft's Security Essentials, and ran a full scan. Four and a half hours later it finished scanning; 5 trojans were found, 4 were deleted and 1 was quarrentined. My PC is running great now. I thought I was going to have to do a clean install, but all is well now.
 

1 more replies
Answer Match 46.62%

All of a sudden , my desktop shortcuts wont work for web sites such as google,IE explorer,redhatsociety etc
the only short cuts that work are those related to programs i have installed
when I click shortcut for google..it says opening and has an IP addy and thats it
I did download Hijack this and have a copy of what is listed

Logfile of Trend Micro HijackThis v2.0.0

(BETA)
Scan saved at 10:48:42 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative

Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft

Shared\Media Manager\airsvcu.exe
C:\Program

Files... Read more

A:IE Explorer locks on desktop wont open google

7 more replies
Answer Match 46.62%

We have several new Lenovo Thinkpad T450 laptops running Win 7, 64bit, 8gb ram, with the Lenovo Thinkpad Ultra Dock. Here's the scenario. I login to these T450's from another location using RDP from another Windows 7 pc\laptop. When finishned I disconnect the RDP session or logout. Now I'm back at the host laptop and the keyboard\mouse connected to the Ultra dock are non-responsive. So not locked out, they don't respond. The only way in is by restart of the laptop or occasionally I can unlpug and re-connect the keyboard and mouse. I've been hunting online and have had little luck. At first remote desktop didn't like to consistantly work so i found an artticle that had me update drives, network, vid card. Then another artilce that said to 'Do not play' audio during the RDP session. This helped so I can now consistantly RDP to the laptop. Still can't find information on why the keyboard become non-responsive. I'm not seeing drivers for the Ultra dock as I thought that could be the issue. Any assitance is appreciated. Thank you, Jim

A:Remote Desktop locks the keyboard\mouse after term...

We have multiple users complaining about this issue in our organization. We have T450s laptops running Windows 7 x64, 12 GB ram and with Lenovo Thinkpad Ultra Dock. It usually works to wait a few minutes (sometimes up to 10 min) before the keyboard and mouse that is attached to the dock starts working again. It would be great to get a solution to this problem. Thanks, Andri

3 more replies
Answer Match 46.2%

I have miserably slow performance and notice that the cursor flashes upon typing (as if some kind of keystroke capturing is going on). Spybot Search and Destroy seems to be corrupt and malwarebytes hangs (even the clock hangs). I have followed the instructions in the Prep Guide and run ccleaner. I can't run the cd emulation disabler because this is a corp issued laptop, and I don't have the admin password. Here is the DDS Log. I have saved and zipped the attach.txt in case you request it. I notice that it shows Spyware Doc + AV which I thought had become corrupt as well. McAfee VirusScan is installed by my company. DDS (Ver_10-03-17.01) - NTFSx86 Run by awilliam at 11:26:04.51 on Thu 09/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2455 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvc... Read more

A:PC sluggish, locks up when running Spybot S&D or Malware Bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 45.78%

I was having issues with a virus removal and inability to remove files from the original hard drive in my Dell Vostro 1500, but needed a working laptop. so I replaced the hard drive with a 250 GB Western Digital Scorpio Blue drive (SATA 8MB/5400 RPM).

Installation and formatting went fine. I installed XP and then required drivers from the resource disk from Dell, followed by a few hours of updates from Windows Update. I then installed Kaspersky Internet Security, Carbonite, Adobe Reader, Flash, Shockwave, Evernote, OpenOffice, Malwarebytes, Ccleaner, Picasa, and started to download iTunes.

While everything was working fine, and I was rebuilding my software library, I noticed that the system locked up. I couldn't even shut down or stop running processes. I've tried disabling startup menu items like Bluetooth (which I don't need) and nuisance programs like Adobe and Google updater. I tried to do a selective startup to isolate the issue but can't determine if one particular thing is at fault. I ran diagnostics on the whole system and all systems, hard drive, etc checked out.

I started it in safe mode with networking and was able to keep it running that way, but still wonder if this is a hardware issue since there is nothing on this system other than some basic programs that ran just fine together on the older hard drive. One process that was running in the background was the download of backed up files from the Carbonite server.

Does this seem like it ... Read more

A:Replaced hard drive, now it locks up shortly after desktop appears

jjmn said:


Edited to add: It's been running just fine all day in Safe Mode with Networking. How can I isolate what is causing the lockup?

Thanks!Click to expand...

With a Clean Boot troubleshooting procedure. Run it for both Services and Startup items.
 

1 more replies
Answer Match 45.36%

New malware detects browser, shows fake malware warning page.

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before.

-- Tom
 

A:New malware detects browser, shows fake malware warning page

Thanks
 

1 more replies
Answer Match 45.36%

and mouse moves on its own occasionlyI ran the DDS thing but only get black screen thing, don't see it scanning or saying a notepad text. As of recently my Win XP locked up twice and cant update my antiviruses.(Ran spybot and adaware + malwarebytes april 2009 updated and nothing found)Heres my log please help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:30:08 PM, on 6/23/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exeC:\Program Files\NETGEAR\WG... Read more

A:AVG+malware bytes wont update, Winxp 2 locks up Hijackthis log

Hello rocmex6,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

10 more replies
Answer Match 44.94%

Please help, i have a dell laptop that likes to lock up and when it isnt locked up it runs slow. I appreciate any help!

Here is my rootrepeal report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/31 10:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xB0B92000 Size: 851968 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAB48D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\jhaas\local settings\temp\~dfdf14.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\jhaas\local settings\temp\~dff34f.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_695.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_698.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
----------------... Read more

A:Possibly Infected (computer runs suuuuuper slow and locks up often)

Now that you were successful in creating a Root Repeal log you need to post it in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forumFirst, try to run a DDS / HJT log as outlined in our preparation guide:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Post them here:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/The HJT team is extremely busy, so be patient and good luck

3 more replies
Answer Match 44.94%

I have a fake antivirus that pops up and locks the system. When this happens, nothing would work, not even Ctrl, Alt,Delete

Somehow I was able to access Add/Remove programs and deleted it. However, when I connect to the internet, it starts up again.

Also now there are the following icon shortcuts on desktop : pornotube.com nudetube.com youporn.com
Even after deleting these shortcuts, they reappear after turning computer on.

There may be other hidden things as well, like key-loggers.

I have no idea what to do, please help.

Here are the logs:
DDS (Ver_09-10-13.01) - NTFSx86
Run by Jude at 22:47:25.76 on Thu 10/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.529 [GMT -4:00]

AV: Active Security *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system... Read more

A:Fake antivirus locks the system, youporn.com appears on desktop. LOGS ATTACHED, Please Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

16 more replies
Answer Match 43.26%

Yesterday I started receiving quite a lot of malware possibilities that I quarantined and ultimately deleted . Today while surfing the internet I got the blue screen that refered to a page in non page area and a file called stfc.sys(or something like that).
Now whenever I turn the PC on and log in it only take a minute until the error appears again. I have also tried to get the minidumps but I had no luck for when I tried copying them the PC always crashes.
I have interested in the possible causes for why this happens and noticed a RAM issue. A weird coincidence since a few weeks back one of my RAM chips was damaged and I got a new one.
So besides the malware I also suspect this RAM issue and maybe overheating(however I did let it cool down for almost a day until now).
Can anyone help? Thanks in advance, TheCakeMaker
Until then I'll keep trying to get the minidumps
 

A:Page From Non-page error and stfc.sys error. Suspect malware interference

I can't get hold of the minidumps. When I try to copy them the system crashes under the beloved power of the blue screen.
 

1 more replies
Answer Match 42.84%

Hello,

My computer locks up while using internet explorer. It also locks up during shutdown. It seems to run fine if I am doing anything else.

So far, I have tried:
Clean up
Spybot
Ad Aware
Avast virus scan

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:44 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGR... Read more

More replies
Answer Match 42.42%

Hello, I noticed that AVG kept popping up a threat/attack from the GAC_32\Desktop.ini and GAC_64\Desktop.ini malware programs.

I have updated AVG, I have run SuperAntiSpyware, Malware Anti-Malware - as directed in other threads.

So I ended up here.

I ran the DDS, and the GMER steps - and attaching the logs below.DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Craig at 7:57:41 on 2012-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.12190 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k ... Read more

A:GAC_32\Desktop.ini and GAC_64\Desktop.ini Malware attack

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

16 more replies
Answer Match 42%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Answer Match 42%

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

A:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

17 more replies
Answer Match 42%

So at first I had the "Internet Security 2010" bug, but I think I fixed that with rkill. But now I got the green desktop with the "system is infected" message. I have heard of people who have this problem trying to restart only to find their system totally screwed, so I'm scared to turn off/restart. I have run DDS and Root Repeal. I know its Christmas, but please help!!!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 3:25:14.42 on Fri 12/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.44 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome... Read more

A:Infected, Big Time... Green Desktop with "Your System is Infected" Message

Visit below website. Understand on how to use ComboFix >> download and run the program >> post the log here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

9 more replies
Answer Match 41.58%

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

A:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

6 more replies
Answer Match 41.58%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Answer Match 41.58%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Answer Match 41.58%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Answer Match 41.58%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

A:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Answer Match 41.58%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Answer Match 41.16%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

A:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Answer Match 41.16%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

A:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Answer Match 41.16%

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

A:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

2 more replies
Answer Match 41.16%

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

A:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

16 more replies
Answer Match 41.16%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

A:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 41.16%

I just ran the Remove Vista Internet Security 2012 (Uninstall Guide) tutorial and it seems to taken car of the malware in safe-mode. But now an issue is happening when I get to the end of tutorial after rebooting from Malwarebytes and booting back to the normal boot mode. And the system seems to give give the following error then lock up not allowing other programs to run. A dialog box titled MalwareBytes, with the following message:"[Open Event] failed to perform desired action. Error Code : 2"A search on the error points to basically reinstalling Malwarebytes, but that does not solve it, even just removing malwarebytes all together doesn't solve it. After normal startup then the error the system gets lock up.Is there something else going on here that needs to be looked at, I was trying to find registry entries tied to malwarebytes or Run Once that might be causing it to run and error, but no luck yet? HiJackThis does not show any weird programs in the Run keys either?Any Further Ideas?

A:Vista System Locks Up After Malware Reboot - Remove Vista Internet Security 2012 (Uninstall Guide)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432088 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 40.74%

While I was on the internet, a web page made itself take up most of my desktop. Originally it said all this crap about SPYWARE FOUND OMG OMG OMG!!!, but I edited the source so now it's just a blank page, but I can't get rid of it. I've used Spybot SD, Ad-Aware, AVG, and Xoftspy, and nothing was found, and there's no program running that could have caused it (I checked all the processes in Task Manager, and they're all ok), so I can't figure out how to get rid of it. Any ideas?

A:Web Page On Desktop

never mind, I found an older topic with the same problem and that fixed mine, so this post is invalid now.

2 more replies