Tech Problem Aggregator

Potential malware - computer keeps freezing

Q: Potential malware - computer keeps freezing

Hi there,
I've posted occasionally before and you've been very helpful.

I've posted now over in the Windows XP thread and they suggested I have you guys check things out - since perhaps this is a malware issue. my computer keeps freezing - sometimes when we're not active on it, sometimes when we are, sometimes 3 minutes after startup, sometimes a half hour after startup. There doesn't seem to be any rhyme or reason to it. I'm starting to clean up files, delete some stuff, etc. but wanted to check with you folks as well.

HOWEVER, I went to run the scans you asked for - and the gmer scan kept freezing up my computer - I believe when it was almost completed - it hadn't found much when it did - - it went to a blue screen saying it had to stop and shut down basically - luckily, it restarted fine, but I didn't want to try it again.

Attached are the two other documents from the other scan.

Thank you!
Randi


DDS (Ver_09-12-01.01) - NTFSx86
Run by Randi at 11:11:36.48 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.239 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Randi\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\earthlink totalaccess\accelerator\prpl_IePopupBlocker.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,[email protected]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\randi\applic~1\mozilla\firefox\profiles\w7zihzks.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\randi\application data\mozilla\firefox\profiles\w7zihzks.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-1 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-1 297752]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-28 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]

=============== Created Last 30 ================

2010-01-04 16:04:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 15:54:40 2 ----a-w- c:\windows\msoffice.ini
2010-01-04 15:48:42 0 d-sh--w- c:\documents and settings\randi\IECompatCache
2010-01-04 15:47:57 0 d-sh--w- c:\documents and settings\randi\PrivacIE
2010-01-03 21:27:33 0 d-sh--w- c:\documents and settings\randi\IETldCache
2010-01-03 2016 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-03 2013 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-03 2008 0 d-----w- c:\windows\ie8updates
2010-01-03 20:05:45 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-03 20:04:52 0 dc-h--w- c:\windows\ie8
2010-01-03 16:22:22 117352564 ----a-w- C:\regfile.reg
2010-01-03 16:20:49 0 d-----w- c:\program files\ToniArts
2010-01-03 14:02:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-01-03 14:02:25 0 d-----w- c:\program files\Belarc

==================== Find3M ====================

2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:46:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:45:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:33 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-07-17 12:40:14 56 --sh--r- c:\windows\system32\436D5600B1.sys
2007-12-19 02:59:19 88 --sh--r- c:\windows\system32\B100566D43.sys
2009-07-17 12:40:14 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 19:56:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat
2008-08-23 19:57:03 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 11:12:33.18 ===============

A: Potential malware - computer keeps freezing

just bumping this up in case someone can help...

4 more replies
Answer Match 63.84%

Hi everybody,

my dad accidentaly downloaded a .zip file from a scam email. Today I found out about this and immediately removed said file. The problem is that he some memory problems and he doesn't remember what he actually did with this file, so at the moment I don't know if he opened the .zip, if any file was extracted from it and if said file was executed. I would like to know what I can do to check to see if his computer has actually been infected.

Here's the log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Enrico at 22:07:01 on 2016-03-28
Microsoft Windows 10 Home 10.0.10586.0.1252.39.1040.18.3988.1933 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system3... Read more

A:Potential malware in the computer

I've seen that many other threads have received answers, but not this one. Do you need additional info?

16 more replies
Answer Match 63.84%

Hi everybody,

my dad accidentaly downloaded a .zip file from a scam email. Today I found out about this and immediately removed said file. The problem is that he some memory problems and he doesn't remember what he actually did with this file, so at the moment I don't know if he opened the .zip, if any file was extracted from it and if said file was executed. I would like to know what I can do to check to see if his computer has actually been infected.

Here's the log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Enrico at 22:07:01 on 2016-03-28
Microsoft Windows 10 Home 10.0.10586.0.1252.39.1040.18.3988.1933 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system3... Read more

More replies
Answer Match 63.84%

Hello, I am having explorer.exe crash periodically and on occassion it will not start up when I reboot my computer. I have run a number of utilities and have been unable to resolve this issue. Could you please assist me with this? Thank you so much!JBDDS (Ver_09-02-01.01) - NTFSx86 Run by jb at 9:57:28.90 on 2009-02-25Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.112 [GMT -6:00]AV: avast! antivirus 4.8.1335 [VPS 090225-0] *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXEC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Fi... Read more

A:Potential Malware/ Computer 1

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 63.42%

Hi, Potential malware on parents family computer - file wincrypt mentioned but unsure of full details. Told that email sent from pc email address to work email(s) from 'Kathy Lagatta' with links to [email protected] [Note, neither were sent by parents themselves] Have removed potential odd programs, and DDS file log as below. DDS Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2Run by tony at 10:51:01 on 2014-10-05Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8104.6057 [GMT 1:00].AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Advent\... Read more

A:Potential Malware on computer (wincrypt?)

Greetings Alan and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In th... Read more

3 more replies
Answer Match 63.42%

I stupidly clicked on a link to install a software but was met with viruses and malicious software instead. I have ran Malwarebytes, CCleaener, Spybot Search & Destroy. However, I keep getting reports from Malware that a site is blocked from accessing my net going out called static.datafastguru.info with an ip address of 162.210.192.22.
 
I have a feeling there's still malicious software or trojans in my laptop but I can't seem to get them out with the current basic tools I have.
Can someone please guide me on a proper cleaning for my laptop without reformatting? I also have certain programs on here that I need: Matlab, Solidworks, Creo and sometimes Malware would pick up stuff from these categories but these programs were clean install.
 
I have a windows 8.1 OS
And this laptop was fresly bought.
 
 
 
Attached is my latest Malware full complete drive scan since I couldn't post it here without bunch of emoticons showing up and blocking me from copying and pasting it here

A:Potential Malware or Trojan on computer

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

17 more replies
Answer Match 62.16%

I have a Dell Insprion 1520 Laptop running Windows XP.   I have purchased a new Dell desktop and would like to archive the old documents, pictures, and various files off of the old laptop and into the new one before the old one completely dies. 
 
I need to occasionally access a few of the old documents in word, excel, and pdf format for work.  
 
Is there potential to bring some type of virus or malware over with the documents?
 
All of these files are ones that I have originally created myself. But some of them have been shared back and forth via email with others and re- downloaded to my computer after being on others systems. 
 
What can I use to ensure there is nothing lurking in those documents that I would not want to get on my new system?
 
I am not sure if my virus software would be up to date since XP is no longer supported.
 
I'm sure someone will suggest cloud storage as an option - I realize this is a possibility but I would really like to not have to pay for the amount of space I would need. It really isn't possible for me to pick and choose just the files I need, I have no idea I need them until I need them. 

A:Moving Old Files to New Computer - Potential to bring malware along?

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.We check the OLD Computer for malware and clean it, before you copy any files!Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK s... Read more

13 more replies
Answer Match 61.32%

This is a bit of a stab in the dark as I don't really have any virus/malware symptoms like popups, but my computer (although yes, it is old) has recently become really rather sluggish. Chrome crashed twice in the time it took to download everything and generate all the logs for this thread! While making this thread my computer gave a BSOD, first time in about 4 months!

If nothing is up then maybe it's just time to buy some more ram or get a new computer, but I'd like to think something is wrong and it can be fixed! I have 2gb of ram and a dual core 2ghz AMD 64 x2 athlon 4600+.

Here are the requested logs:

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:40, on 29/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\Acer\AppD... Read more

A:Sluggish computer, BSOD during GREM scan... potential malware?

16 more replies
Answer Match 52.92%

Adware Cleaner Scan. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.I followed these instructions.  Here is the text file that opened up (below): Did it get all the bad stuff?   # AdwCleaner v5.015 - Logfile created 29/10/2015 at 22:47:25# Updated 26/10/2015 by Xplode# Database : 2015-10-29.1 [Server]# Operating system : Windows 7 Ultimate Service Pack 1 (x86)# Username : Alex - ALEX-PC# Running from : C:\Users\Alex\Downloads\adwcleaner_5.015.exe# Option : Cleaning# Support : hxxp://toolslib.net/forum ***** [ Services ] *****  ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\shdkwmhi.default\Extensions\staged\[email protected] ***** [ Files ] ***** [-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage-journal[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal[... Read more

A:Computer Freezing. Is it Malware?

Also, I did the Junk Removal Tool.  Here is the text file for that:
 
 
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86 
Ran by Alex (Administrator) on 17-Jun-16 at 22:51:11.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 44 
 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\[email protected] (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\[email protected]\content (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\[email protected]\content\imgs (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\[email protected]\content\imgs\flgs (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\delta.xml (File) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\user.js (File) 
Succ... Read more

3 more replies
Answer Match 52.92%

Hey everyone!

First I appreciate any help and time taken to look this over!

My computer has recently started freezing up in the past couple of days and I wouldn't doubt there's malware slipping under my radar. Before I post my Hijackthis log, I tried running NOD32 in safe mode and it didn't find anything, although a lot of the files it tries to read are locked. I then tried Trend Micro House Call in safe mode with networking and it found something called "CRYPT EX" something or another. I didn't get a chance to delete it though cuz right then my computer froze. When I tried running it again I got a message saying "An error occurred while trying to transfer data from the Internet! Do you want Trend Micro HouseCall to try again transfering the required data?", and when I select "Yes" that que doesn't change. Even when I hit "cancel" it still says that message and I have to quit IE altogether from Task Manager. And that brings me today, where I've been rebooting my computer once or twice every ten minutes for the past hour.

Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:01 AM, on 10/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.... Read more

A:Computer keeps freezing - Possible Malware...

11 more replies
Answer Match 52.92%

AVG isn't finding any problems. Help me out. computer freezes up about 2-3 minutes after I open it from hibernation, and it lasts for a minute or two before I can use it again.

DDS log is posted, and GMER log attached below.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Monique and Eric at 8:21:45.39 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.204 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C... Read more

A:computer freezing up- malware??

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

22 more replies
Answer Match 52.5%

Hello,

I have tried to follow the 5 steps as much as my computer will let me.

All of these problems just started. Everything was fine on Friday, shut it down for weekend and when I came back on Sunday it had gone loco. Here is what is happening:

-It is freezing up during very simple tasks. EX: refuses to load msn messenger or aol instant messenger, refuses to load internet explorer, freezes when scrolling through PDF documents, etc. etc.

I tried to do a system restore but yielded no results. AVG Free edition found a trojan named dropper.small and was unable to heal it so I placed it in the vault. Ewido anti-spyware found several spywares and all were healed successfully.

I ran the DSS and have attached the main log and the extra logfile it gave me.

I am a Pastor and Seminary Student with many important things on this computer. I am also getting married soon and cannot afford to replace this machine. PLEASE HELP!!

A:Virus?Malware? COMPUTER FREEZING

Also, here is the hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:17 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\... Read more

2 more replies
Answer Match 52.5%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Bobby at 17:37:32.90 on Sat 05/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2094 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mc... Read more

A:Computer Freezing...had Malware last week

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 52.5%

I am going to give you as much info that I am able
I am pot sure how/if it all relates but here it is
Also not sure if I am in the right forum but I thought I would start here
Thank you
The quick version – A synopsis of what happened
My screen went black one day and I had a techie “restore” it
It seemed to work okay but was freezing up regularly and now is freezing up several times a day
It seems to be be most affected when I have stuff on the clipboard and/or I am online
I brought it back to him and he says it seems fine

I multitask and always seem to have many windows opened simultaneously and it has never happened before. Early on when I multitasked it seemed to freeze up but now it is freezing all the time with only one program opened but I am always online
ACTIONS TAKEN
I have done the following
Defragged, checked for viruses (see below) and then he did the same and also checked for corrupted sectors
I do have loads of pictures on the computer so I thought that maybe there was too little memory but there is over 50% of memory remaining

MALWARE FOUND
After this blackout happened I had one of the those pop ups where the simulated window screen flashes that you have several threats etc and says you need to download this to get rid of the threats etc
The second time it popped up I wrote down the file name in the Run this file pop-up and found it to be malware
I purchased PREVX 3.0 to remove it but the computer is still freezing

This is what they wanted to ... Read more

A:Malware and Computer Freezing Up - PACK_40S10.EXE

Not sure if I should have posted this here with the original post
thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:45 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:... Read more

1 more replies
Answer Match 52.5%

My computer keeps freezing. It has been running slow at odd times recently too. I undated to the patest firefox and it will not run (not sure if that is related)Here is my Hyjack This, then DDS.txtI am new here so if I don't post the right information or if I post information I shouldn't please tell me. I am running win xp pro with sp 3, a Shuttle XPC with AMD 64, I keep it updated and updated today. The freezing is just random, but started today frequently. Sporadically when online everything slows down too.When I run RootRepeal it freezes immediatly.I see some errors in Event Viewer but don't get information I can use from MS on these. I have these copied in a text file. The errors happen when bootedit some additional info that might help:It barely started today, after a couple incomplete starts, a start last known good config, finally a chkdsk ran and it started. chrome is running very slow. when firefox would not start I uninstalled, and tried to find everything not uninstalled to remove. I removed a lot of temp files in my docs & settings to make sure. re-installing did not get it to run. ESET NOD32 showed a lot of blocked packets in the firewall log yesterday, 30-40 of them.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:09 PM, on 1/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlo... Read more

A:Computer Freezing, I think I have a Malware Problem

I did a system restore and it stopped freezing. When I start takes a few starts, each time processing windows a little further, until it pops up chckdsk then agter that it runs ok.done that twicechkdsk deletedGur.6.tup Index $130 of file 72Gur "" "" file 124metabase.bin "" "" file 124AO183.410.141 "" ""FILE 8460WPDNSE "" "" FILE 10224SVCHOST.EXE-3530F672.PF "" "" FILE 21768SVCHOST~1 "" "" FILE 217168there were some recovery files shown in the chkdsk but they scrolled by too fast to readMalwareBytes quickscan a few days ago showed nothingESET Smart Security recent detected threats shows this:1/10/2010 5:56:22 PM Real-time file system protection file F:\WINDOWS\dzinst.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: F:\DOCUME~1\WARNER~1\LOCALS~1\Temp\VZN.exe.1/10/2010 5:48:28 PM Real-time file system protection file F:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP631\A0165778.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: F:\DOCUME~1\WARNER~1\LOCALS~1\Temp\VZN.exe.1/7/2010 12:52:25 PM... Read more

3 more replies
Answer Match 51.66%

Hello everyone,

I have an ACER Aspire one laptop windows xp. the other day I got some type of virus on my computer while looking at a movie trailer on a gossip site. so far I've done two restores to it and ran two malware/adware removals but it keeps freezing up. after i ran the malware it said I had 7 viruses and they were removed. i thought that it was good. but a few minutes later my screen froze again and everything including the time clock freezes. I have to remove the battery to turn the computer off. can you please tell me what is wrong with my computer and what i need to do to get rid of it? I've only had the computer for 9 months.

thanks for your help

A:laptop computer keeps freezing up after malware removal ran

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 51.66%

Hello,

I've recently been having issues where my computer will stop responding at random times. I haven't yet noticed a pattern, but the most recent issue happened when I opened Facebook. If I'm playing music when the freeze happens, it starts sounding creepy and machine-like, with high-pitched noises and other strange sounds. Other windows stop responding and I can't use my computer for about 30 seconds. I'm not sure if this is Malware related or not. I haven't been to any malicious websites or downloaded anything, but I don't know what else the problem could be.

Also, I'm running Windows 7 on an HP dm4x series laptop. I believe drivers are up to date and updates are installed to Windows.

Thanks!

Below are HJT and DDS logs. I will upload a GMER log when I can, but the scan was taking a long time.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:41:58 PM, on 2/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\H... Read more

A:Computer freezing constantly: Malware related?

Here is the GMER log:

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-01 11:30:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0003 698.64GB
Running: GMER.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kwldqpow.sys
---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]... Read more

3 more replies
Answer Match 51.66%

This computer workstation is potentially infected with malware. I have run Malwarebytes and several infections were found and fixed. The computer is still very slow with what seems to me very high memory usage by svchost, wuault and other system processes that lead me to believe I still have an infection. I have attached the log files below from hijackthis, gmer, attach and dds. Please, let me know if you need anything else and THANK YOU!---John

A:Potential Malware - Please HELP

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 51.66%

In January one of our laptops was infected with a virus which I thought had been cleared away. Recently though my email addresse were hacked into and I found a Java exploit on the laptop. I am now worried that other computers on our home network may have been infected and on checking this desktop computer I noticed a file that had been modified around the time of the virus called ieexec.exe. After googling this I found that this may potentially be a virus but none of avast, malwarebytes or microsoft safety scanner have flagged it as such. I really need to know if it is dangerous and how to get rid of it if it is. I willl post the dds logs below but the GMER scan kept crashing the computer before completion.

Many thanks.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 16:07:12 on 2012-10-25
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.72 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\HP\HP Software Update\HPWuSch... Read more

A:Potential Malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===The Hosts file was altered, so please for your added security install this one.Download HostsXpertTutorial, go here:http://i28.photobucket.com/albums/c227/tetonbob/emoticons/HostsXpert4.jpgUnzip HostsXpert to it's own folder.Run HostsXpert.exeClick: Make Writable? in the upper left corner.Click: DownloadClick: MVPs HostsClick: ReplaceClick: OKClick: Make ReadOnlyClose HostsXpert.*/*I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.All you need to know about the hosts file.http://www.mvps.org/winhelp2002/hosts.htm===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your mach... Read more

15 more replies
Answer Match 51.66%

Was looking for an ebook, found a site through googl, clicked on it, and a russian site popped up, with a popunder, then various windows opened up and I noticed that my KIS 7 AV & firewall was turned off. A window came up and said it was configuring outlook, and asked for the original MS office disk. I shut dow those windows with task manager, unplugged the network cable. Ran a full AV scan, and the application integrity check said several dll's were changed. I rebooted in safe mode and did a system restore on drive C to a week ago. No KIS alerts came up on a system scan, but 4 alerts came up with the KOS online scan, log attached. Hijack this log attached also.

Windows explorer is also hanging after being open for a few moments. I also noticed that even though I did a system restore, all of my current emails are in outlook.

Thanks for any help!

A:Need Help with potential malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

4 more replies
Answer Match 51.66%

Hello all,

My annual malware problem may be upon me. My laoptop was running normally until this morning when I started it only to find that my Windows took very long to load, the help and support center failed to start and my internet card couldn't initialize. I do know that my Windows updated only a day or so earlier and I believe this was the first time I started my computer since the update fully installed. Despite that I don't think it's Windows related as similar queries on Windows forums seem to point towards malware. My system restore has no restore points meanwhile it should have just created one when I updated Windows.

Ideas? A Malwarebytes scan and a Superantispyware both came up with nothing (literally nothing for MWB, cookies for SAS)

Thanks,

Justin

A:Potential serious malware?

Hello please run these 2,they will run off a CD or flash drive.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found,... Read more

1 more replies
Answer Match 51.66%

Hello and thanks for this free service,

I have recently had a problem with my desktop computer. Namely, the internet browsers will not launch. Also, when I try to double-click on a Word file it won't open. Instead, I get a message which reads "this file does not have a program associated with it for performing this action. Create an association in the folder options control panel." I don't know if this is related at all to browser problem, or potential malware, but I thought I should mention it regardless.

It should be noted that I have often used that computer in the past to download torrents.

Thanks for the help. I am currently learning as much as possible about internet security.

I don't have a back up CD/Reboot CD.

Here is the DDS:

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by pc1 at 16:19:09 on 2012-11-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1684 [GMT 9:00]
.
AV: V3 Internet Security *Disabled/Outdated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: V3 Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\AhnLab\V3IS2007\V3ClnSrv.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.ex... Read more

A:Potential Malware

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

6 more replies
Answer Match 51.66%

I don't want to inundate my first post in this new topic with oodles of logs, so here's the link to my previous thread; I was referred to this specific forum by narenxp (who has been tremendously helpful, by the way!). In that thread, you'll find all the information about my situation as well as the aforementioned plethora of logs.I hope you all don't mind, but I'm going to refrain from running DDS and GMER until I hear back from one of you...so to whomever helps me, please let me know whether or not I need to run DDS and/or GMER.I look forward to working with you!

A:Potential Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

10 more replies
Answer Match 51.66%

using my windows 10 I have this 'shopathome"toolbar.It is not listed in the control panel.how do I get rid of it?

A:getting rid of potential malware

Bearing in mind that some of the more reliable and safe to use malware removal utils "may" not yet be fully compatible with win-10... These are the usual recommended here. All safe and free...adwcleanerhttp://www.bleepingcomputer.com/dow...Junkware RemovalTool (JRT) - They appreciate a wee small donation if you feel so inclined; but it is otherwise free.http://www.bleepingcomputer.com/dow...Malwarebyteshttp://filehippo.com/download_malwa...ccleanerhttp://filehippo.com/download_cclea...JRT installs to the desktop from where you run it. It will open into dos style window; follow the instructions therein. It will reboot the system as part of its process.When you install "anything" even the above - downloaded from the web... use the manual/custom option . do NOT use the automatic option - the standard default. Using custom/manual means you can careful note and uncheck all those little boxes (so helpfully pre-checked for your convenience) which will otherwise allow all manner of unwanted "stuff" to go in as well. Some it is a real PAI to eradicate... Includes browser changes; assorted warnings - that you have this or that wrong; offers of free scans - which you don''t need; drivers updates... The list can be endless...; so best to avoid at all times...

2 more replies
Answer Match 51.66%

Hello,

I am having problems with certain things on my computer. Certain keyboard buttons and my fingerprint reader don't work most of the time, I constantly get something telling me that "Catalyst Control Center has stopped working", and I get random popups online.

If this sounds like malware, can someone please help with removal? Even if it doesn't I think I'd still like to clean up my computer and get some security help too. I'm clueless with this stuff.

Thanks!
 

A:Help with potential malware

16 more replies
Answer Match 51.66%

Hello! I am posting this topic for my laptop (my other computer is having a simaliar problem, but I believe it to be a lot worse and I will start a separate topic for that since it's a different computer). Like my other computer, shortly after downloading the recently new IE 7, my homepage started changing itself to http://www.bydou.com/ at random times. I only see this "sometimes" here on my laptop, on my other computer it is changed everytime I log on. (So it's not as bad I guess.) Here is my HJT log! Thanks for checking it out. Out of curiousity, is it possible to accidentally spread a virus through a USB device? I'm not sure, but I have never noticed this homepage thing until I put something on a jump drive from my other infected computer and opened it over here. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:26:36 PM, on 9/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe... Read more

A:Potential Malware As Far As I Know

Hello kneesock, Looks like this laptop computer does not have an antivirus one it. This is somewhat suicidal in today's digital world!You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! *************************NOTE: If you have downloaded ComboFix previously please delete that version and download it again! 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Note: Do not mouseclick combofix's window while it's running. That may cause it to stallOut of curiousity, is it possible to accidentally spread a virus through a USB device?Yes, it is possible. We are seeing more malware spread that way.

13 more replies
Answer Match 51.24%

I am experiencing a very slow computer. Pages hang and freeze while scrolling or switching tabs, I get a "beep" if I scroll too fast. Everything is terribly slow. I regularly scan with MalwareBytes, ComboFix, and SpyBot. I always use "rkill" before a scan and everything seems to regularly come back clean. So far, this problem has lasted for maybe a months or two. Please help! I have enclosed my text file logs. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:45:55 PM, on 10/6/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DellAdmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DellAdmin\L... Read more

A:Slow Computer Response, Freezing, Hanging. Possible Malware

16 more replies
Answer Match 51.24%

Thanks in advance for any help you can provide!TL;DR summary: There are at least two AV programs I cannot install on my computer, and I may have had my browser redirected from downloading a malware removal tool. However, none of the antimalware scans by multiple products have turned up anything.Computer info: In my profile and logs. My usual browser is Chrome. Don't hesitate to ask about any other details.1.) Up until recently, I used Microsoft Security Essentials for my AV software. A few days ago, however, when I booted the computer, I noticed an alert in the system tray that MSE was disabled (the service wasn't running). I attempted to restart the service via the MSE interface, but it just clocked. I went into the services control interface via Task Manager, and when I attempted to manually restart the service there, it would start for a second, and then stop again immediately.2.) I first tried rebooting the computer, but that did not solve the problem. Next, I tried uninstalling and reinstalling MSE. MSE will not reinstall in regular mode, and the installer appears to be designed such that it won't even run in Safe Mode. In normal mode, the installer appears to run normally for several minutes, but then it throws the following error:Microsoft Security Essentials installation errorCannot complete the Security Essentials installationAn error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try ... Read more

A:Unknown Potential Malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

56 more replies
Answer Match 51.24%

Hello sorry if this doesn't count as malware but I've been trying to uninstall a program that supposedly has malware in it
 
I did a malwarebytes scan and Black Berry showed up.
 
I tried uninstalling it but this error came up.
 
error a network error occured while attempting to read from the file C:\ windows\installer\blackberry desktop software.msi

More replies
Answer Match 51.24%

My experiance from troubleshooting inside windows and linux at this level is limited and I hope to learn some more-  hopefully with your help. I am as curious as I'm devastated over my problem that I will share with you here.
 
My enviroment lately has been dynamic and I've been testing and resinstalling windows 10 a lot. Due to problems really, registry problems i thought at first. been running Linux mint 18 cinnamon also last couple of weeks, disk has been totally wiped now. Win disk and Linux disk has been isolated because i wanted to avoid dualboot.  I've been running tomato/merlin router on asus hardware. Ive been running Pfsense on a gigabyte board most recently Via bridged modem.
 
Affect OSWindows 10 /Linux? Both, for sure, no doubt about it. Network? Last up pfsense router installed on a gigabyte board, integrated celeron circuit. Before that tomato, removed tomato it was behaving odd. Pfsense as well recently. 
origin? old PC, Disk MBR or USB MBR. I suspect it's been around for a while but not as severe as it is right now. It seem to slowly getting worse uptill now when it has been escalating rendering the PCs more or less useless.
Hardware affected? Asrock Fatality X99 Extreme, samsung ssd's(did recent firmware updates via samsung tool on dirty win 10,) Gigabyte board with old BIOS. Gigabyte board with new AMI bios.
Anti-virus? EMI Soft security suite, Also tried ESET. Firewall in both Products dosnt... Read more

More replies
Answer Match 51.24%

I contracted this malware yesterday I think and every time I load mozilla firefox, or internet explorer it gives me this error message (see image)I put the "globalroot\systemroot\system32" part of the error message into google and found this site with someone who also had a .dll problem - I downloaded malwarebytes anti malware and followed what was posted but my computer will not load the malwarebytes anti malware program and i've tried every way I know how. I've got hijackthis but I don't know how to use it and if I should post my hijackthis log in the hjt forum please tell me. AVGFree didn't pick up anything. Thanks for any help or insight.

A:Potential Malware Problem

Hello jdj0202,I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/226729/malware-issue-dont-know-infection-type-see-inside-for-hjt/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread moved to the Am I Infected forum and reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours.... Read more

1 more replies
Answer Match 51.24%

Sorry if this is a little sketchy. In our household everyone is required to run as a user rather than as an admin. Duh. In any case, my wife called me over to see a message she had gotten. It closed her browser and displayed a message/alert box claiming an infection and that a scan was required. I don't have a verbatim copy of this message, sorry, but the behaviour was very malwarish although not a familiar format (such as "antivirus 200X" or similar).

I logged out and logged in as admin and ran the DDS. Here are the results:

First, the DDS.txt file:
DDS (Ver_09-01-19.01) - FAT32x86
Run by mod at 21:18:52.53 on Tue 01/27/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.467 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synap... Read more

A:A potential malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Answer Match 51.24%

Hello,
 
I did a scan on my machine using HijackThis and some issues occured. Then I scaned it with your FRST and this is the log that came out:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Medomir (administrator) on MED on 30-10-2014 00:04:02
Running from C:\Users\Medomir\Desktop
Loaded Profile: Medomir (Available profiles: Medomir)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Computer, Inc.) C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acro... Read more

A:Potential virus/malware

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Medomir at 2014-10-30 00:04:31
Running from C:\Users\Medomir\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Ado... Read more

11 more replies
Answer Match 51.24%

I would like to thank you in advance for your time.

I have an issue on start-up where it re-directs. I also have pop-ups. I scanned using Highjack and the below two items consistently came up that I wasn?t able to fix.

HKLM\..\Run: [hidavegiy] Rundll.exe ?c:\windows\sytem32\puzesale.dll?,a
AppInit_DLLs: c:\windows\system32\puzesale.dll,sivaforu.dll

Any help in correcting this problem would be much appreciated.

Again, thanks in advance for your time.

A:Potential Malware problem/pop-ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

3 more replies
Answer Match 51.24%

My computer today has started to run across some problems. I recently did my weekly scans for avg and malewarebytes. MWB found a couple of objects and stopped em. Them i started having issues with firefox. It told me that it could not find the proxy it was trying to connect to. And i checked the options and saw it was trying to use the proxy option with nothing typed out in the lines. I swiched it back to normal. Then I restarted my computer and a blank cmd.exe and an error popped up saying windows cannot find C:\Users\me\AppData\local\GeniusBox\client.exe Afterwards all my programs that I normally use like Skype or some video games could not connect to the internet. I checked Firefox and I could browse just fine. Then I checked windows defender I tried to open it but it says it was turned off. I checked the action center and it shows up that my firewall is turned on. This when I became even more alerted and disconnected my ethernet chord from my computer to disable the internet. Can someone assist me to fix this problem?Edit: Topic moved from Windows 8 to the more appropriate forum.~ Animal

A:Potential Malware/viruses

Hello and welcome RedWinterPlease run these and see how it is.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, clic... Read more

11 more replies
Answer Match 51.24%

Hello.... Since this is my second trip,

I would first of all like to give major kudos to Kenny G, who totally eradicated my nasty Virtumonde problem earlier this summer! Thanks Kenny.. You totally rock the house, as do all the hard working volunteers who help keep our computers virus free, and help spread the knowledge and awareness to keep our computer lives tight and worry-free...

TECH GUY ROCKS!!!

I am interested in going to malware school and joining the front lines, as problems of the internet have once again spilled over into my life...

I've followed all the tips and managed to keep my computer running clean and awesome...

Until...... My roommate's "friends" dropped in and used my computer to check their email after everyone in their address book had recently received an email she didn't send, with some subject title about photos 20/09 or something like that...

Clearly some kind of malware or virus... I dunno... it sounds nasty and relentless.....

Now my computer is redirecting to OPEN DNS, again.... and my spyware blaster is only coming up with partial protection on Mozilla.... When I re-click all the protection, it appears to work normally again, but everytime I reopen spyware blaster, its only at half protection again...

Something fishy is going on and I want to nip this in the bud, before it grows or steals my passwords/info or reaches out of the ventilation crack and pokes me in the eyes...

Here is an MBAM log

Malwarebytes'... Read more

A:Potential Malware Problem

My computer is also randomly turning off..... at least once a day...
Can anyone help me?
 

2 more replies
Answer Match 51.24%

I found this thing in my program files and task manager. It has no control panel, no option to remove whatsoever. It seems to be originated after the day I repaved my system, which was the day I used my old wifi adapter(USB) that I also was using back in the days when the same pc was infected with a backdoor. I'm pretty sure I did not install this thing and every software I use is original, from developers like NVidia, Valve, Ubisoft, etc. (There was this time right after I repaved that I also downloaded some recovery softwares to test if filling my hard drives with zeros would really delete everything. They might also be a source to this thing)

Anyway, I don't know anything about this thing and as far as my research about it went, almost nobody have a simple clear answer to the issue. Is it a threat? Is it a necessary system file? How can I remove it?
 

More replies
Answer Match 51.24%

Recently, i found that IE8 would be running in the background using Several thousand I/O reads in 'Processes' in 'Windows Task Manager'. i first noticed this when i was watching a movie and could hear a typing sound in the background. at first i thought this was the quality of the movie. i paused the movie and closed the browser (chrome) but the typing continued. i then checked WTM and could see that IE8 was taking up several I/O reads. i ended the process of IE8 and the typing went away. IE8 was running and using up the most I/O reads which i think might have meant that someone was piggybacking on my computer and using the browser, the typing was pretty common as in it was most likely human based on the frequency of the typing.

i noticed
rundll32 "C: \Windows\$NtUninstallMTF197$\sfclp.dll",,Run

running on the startup programs through msconfig and was wondering whether this was the root of the cause.
i started finding that every time i open IE8 that the typing sound is still there and there are random sites, under the resotration of previously closed sites. the one that is open most of the time is

http://cnfg.kusochtak.com/cnfg/actv.htm

which doesnt actually show anything but i think it might be an infected site allowing access to my pc

any help in this matter will be much appreciated

i dont use IE8 its just there as a tertiary browser after Mozilla and Chrome which is my primary browser
 

More replies
Answer Match 51.24%

Hello, earlier today I woke up to the AVG Free 2011 virus/spyware infection on my computer. It was creating Microsoft remote control programs in other languages, which I proceeded to delete. It also turned off my Windows Defender and Windows Firewall. My Emisoft is constantly removing/quarantining this file, c:\windows\assembly\gac_32\desktop.ini. With the name Backdoor.Win32.Zaccess.AMN!E1. Could I get some help removing this? I have 29 days till the Emisoft trial ends.

A:Potential Malware/Virus?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 51.24%

Hi,

My computer keeps shutting down unexpectedly. When I restart I'm prompted by windows to start in safe mode. Starting safe mode with networking it still happens.

I have windows install discs and am running Windows 7 (Home Premium) Service Pack 1 32-bit

Here are the scan files you require. I could not get the gmer.exe fully working. Only managed an ark.txt file with the 'sections' info.

Thanks in advance for any help.

Euan

DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Euan at 20:49:01 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3582.2567 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\Syste... Read more

More replies
Answer Match 51.24%

Hi,My computer is running extremely slow all of a sudden. I have tried to restore the computer to a previous point, but it seems as though all the previous restore points have been deleted. At that point I tried to restart the computer. It now loads up very slowly and consistently presents with error messages to which I have to click OK. For example, the title of the message box is "Explorer.exe-Bad Image" The message then states: The application or DLL C:\windows\system32\nvrsma.dll is not a valid windows image. Please check this against your installation diskette...Different messages appear with the part following \system32\ varying. Another message box, for instance, stated nnnljhFe.dll was not a valid windows image. These boxes pop up while Windows is loading, as well as when I try to open various applications.I'm not sure what to do next to try to fix this problem.Any help would be appreciated--DaveHere is the test from the main.txt document that loaded up after I ran HJT:Deckard's System Scanner v20071014.68Run by Dave on 2008-06-09 21:11:43Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --75: 2008-06-10 01:12:07 UTC - RP786 - Deckard's System Scanner Restore Point74: 2008-06-09 22:10:24 UTC - RP785 - Re... Read more

A:Potential Virus/malware?

Hello david9 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the checkbox for Scan All Users on the toolbar.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items t... Read more

7 more replies
Answer Match 51.24%

My computer has been denying McAfee updates and scans. I have another laptop that did the same and the thing finally just froze up completely. This one is showing signs of the same thing. Something is disabling McAfee components and leaving my computer unprotected. Malware or a virus is suspected.

I've run the recommended and scans. I've included one, and this post wouldn't let me attach anything -- when I clicked the attachment icon, I got an "error on page". Any help you can give would be great. Thanks so much!

shannon


DDS (Ver_09-06-26.01) - NTFSx86
Run by Shannon at 18:20:55.09 on Sat 07/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.51 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\QCONSVC.EXE
c:\program files\lenovo\system update\suservice... Read more

More replies
Answer Match 51.24%

My computer is constantly freezing/ slowing down to a snails pace. i have done everything from running Malwarebytes anti-malware and AVG (seperately), to defraging my hard drive, to stopping the indexing of my files for microsoft searches. I'm hoping that it's something simple, as it is starting to affect my ability to do school work. And just to clarify, when any of these events occur, there is no message that pops up with a message about any error.
Here is the log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Rees at 1:30:06.92 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.89 [GMT -5:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGI... Read more

A:Potential worm and/or malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

4 more replies
Answer Match 51.24%

Hello, I've got a feeling I have some kind of rootkit/malware hidden about my desktop. My computer got slow all of a sudden and Norton started complaining of being interrupted (a problem they said may be caused by a virus/malware). Malwarebytes, Tdsskiller, and Norton have been unable to find anything, but I can't shake the feeling. Here are the necessary files you instructed, and I hope you'll have good news for me.

I am using Windows 7 64-bit and do have access to a disc.

Also, the 'sections' in GMER could not be checked, along with several others.

Thank you.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Eric at 17:56:30 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5928 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\... Read more

A:Potential Rootkit/malware

Hello and welcome to TSF.

I am currently reviewing your post. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification then click Subscribe.

Please be patient with me during this time.
----------

17 more replies
Answer Match 51.24%

Lately my computer has become very unresponsive , in the past week or so it has crashed and froze on every app about 30% of the time..i think it has to do with Malware. ANY help is GREATLY appreciated .

A:Potential Malware Issue

Hello and Welcome on board rodricuz14 ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing b... Read more

10 more replies
Answer Match 51.24%

Hello,

Last night I received a legitimate pop up notice from the Windows Security Center (XP) stating that my virus protection was no longer enabled. I have had infections before that have disabled my virus protection, so I ran some scans (Malwarebytes, Spybot, and Symantec AntiVirus). Malwarebytes detected and deleted Rootkit.0Access, and Spybot detected and removed Internet.Security 2011.

I haven't had any symptoms on my computer since my virus protection was disabled, but I am very worried that traces of the malicious items could still exist and emerge. I have dealt with the "Internet Security" viruses in the past, and I know how nasty and debilitating they are. Is there a way to confirm that all traces of these malicious items are gone?

Let me know if there is any further information I should supply. Thank you!

A:Potential malware infection

Hello and welcome. Let's look a little deeper.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run,... Read more

5 more replies
Answer Match 51.24%

Hey gang,I was online using google chrome today when out of nowhere, after clicking on a search result, a weird message showed up. It took me to this screen that was saying my computer had been infected, and gave me numerous malware removal tools to install. The one I chose, Major Defense Kit, has identified the problem, but won't tell me unless I fork over $65. I'm a college student, man!I've lurked here for a few months, so I know the drill of installing HijackThis and Malwarebytes. Unfortunately, I can't connect to Chrome, Firefox, or even load my dang task manager. I'm typing this on my clean netbook, and I was able to port over HijackThis with a thumb drive and make a log. However, that took a couple of minutes for that to work as well.It said that the program was denied access to the hosts file. I ran as an administrator and that fixed the problem, but I don't think it's normal to be denied access to your own hosts file.I've posted DDR and GMER files. HijackThis won't allow me to access the host files, so they're essentially worthless.I did everything I was told to (after re-reading, sorry), but it seems GMER was still picking up OneNote software as a rootkit for some reason. even after I disabled with Defogger.Please help, wonderful community!

A:Potential malware, not sure if rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 51.24%

Hello everyone. Lately I have been having some minor issues with my computer, such as random error codes for Windows Update as well as some mysterious traffic I picked up on my Zone Alarm firewall and although I have done scans using AVG, Spybot, and Malwarebytes, I have yet to find any malware on my computer. I just want to be absolutely sure I can rule out malware as the cause for any of the above situations, especially since I do a considerable amount of online banking and stuff of that kind of sensitive nature.

In case it concerns anyone, my computer is an Alienware M11xR2 running on Windows 7 64 bit SP1.

Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:41 PM, on 9/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ZMatrix\matrix.exe
C:\Program Files (x86)... Read more

A:Potential Malware Problems?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417722 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

13 more replies
Answer Match 51.24%

I recently had my ebay ID stolen and items posted that weren't mine. Not sure how they got my id - I don't click on any of those fraudulent emails. Anyway, I think it might be malware. I have run Lavasofts Ad Aware, Spybot and I have Kaspersky Internet Security 6.0 running and I have done deep scans trying to find something. Then, recently, I've had trouble with a software filter I've used for years with no trouble or conflict - BSafe online. I was unable to get onto the internet because it was having difficulty loading correctly and just shuts down the internet. When I uninstalled and reinstalled, the app worked fine but I got the "limited or no connectivity" error message and couldn't acquire an IP address. If i fixed one, the other didn't work. Then, I got a weird message from BSafe that said something like "something has tried to delete part of the application" but it restored itself after running a fix. Anyway, with all this going on, would you please look at my STartup list log and my HJT log and let me know if you see anything suspicious. I can't find anything on my scans. Thanks for any help you can provide.

StartupList report, 6/6/2007, 11:39:33 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jeff\Desktop\My Downloads\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16441)
* Using default options
================================================== ... Read more

A:Potential malware problem?

Hello jlabram,

For future reference, please see our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Please include the following in your next reply:

main.txt
an attached extr... Read more

3 more replies
Answer Match 50.82%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue and symptoms are very similar to this one here hxxp://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt I had them all removed.

ZoneAlarm firewall and AVG Anti-Virus are on constantly and I try to keep my Windows update up to date all the time.

Following is a list of the programs I deleted. I got suspicious when ZoneAlarm warned me that they are trying to access internet (it was the first time they asked for rights), so I googled for them and removed them:

w.exe C:\Windows\system32\w.exe

first179.exe C:\Documents and Settings\username\Local Settings\Temp\first179.exe (removed by AVG Anti-Virus after a full system scan)

frmwrk32.exe C:\Windows\system32\frmwrk32.exe

One symptom of infection was that at first my desktop icon titles lost their transparency/drop shadow and were replaced by a "blue box" behind them. Later on, my whole desktop background became blue. I managed to "fix" this, so unfortunately I don't have a screenshot of it.

Here's dds l... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.


Quote:




C: is FIXED (NTFS) - 29 GiB total, 0,384 GiB free.




I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they... Read more

19 more replies
Answer Match 50.82%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue is very similar to this one here http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt i had them all removed. Any help is greatly appreciated.

Here's my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:05, on 2.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 50.4%

I am using a Dell Inspiron with Windows 8 OS and last night I noticed the laptop was going very slow and so I turned it off. I restarted it and it went into automatic recovery and somehow turned back on. I was able to backup some files but then I noticed it was going slow again. So I turned it off and since then I have not been able to boot up the computer. I turn it on, see the Dell splash screen then it takes some time and the message "preparing automatic repair" comes up. It takes some time and then all I get is a black screen. I try to type or use the keyboard and nothing happens. I can see the mouse moving when I try to do that. The activity light is also flickering on and off. I have tried to boot up BIOS and tried to get into safe mode by pushing both F2 and F12 or 10 whatever it is but I get the same thing.. "preparing automatic repair" and then black screen. I even tried to boot up from the windows 8 cd I had used to install it in the first place but even that did not load up.    Can anyone help me??? 

More replies
Answer Match 50.4%

Hi there,

I woke up this morning and my pc had crashed through the night,
on rebooting my pc had an error message that my agnitum outpost security centre and firewall had crashed out,
my browser (firefox) seems to go through www.ecata.info before resolving web pages, and sometimes it wont even load them saying network time out (example www.pcflank.com)
i rebooted into safe mode and ran spybot which came back clean
when rebooting back normally windows would stall and "loading personal settings" 50% having to restart then would login fine
i uninstalled and reinstalled my outpost. windows wouldnt let it update, then i rebooted and would update,
tried to run kerspsky scan and it wouldnt work wouldnt download the database, yet are web pages working 75% of the time, sometimes had to refresh for them to load correctly
i managed to run trends house call which came back clean
dds log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Annonymouse at 22:58:12.09 on 16/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1491 [GMT 0:00]

AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated)
FW: Outpost Security Suite Pro *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchos... Read more

A:potential malware attack on pc and dns poisoned

Hello Annonymouse,Can you please go to http://www.bleepingcomputer.com/submit-malware.php?channel=8Then : 1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic=19576722. In the second window (Browse to the file you want to submit: ) copy and paste this :c:\windows\system32\dllcache\wdmaud.sys3. Click the Send file button [/list]Then, please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

7 more replies
Answer Match 50.4%

Hi guys,

I'm sorry if i've put this in the wrong section but i've got an issue with my machine and you guys really helped me out before.

Basically my laptop has really slowed up and i have no as to why. I've run Malwarebytes, SuperAntiSpyware, Ashampoo and Registry Mechanic but it's still really sluggish. As an example when I turn the machine on, it takes a number of seconds for all the desktop items to appear as they should.

Also programs take a long time to eventually fire up and work.

My machine specs are: Windows 7 Home Premium 64 bit, Intel Core i5 2.53Ghz processor, 4 GB RAM and a ATI Radeon HD5650 GFX Card.

Any ideas would be a great help.

Thanks
Niki
 

More replies
Answer Match 50.4%

Hello!
 
Recently I have been noticing some suspicious looking redirect links in my Firefox browser. When I click to go to a website I will quickly see in the bottom left hand side some suspicious redirect links before ending up where I would like to go. Example; I want to visit a website and I see 342sfd87634.cloudfront.net in the left hand corner before taking me to the website. I don't receive any popups, and I always end up on the correct website. It seems to happen randomly. I have ghostery and adblock on firefox. My browser has been a little slower than usual so I thought it may be something to do with that. I'm using Windows 8.1
 
I have used Malwarebytes Anti Rootkit & Anti Malware (including in safemode) / Adwcleaner and Avast Scanned and everything came back clear. I also reset my firefox browser and reinstalled my Firefox addons (Ghostery and Adblock).
 
Any help is much appreciated thank you!

A:Potential Malware Problem on Firefox

Those blinking links are usually harmless and they actually come from that particular site you want visit.
Many sites use those kind of links for different purposes.
cloudfront.net for instance: http://aws.amazon.com/cloudfront/
If your browser behaves normally there no reason for any concern.

11 more replies
Answer Match 50.4%

Hi,
 
I believe I have malware that seemed to get activated suddenly while on an International news website and resulted in the Microsoft blue screen of death.
 
Since then, I am not able to login successfully to my Windows 7 Enterprise laptop.  After entering my login information, it always gives me the Blue screen listing some addresses.  At least once, it has given me IRQL_NOT_LESS_OR_EQUAL. 
 
I have been able to login in Safe Mode or Safe Mode with Networking mode.
I ran Eset Online Scanner (which I run about once a month).  It quarantined and possibly deleted 5 files (listed below).
But reboot still gave the Blue screen.
Next, restored to the 'Automatic Restore Point' as of 12/20/13 (3 days back).
But reboot gave same the Blue Screen again.
 
5 files quarantined/deleted by ESet Online Scanner:
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\snayak\AppData\Local\temp\hqvkjnoepltienksgkh.exe a variant of Win32/Injector.AUCE trojan cleaned by deleting - quarantined
C:\Users\snayak\AppData\Local\temp\rldpygnk.exe a variant of Win32/Injector.AUCE trojan cleaned by deleting - quarantined
C:\Users\snayak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\b9843d3-1436f72c a variant of Win32/Injector.AUCE trojan cleaned by deleting - quarantined
C:\Users\snayak\AppData\Roaming\Mozilla\Firefox\Prof... Read more

A:Potential Malware; not able to login to Laptop

Hello SN001These are injector Trojans They try to remote Command and Control centers every few minutes and receives additional instructions.Probably protected and we need a deeper look to find it.Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

3 more replies
Answer Match 50.4%

Hi All,

I have had a problem this last wek or so that i suddenly had a meesage box come up saying (when booted) that svchost.exe failed to initialise and then a few seconds later my computer would shut down. The only way i could then get my computer to reboot is to pull the power from the PSU and leave it out for a couple of minutes and then it will reboot........this time my machine will stay on but my mouse won't work so i have to take my mouse out of the USB port and then put it back in and it starts working again. I find this strange and was wondering if it was a hardware problem (dodgy PSU considering the fan even though clean doesn't like to spin without it being helped so i know i have to get a new one and have ordered one) Or if it could be a problem with Malware or a virus. I have scanned for viruses and Malware using Malwarebytes and AVG both have come up clean.

Please find my logs as you wanted in reading the forum rules:

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:47, on 21/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\AVG\AVG9\avgchsvx.exe
F:\Program Files\AVG\AVG9\avgrsx.exe
F:\Program Files\AVG... Read more

A:Potential Virus/Malware problem

bump
 

1 more replies
Answer Match 50.4%

Hello,
 
I've tried to read through as much information as possible and do some stuff myself before posting here but I can't seem to fix the problems I've been having so feel I need to ask for help. A while ago, near the end of May (unfortunately I cannot remember the date) I became infected with what I believe to be the Delta virus (changed home page, installed tool bar etc) and I believed I had removed it but since then my browser has been running extremely slowly, struggling to open pages let alone stream videos. I have used speedtest, attaining around 7Mbs last week but now, whether it is time related or not I amn't sure as it's almost 2AM, I am only getting 0.5-1.2 which seems extremely low. I imagine there is something I have neglected to mention but I will be happy to answer any questions.
 
Your help is much appreciated.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Fraser at 1:28:22 on 2013-08-01
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.7650.4118 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ============... Read more

A:Potential Delta Virus or Other Malware

Hello Fraser93,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.***Note: Windows Vista and Windows 7 users:Right click in the adwCleaner.exe and select Click the Delete button.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfile at C:\AdwCleaner[R1].txt.2.Download and run Junkware Removal Tool. ***Your Ant... Read more

4 more replies
Answer Match 50.4%

This is a continuation of this thread...


Quote:





Originally Posted by ferrarimanf355


I'm running Windows XP, and everytime I try to delete stuff off my desktop, I get an error that says my hard disk is full (it isn't) or is locked (it isn't). Furthermore, my validation keeps failing (the OS was loaded from the factory), I can't run some programs (Windows Media Player, QuickTime, HijackThis, maybe a few others), and the computer takes eons to start up. Can someone help me out here? I'm about ready to throw the computer into the wall and go Office Space on it.




Unfortunately, I'm unable to run HijackThis or DSS, even on a USB flash drive. Is there anything I can do? Just telling me to reinstall the OS is basically telling me to get a Mac, so I'm saving that as a last resort Hail Mary. Is there a workaround, anything?

Tomorrow, I'll be going to the local arcade and dumping $20 into the House of the Dead 4 machine, to relieve the pent-up anger at my PC. Please help me out here before I have to break out the sledgehammer...

A:Potential malware attack, can't use HijackThis or DSS...

After spending $20 to shoot zombies in the face repeatedly with a machine gun, I cleared my head, logged into my computer in Safe mode, and was able to run DSS and HijackThis. Here's the results...


Quote:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:35 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
F:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061023
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_U... Read more

9 more replies
Answer Match 50.4%

Hi. I seem to have a problem getting IE to work properly. I don't know how it happened, but every 2-3 minutes after opening the program with third-party browser extensions enabled, I get a notice saying "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." It has another column with the option to either close or debug the system. So far, nothing happens when you press "Debug." One of my sibs was on the computer and an alert to turn on this anti-spyware program popped up. It was for the Ultimate Defender, which I have no idea how it got in there in the first place. I have since deleted that and got most of the computer running normally. The only problem is that message as well as the "...could not be 'written/read'..." termination notices. Apparently, this happens only when third-party browser extensions is enabled. Here's my HijackThis log to look over if there is something that might be at fault. Thanks.

--------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.98.0
Scan saved at 5:24:04 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpE... Read more

A:IE Third Party Problem: Potential Malware?

10 more replies
Answer Match 50.4%

Hi there

Im convinced I have an issue with Malware or something similar but I cant track it.

To tell the whole story...my I have a Dell Inspiron 1764 laptop and about a week ago the fan packed up meaning that it kept over heating and crashing.

I ordered a new fan and heat sink and in the meantime read on a forum about a program called Speed Fan that would turn the fan on. I downloaded this...big mistake! A lot of other programs downloaded with it that I didnt request, a number of these inserted themselves into my browser. I initially uninstalled what files I could see through Control Panel.

My parts arrived, I installed them and now my fan issue is fixed. However, the laptop is running EXTREMELY slowly. I have spybot installed so run that and it found a number of items which it deleted - one of these was Zone Alarm. After the scan and removal Zone Alarm still showed in my browsers so I removed it.

Since then I have run the following -

* Microsoft Security Essentials Virus Scan.
* Eset Online Scanner
* Microsoft Online Malicious Software Removal Tool
* Checked there is space on the hard drives (11GB on C and 397 GB on D).
* RUn the defragmenter.

And still the laptop is slow. Im wondering if when replacing the fan I did something to slow the laptop down when replacing parts. Or, the only other thing is I havent been able to remove something nasty that I inadvertently downloaded.

Any advice appreciated
 

A:PC Very Slow, potential Malware issues

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you do the following and we'll go from there

-----------

Download Security Check from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-----------------

Download OTL to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output.
Select
All Users
LOP Check
Purity Check
Under the Standard Registry box change it to All

Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:
Code:

netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
ATAPI.SYS
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
A black... Read more

1 more replies
Answer Match 50.4%

Hi,
Let me thank you first for providing this service. I really appreciate you guys' work!

I have AVG free version as well as Trend Micro on my office PC. I recently had an alert from AVG about an infection () that was sent to the virus vault. I deleted the file from the virus vault.

Trend Micro console also indicates an infected file but I dont know how to access the details. I am hoping Trend Micro cleaned it or at least quanrantined it.

My computer has become kind of slow and every now and then it goes into some processing mode where it becomes very slow to respond.

I don't download any stuff off the internet or go to the inappropriate websites. But I did watch a live cricket game recently posted on somebody's blog and had to download some player for it. I forgot the name but I uninstalled the player immediately after I got the infection alert.

Anyway, let me know what I can do to check if my PC is infected or clean. Thanks. The logs are below.

Eddie ------------



DDS (Ver_09-03-16.01) - NTFSx86
Run by abhyuday at 12:27:15.61 on Sat 03/21/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.2037.919 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.... Read more

A:Potential virus/malware infection

Hello and Welcome.

A slow machine is not always a product of infection. I don't see any sign of active infection

Please see this sticky topic:

http://www.techsupportforum.com/f174...ow-247567.html


The biggest issue I see which may affect your machine's performance is this:


Quote:




AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning enabled* (Updated)




As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, AVG and Trend Micro. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstall-------------------------------... Read more

2 more replies
Answer Match 50.4%

Hi there.
 
Last night I noticed I could not connect to my VPN. On trying to run Microsoft Security Essentials for a scan, it would not let me (nothing happens). I have attempted to uninstall and it just..doesn't. I have also attempted to run other anti-malware but the installation files will not execute, along with some other .exe files.
 
FRST logs attached.
 
Many thanks. 
 

A:Potential heavy malware infection

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-474389545-2864696017-614425774-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-474389545-2864696017-614425774-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [No... Read more

2 more replies
Answer Match 50.4%

Hi,

I first became aware of this issue when in Norton 360 I was prompted to run a live update as my virus and spyware definitions are not up to date. However when I run the live update I get failed to complete messages on several items including:

Norton 2011 Iron Whitelist
White List
Status: Failed to complete

and

Norton 2011 Virus Definitions
Norton AntiVirus Definitions
Status: Failed to complete

When I click to Tech Support a screen loads with - An Error has occurred with Norton 360; Error: 8920, 204

I posted on the Norton Cummunity Discussion Forum and it became apparent this may be a serious issue as I also had issues when I tried to install malwarebytes 20111015-005-v5i32.exe however when I tried to run the program it advised that "some installation files are corrupt and advised I download a fresh copy and try again". I did this several times but only received the same message. Also when I try to install a download manager from http://www.speedbit.com/downloads/ I get a message stating "an I/O error occurred while installing a file. This is normally caused by bad installation media or a corrupt installation file".

I have also been unable to download windows updates with error messages 80200053 and 80070570. As well as being unable to download the latest Adobe Flash Player with an error message: Abort: ceriticate authentication failed.

I was advised by a member on Norton Community to contact yourselves (and he was stepping aside) to hopeful... Read more

A:Potential Rootkit malware issue

Hello,I moved you from Vista to the Am I Infected forum,I'd like to see if its a ZeroAccess rootkit.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Clos... Read more

13 more replies
Answer Match 50.4%

11/21/10,

Good Morning,

I believe I may be infected with malware, as I have some "strange things" occuring (or not occuring) at times. The following are the indications I have noticed:

1-Firefox takes forever to load, if it loads at all. When it does load, and I go to use one of the menu bar drop-downs, the drop-down list "appears", but is not legible because it appears as see-through, and only the right edge, as well as the upper edge of the drop down is visible. The rest of the menu options in text and the rest of the menu box is not visible, so I can never click on any of the menu options unless I have a good idea where in the list the menu option I want exists.

2-Norton 360 AV program runs super-super slow and never appears to get done doing updates (I never get the message that all program files are up-to-date.) It took very close to 48 hours just to scan 610,000 files, and it was still going strong after that time. I have over 1 gig of files on my computer, so it would have taken at least one more day or longer to finish the job. I canceled the scan at that point. This happened on two separate occasions in past 2 weeks.

3-ScanStub.exe program will not allow me to "End Process" or "End Process Tree", even though it states I started the program. I am the administrator of my computer and I am also the administrator of the AV software, so I should not be denied access to stopping any program, especially AV softw... Read more

A:Potential Malware Assistance Request

Hello,

I see no signs of malware in those logs. That said, the scan was taken in Safe Mode. Why is that? Safe Mode will not show all running processes which might be present on the machine in Normal Mode. Please rescan with DDS in Normal mode, and post that new log.

What exactly did Ad-Aware find? File names with full path, registry location, etc...vendor names of infections are not as helpful as that information.

Ad-Aware and Norton are likely in conflict. Ad-Aware also includes an antivirus engine.

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

Uninstall one of those applications. If you choose to uninstall Norton, also run the Norton removal tool from here:

Please use the instructions on this Norton page to completely uninstall your Norton Products.

http://us.norton.com/support/kb/web_...080710133834EN

Modern antivirus applications have self-protection measures. ScanStub.exe is part of Norton, and will not allow itself to be terminated.

14 more replies
Answer Match 50.4%

When my PC starts (Windows XP) it has multiple error messages stating "The application or DLL (file location) is not a valid windows image. Please check this against your installation diskette", it also produces these errors when i start any programs. I'm hoping someone can identify and help me solve this problem from the logs i have attached. And yes i have ran multiple types of scans with many programs and none have seemed to do their magic...

A:Bad image errors, potential malware?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Answer Match 50.4%

Good day,

I hope this is the right forum for this...

My computer runs between 50-99% CPU usage at all times. I suspect this may be malware, but need your expertise to determine the root cause. The fan runs really loud and now seems to be affecting another computer in my house connected to the same network. In task manager Processes, svchost.exe (C:\Windows\system32\svchost.exe -k netsvcs) takes up 640,000K of memory.

Please let me know what steps I need to take next. Any and all help is greatly appreciated.

A:Potential Malware svchost.exe -k netsvcs

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===I need more information before suggesting any remedial acction.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleanerRead more

17 more replies
Answer Match 50.4%

Hi, Here I am again.My mom bought a used laptop from my brother's girlfriend....and I was given the job to clean it up.There was loads of toolbars, games, torrent site stuff, etc on it. I managed to removed some of the games and toolbars. I however know i didnt get everything. And I am worried on what kinda malware etc might be lurking within.also had issues with Java. I can't get it to install or uninstall. It isnt in the program list any longer. when i try to install it says that its already installed.I have used windows installer clean up, javara, hijack this (to look for registry for java), I even tried to manually delete java files. Still no luck.I would appreciate your help in helping me check the PC for malware & bad stuff. & help me resolve my java issue. Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by Connie at 16:26:49.18 on Thu 06/24/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1387 [GMT -7:00]SP: Windows Defender *enabled* (Updated) /coloro7============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNe... Read more

A:Clean up Laptop- potential malware, etc

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

16 more replies
Answer Match 50.4%

I was informed early this morning that our PC was potentially infected with reported activity of opening undesired web pages, programs opening/closing automatically, and Windows Vista Home Security popping up with a list of infections.

I am still in the very early stages of back tracking this problem but it appears that a member of our household was visiting a website, when they must have clicked on a sponsor link for that took them to another site. There is no history for the second site, but the time stamp was about 15 minutes before the problems started to occur. Everything else in the history log is pretty average for our household.

AVG scans came up clean, but there is a line item in the virus vault around that time with this entry:

Infection Type: Warning
Virus Name: Found registry key with reference to file C:\ Users\Computer\AppData\Local\oxp.exe
Path to File: HKCR\exefile\shell\open\command\\
Date of storage: 5/8/2011, 7:14:01am

Perhaps I?m incorrect in thinking that one click to a mystery website caused all this ? but I?m not sure how to look and find out where all these came from? Any help diagnosing and correcting this would be greatly appreciated. The infected PC has been completely disconnected from the internet and I will be using our backup for the duration of the recovery.

Here is a complete list of Malware identified by Windows Vista Home Security:
Email-Worm.JS.Gigger
IM-Worm.Win32.Kelvir.k
MWME.Tw... Read more

A:Several Malware Detected & Potential Rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

79 more replies
Answer Match 49.98%

Hello,
This is my second time posting on these forums. I had great help last time for my problem and really appreciated it. Now i'm back with another malware, i tried to fix it myself with no avail.

My current problem has to do with "System Security." I think i got it while browsing a web site from a pop-up, i thought i had avoided it, but then System Security kept popping up, scanning my computer and saying i was infected with "Lsas.Blaster.Keyloger." My desktop background was also changed to a black and red wallpaper saying something about my computer being infected and that i need to fix it.

I tried fixing the problem by scanning with ad-aware and registry booster, i used both in safety mode because every time i start the computer in normal mode it either freezes or restarts moments after it starts loading up the desktop. In safety mode i also deleted:

c:\Documents and Settings\All Users\Application Data\13998594.exe

and

HKEY_LOCAL_MACHINE\SOFTWARE\13998594

as well as the system security folder(s)

I checked:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
for
13998594
but i didnt find it in there nor any other weird sequences of numbers.

So now, I am stuck with no idea what to do next because:
1) I can't start my computer in normal mode.
2) I can't run Malware bytes, Spybot Search and Destroy, and ComboFix in Safety Mode.

As of now, my computer is still freezing up or restarting as soon as it starts up in nor... Read more

A:System Security Malware + Computer freezing on start-up in normal mode

16 more replies
Answer Match 49.98%

Hi guys, came home from work today and keep getting pop up Total Security and TSC details saying I have 42 infected files etc - tried to remove TSC from computer but when doing so it asks for the 'product key' and asks me to purchase the product - I'm led to believe this is a hoax product after reading up tonight - please find the report below.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Andy at 21:07:57.54 on 20/08/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3061.1039 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRY... Read more

A:Total Security and other potential malware issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 49.98%

Hi all,

Since yesterday my computer has been having a few issues, the CPU usage is unusually high (50-100% when idle on an i7), the fan has also been up at 4600RPM constantly. The PC itself seems to running relatively smoothly, but the battery life has also decreased from around 7-8 hours to less than 2.

After some browsing I found that I have 2 csrss.exe processes working, neither of which will show me their path using process explorer.

I have done scans with Bitdefender which seems not to have found anything
Here is the Hijack this log, I will follow up with the others shortly!
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:49:52, on 07/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Fi... Read more

A:Potential Virus/Malware - Laptop issues

Bump

EDIT:

I have done scans with BitDefender, Sophos & Kaspersky anti-rootkit, malwarebytes and a couple of other lite anti-spyware/anti-virus programs and none of them have turned up anything - I doubt it is a virus but I will be reformatting the hard drive later this week to wipe it all and start from scratch as the problem is rather annoying, and does not seem to occur when the pc is booted in safe mode.
 

2 more replies
Answer Match 49.98%

i have spent the last two days trying in vain to figure out why my windows defender became corrupted (MSASCui.exe error 0x8000003) and my AVG free v9.0 will not run (AVG watchdog service will not start, so says no components) with no luck at all. It also seems as though there is a rogue iexplorer process running on startup, which reappears after a 30 seconds if i manually stop the process via task manager. I have pasted the contents of the DDS txt file below and attached the DDS attach file as requested, however the GMER file fails to run(although i can see the process in task manager - this is similar to problems i have had with malware removal tools e.g. MBA-M). I do not have access to a Windows Install disc, or a Boot CD. Could someone pls help?


DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Paul at 0:10:16.00 on 04/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.251 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=... Read more

A:potential malware has killed AVG and Windows defender

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Did you uninstall AVG?

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do... Read more

13 more replies
Answer Match 49.98%

Hello BC pros and thanks in advance!
 
Yesterday I was unable to stream video from the internet, Chrome and Firefox, from multiple sites. The stream loads and plays the first second or two, and then hangs up completely. At one point AVG popped up from the toolbar with a threat, and I mistakenly clicked the 'X' while trying to open the dialogue. I've tried playing *.wmv's and the playback is very choppy and low resolution.
 
I've updated Flash and Nvidia drivers.
 
I ran AVG full scans and anti-rootkit scans. I also ran Malwarebytes scan and GMER, all of which didn't come up with much that looked threatening.
 
Here's my FRST logs:
 
-------------------------------------------------------------------------------------------------------------------------------
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Johnny (administrator) on WALLE (26-08-2015 18:36:45)
Running from D:\Downloads
Loaded Profiles: Johnny (Available Profiles: Johnny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.... Read more

More replies
Answer Match 49.98%

I've had a stuttering issue for the last few months. Whenever I open an .exe file (such as an unpacker or game setup file) my system stalls for 1-5 minutes, and then proceeds to open the .exe file. This stutter also occurs for a brief moment when opening the MSN Live Messenger program. It displays half of my contacts, stalls for 1-2 seconds, then displays the rest of my contacts. I haven't noticed this before, and I suspect malware. HJT! log attached.

Logfile of HijackThis v1.99.1
Scan saved at 12:47:52, on 2007-10-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program File... Read more

A:Solved: Potential malware, stuttering issue.

16 more replies
Answer Match 49.98%

Hi, I'm new...with a computer problem. Go figure.

I have Windows XP Professional 32-bit SP3.

Now the problem... one day, doing my usual online ritual in catching up on Youtube subscription videos, my anti-virus at the time (ESET) said it found some sort of virus and needs to restart to completely get rid of it. I figured, I'll wait until this vid is over. Well, the computer asked a few more times before it decided to restart itself. When it finally came back on the desktop... none of the icons came up, my wallpaper disappeared (turned black), all QuickLaunch icons are gone, nothing in Start menu except for My Docs, Computer, Control Panel, and such, and this new "Windows" computer fixer thing came up. Now, I forget what it really was as it only came up once. It said it found all sorts of problems, but I've never seen this pop up before and don't recognize its layout, and assumed it was fake.

I restarted into safe mode, did some scans. Malwarebytes found 35 infections and fixed them. Spybot found nothing, ESET nod32 I think found only a few problems. Even after those are fixed (assuming that pop up was one of them) I'm still having problems. I've tried to use TDSKiller, but it's not working for some reason. Even after renaming it and running it off of my portable hard drive and flash drive. I've tried other Rootkit programs and they came up with nothing. While I managed to get my desktop back for the most part, I can't use the c... Read more

More replies
Answer Match 49.98%

I was instructed by Aura to post a thread here in my thread at http://www.bleepingcomputer.com/forums/t/560670/most-program-installations-are-failing-with-access-is-denied/
Info about my problem can also be found in that thread.
 
So here it is.
 
DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Aaron at 18:41:29 on 2014-12-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16339.12292 [GMT 0:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
F:\Programs\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.... Read more

A:Potential malware due to admin rights loss

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

26 more replies
Answer Match 49.98%

Hi

In the last few days I have noticed a very obvious change in my PC's performance. It has become slow and clunky, especially whilst using the internet. Loading pages takes up to a minute for basic things like opening a google browser window and then navigating within sites is equally slow. Attempting to watch streaming videos has become almost impossible because it just buffers constantly.

I have also noticed significant lag on opening and viewing other file types, like photo's and video's held on my external drives.

Up until about 10 days ago, I had none of these issues, but my AV (avast free) caught a virus and I removed it, or so I thought. Since then, the problems seem to start, so I think that whatever got into my machine is still there.

I would appreciate your help in reviewing and cleaning my PC.

Thank you.

Sysinfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: AMD Athlon(tm) II X4 620 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 3582 Mb
Graphics Card: ATI Radeon HD 4200 (Microsoft Corporation - WDDM v1.1), 512 Mb
Hard Drives: C: Total - 152524 MB, Free - 108702 MB; E: Total - 305242 MB, Free - 114526 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA785GT-UD3H
Antivirus: Windows Defender, Disabled
 

A:Potential Virus/Malware causing slow PC

16 more replies
Answer Match 49.98%

hi i am running:
Samsung R530/R730
windows 7 ultimate, service pack 1
Pentium dual core cpu
T4300 @ 2.10GHz x2
RAM 8.00GB
64bit OS
 
and my avg pc tune up software brought this to my attention! it gives me no option to update, install or roll back the driver and cant seem to find much info on the web about it other than the few steps ive tried i.e; Microsoft fix-it (didn't work), uninstalling the driver (made it disappeared altogether without the choice to reinstall, also lost the ability to connect to the internet obviously), also tried a program called "RestoreTCPIPProtocolDriverWindows7" (not sure what it did as it opened a CMD window and quickly disappeared) and finally i tried the winsock method (also did nothing)  
 

 pc pic.jpg   108.26KB
  1 downloads
 
the reason i suspected malware is that i recently used "mall-ware bytes" and found a few things that avg had missed!
also everytime windows starts up a quick command pops up with the MCE icon and quickly disapears (might not be related but has only started doing it recently)
 
hope the infomation helps and will be happy to provide more! also sorry if this is in the wrong section of the forum but this is my first post here 
many thanks in advance

A:tcp/ip error 24 potential malware issue but unsure

Okay so you currently cannot connect to the internet and you possibly uninstalled your network driver and you may have malware.
 
I guess we need to get your internet working so you can head over to the " am I infected ? " section of the forum and have the malware pros help you.
 
Have you tried going to the samsung website and downloading/installing the current network drivers?  That would be my first thing to try.  Do you connect to the internet via wired or wireless connection?  There are two separate drivers that I saw.  One for wired and one for wireless.

1 more replies
Answer Match 49.98%

Hello

My Dell laptop (XP) suddenly will not run any programs. The error message is "Windows cannot access the specified file etc....You may not have appropriate permissions to access the item". I am guessing this is some sort of virus?

I had Sophos antivirus running plus Malwarebytes but now nothing will run/scan for me, including Internet Explorer.

I downloaded the ddr and gmer as instructed. I have attached the ddr logs but cannot run the gmer.exe - same error message "Windows cannot access the specified....You may not have appropriate permissions to access the item".

I don't understand this instruction: "If (and only if) there are problems using gmer as indicated above, save a scan from the initial startup scan."

How do I do that? I'd really appreciate some advice on the next steps.

Thanks
calvere

A:Windows cannot access file - Potential malware?

Update for anyone having similar issues. I downloaded Malwarebytes again, changed the name to mb.exe, was then able to run it from the cd on the problem laptop.

Sophos then started running (it wasn't before) and detected 2 viruses which it cleaned.

I am assuming this is all cause and effect and not just coincidence! I am now able to run programs and everything seems OK.

calvere

1 more replies
Answer Match 49.98%

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_31Run by Randy at 15:55:07 on 2013-01-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2106 [GMT -5:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exeC:\Windows\system32\ctfmon.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:&#... Read more

A:Potential Malware svchost.exe -k netsvcs - Desktop

Hello captn ron, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.1.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfil... Read more

22 more replies
Answer Match 49.98%

Hello, this is my first time requesting help from this site, and I hope you can help me with my problem.

I've recently been having some networking problems that have seemed to materialize virtually out of nowhere. The computer I am posting from is, and was connected wirelessly when the problems first occurred. My connection dropped to a low 20-30 Mbps, with internet and gaming moving at abysmal speeds.

After purchasing a new router and adapter, I am still getting the same speeds when connecting to the internet, and having tried almost everything at this point, I fear that it may be a virus or some spyware/malware that may have gotten attached to my computer.

A very careful downloader, I must admit before the problems started I downloaded a mod for the game Star Wars Knights of the Old Republic 2. If you don't know about the mods, they are added on by running an .exe that patches the game. While before running this exe I had scanned it with AVG and VirusTotal.com, it may be the problem.

Other than my connection staying at a constantly low speed, my inability to stay connected to programs such as Ventrilo are the only current symptoms I faced. I haven't noticed any pop-ups, odd browsing occurrences, or strange files running. AVG and SpyBot have also shown my system as being clean; but I am not ruling out a problem.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Vincent at 7:37:29.76 on Wed 06/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Pro... Read more

A:[SOLVED] Potential Virus/Malware Interference?

Hello MartianEconomic and welcome.


Quote:




After purchasing a new router and adapter, I am still getting the same speeds when connecting to the internet,...




I'm not seeing any malware here. Are you talking about internet speed in Firefox or IE?

1 more replies
Answer Match 49.98%

Hey guys,
 
First of all, THANK YOU for everything that you guys do. You've saved my a*% quite a few times but this is the first time I've ever posted needing help. I am presented with a Toshiba Satellite L755 that was having trouble connecting to the internet. An un-named Blue and Yellow big box store told him that most likely his Wireless card was broken and the machine would need to be sent off for a 6-8 week replacement of said card. (Sorry, had to throw that in.... It gave me a chuckle!)
 
Specs: Windows 7 Home Premium (SP1), Intel Pentium B960, 4G RAM. 
 
At first glance, I noticed in msconfig that ALL services/startup items had been disabled on the same date (7/14/13). After restarting the services, magically, the "broken" wireless card came back to life as did the NIC. Unfortunately, there are many more problems. I cannot get a backup or even a straight copy of any of the data in the user files. It doesn't seem as though anything is missing, the machine just won't give the data up!!! Chrome opens to the EULA and then hangs if you accept it and IE opens to that cute little swirly blue circle and shows not responding in the task manager and can only be closed by going to the process and ending it. I've managed to uninstall Chrome and use an external drive to download the stand alone installer to get Chrome usable on the machine. 
 
What I've done: Boot from Hiren's and attempt MBAM (found 3 issues which I've deleted), TDDSKiller (both from ... Read more

A:Potential Malware Disabled/Hid Network adapters etc.... Need Help

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

1 more replies
Answer Match 49.56%

I downloaded a piece of youtube/video downloader software form the Softopedia website and then tried to remove it later. One was a huge clunky piece of crap that didn't end up working but that kept asking for permissions from Comodo Firewall as I tried to get it to work
A week or two later after I tried to uninstall the programs within a few days later I started noticing that Firefox started to freeze. i though it was internet slowdown of the websites or google maps.
I then found it hard to click on the start menu and other parts of software on windows. It stated to totally freeze up until I couldn't use the mouse to click.
I tried to do a restore point and it wouldn't work. It blocked/erased the restore points up to only a few days before. It also started blocking Avast. I was only able to get a restore point from my last back up ...in May. that seemed to work after 2 days of trying different things and different malware programs
It seemed like like it worked and I removed all the antivirus and firewall and put in new one and continued using the computer. IT felt that there was still something going on as it the computer sounded weird as if its struggling. It seemed like everything was fine and I using it but I kept trying different anti malware programs.
none of them would find anything....I tried Comodo Cleaning Essentials today and it found
something in Avast
Program file\Avast\Software\Avast\ng\vbox\VBoxDD2GC.gc
When the program cleaned it the same thing started happenin... Read more

A:Rootkit-Malware Freezing computer, Blocking Restore Points and disabling firewal

My computer is a reg computer/ workstation
Windows 7, Service Pack 1
Intel ICore i7-3820 CPU @ 3.60GHz,
RAM: 3526 Mb
Graphics Card: NVIDIA GeForce GTX 660 Ti
Motherboard: ASUS
 
No Antivirus is working. I was able to turn on the Windows firewall
Its disabling alot of anti malware programs, since I did this last restore point.
 
"Program file\Avast\Software\Avast\ng\vbox\VBoxDD2GC.gc"
 
I did as search for vbox and its part of Java or Oracle Virtual Box. At one point I had Java on for an online class and it was left on incase I still needed it later.
 
I found this bit of info at :
http://r.virscan.org/report/20c65bf482136ae6fd68955087aacb23
 
File information


File Name : VBoxDD2GC.gc (File not down)

File Size :12672 byte

File Type :application/x-dosexec

MD5:2b147d966d5fb34e31ab5aa5e032dc20

SHA1:629917e3d87f85380f473216cdfb1370bc0eda0f


Scanner

Engine Ver

Sig Ver

Sig Date

Scan result

Time

comodo

15023

5.1

2014-11-08

Heur.Packed.Unknown

3
 
Other programs that found it
http://r.virscan.org/report/20c65bf482136ae6fd68955087aacb23
 
I did find a Heur.Packed.Unknown in Comodo as part of a search from a scan program
and it showed up as [email protected]
 
this was in the list of virus scanners

qh360

1.0.1

1.0.1

1.0.1

Win32/Trojan.6b9

... Read more

4 more replies
Answer Match 49.56%

Does anyone know of a good website where someone can enter a URL or the name of a program to see if the site or program is a potential problem or not? For example, one of the members of TSG.com responded to my request for a good desktop calendar by referring me to http://www.wildlife-pictures-online.com/free-desktop-calendar.html. I checked it out and it looks like a good calendar but I wonder it it might contain some nefarious stuff that I don't want or need. Thanks for the help.
 

More replies
Answer Match 49.56%

I will appreciate if anyone is able to help me and my computer issue, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:03 PM, on 12/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwl... Read more

A:*ATTENTION* In need of help, definite Malware and potential Trojans, please assist.

bump
 

2 more replies
Answer Match 49.56%

My mom has concerns that her computer has malware due to slow boot times and a slow browser (Chrome).
Thanks for looking this over.
Becky

DDS results:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by linda at 19:48:58 on 2014-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1614 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x... Read more

A:slow browser and boot time - potential malware?

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs. We'll see what turns up.

------------------------------------------------------Launch Malwarebytes' Anti-Malware
On the Dashboard, click the Update Now >> link.
After the update completes, click the Scan Now >> button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.
------------------------------------------------------After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double-click on the scan log which shows the date and time of the scan just performed.
Click Copy to Clipboard
Paste the contents of the clipboard into your reply.
--------------------------------... Read more

2 more replies
Answer Match 49.56%

hii am having a lot of problems with my computer. i have a dell dimension 4600 and running xp, home ed. first, it started with a blue screen that would come and go with message; "stop: 0x0000008e". that went away. now i have a popup that comes every 5 minutes which says; "warning! potential spyware operation". also, my control panel keeps disappearing AND i am restricted from certain areas, and i get this message; " this operation has been cancelled due to restrictions in effect on this computer". i have tried working in safe mode, but everytime i do, my machine freezes.i have run:mcafee virus scanadawareavg virus scancomboxfixspybotsmithfraudhijack thishere is the latest hijack this log. any help would be vastly appreciatedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:23:37 AM, on 11/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.e... Read more

A:Warning! Potential Spyware Opeartion!...and Other Malware Issues

something new...just tried to fix one of the items in the HT log which i know is bad, and got an error message stating that i do not have access to alter the registry on my computer.

4 more replies
Answer Match 49.56%

Hi.I am carrying this topic here from the Am I infected? What do I do? and the topic Ie: Xpc Infosystems, IE Homepage hijacked !!!. All troubleshooting included in the earlier post. The problem in short is that the IE7 Homepage is hijacked to "http://nvr.xpc.co.in" and the IE Window Title has changed to XPC Infosystems. 1. Performed an scan using Kaspersky Online Scan, which showed Worm.VBS.Small.n as the infection. result attached. 2. Perfromed a scan using Deckard's System Scanner. However, I ended up closing the notepad files "main" and "extra". How can I locate them on the system drive?3. Have followed the steps as mentioned in the topic Ie: Xpc Infosystems, IE Homepage hijacked !!! but enabled the Windows Scripting so that it could be caught by the scans. Please help to solve this.ThanksThe HJT Log is attached below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:13:57 PM, on 22/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24Ev... Read more

A:Ie7 Homepage Hacked: Potential Malware (worm.vbs.small.n)

Saurav RaajSorry for the delayYou have a suspicious file I would like to look at Please go HEREPut Your Name, and Bleeping Computer HJT forumand In the file to submit box, click Browse. Locate the fileC:\WINDOWS\system32\NewVirusRemoval.vbsIn the comments tell them that I asked you to upload the fileThen Select Send File.Thanks2. Rerun Hijackthis (scan only) and place checks beside the following entriesR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nvr.xpc.co.in/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XPC InfosystemsF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NewVirusRemoval.vbs Close all other open windows except Hijackthis and Select "Fix checked"Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

15 more replies
Answer Match 49.56%

I'll try and keep this brief. I've been having stability issues with a Thinkpad T60p running WinXP+SP3 and the usual remedies either do not find anything to fix or fix things that make no difference (Malwarebytes Anti-Malware, Comodo Internet Security, CCleaner, HJT, CHKDSK, Advanced System Care, etc, etc).I followed the Preparation Guide carefully before posting. The DSS logs are attached. I have not been able to get GMER to complete. It has led to some perhaps unrelated BSODs, even running in safe mode. When I finally got it to apparently complete a scan, I was able to hit save but then the system essentially froze at the Save dialog and I was not able to save anything, end the program, or even shut down cleanly. On another occasion, I didn't even get to that point and the system essentially ground to a halt. And yes, I've been very patient.Key symptoms are these:Random restarts after a day or two, perhaps after a BSOD which I do not see; nothing obvious in Event ViewerLousy bandwidth on a wireless connection that should be capable of 10MBps downloads (getting <1 according to speedtest.net)Occasional complete loss of Internet connectivity necessitating a reboot; pinging the router was OK and other machines on the network had no problems.Out of memory errors, Chrome plug-ins crashing ultimately necessitating a rebootSo as I said, I'm being brief. I hope that someone's interest is sufficiently piqued to be able to help me with next steps.Many thanks in advance for all h... Read more

A:Digging deeper to find potential malware problem

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

19 more replies
Answer Match 49.56%

Good day,

I am currently experiencing the following errors with my Windows 7, 64-bit Toshiba Satellite laptop:
- I am being blocked from my 2 User Profiles intermittently when I try to log in during and after start up. I am getting this error message: "Windows is unable to load user profile. Please try again later."

- I am unable to use my phone as a USB device when it is connected to my laptop, even though my drivers are up to date, the cable is working properly (I have tested it on other phones), the phone is unlocked and the relevant settings were adjusted on my phone so that the phone can function as a USB device and allow me to view files on a PC / laptop. It even gives me the option to safely remove my device on the task bar when it is connected to me device yet I cannot open it to view files.

- My anti-virus programs are not updating. Both AVG and Bitdefender were unable to update on the laptop. Currently, I am only using Bitdefender.

- The desktop configuration file is in all my folders as a hidden file, along with the System Volume Information, $RECYCLE.BIN, Program Data folder as hidden files. When I tried to delete them in safe mode the Program Data and System Volume Information Folders don't move and the other two hidden files come back eventually.

- I cannot access my Microsoft Office programs. Below are screen shots of what occurs when I try to enter a Microsoft document:

* "Configuring Process: Configuring Microsoft Office Professional... Read more

More replies