Tech Problem Aggregator

Viruses found after reformatting computer - my hijackthis log

Q: Viruses found after reformatting computer - my hijackthis log

I completely reformatted my computer and reinstalled all Windows updates and afterward, Avast! found some viruses and malware during a scheduled boot scan. i was a little concerned, so i thought i would post a hijackthis! log. just to be safe that i wasn't removing any needed Windows files that the scheduled boot scan found, i moved all files to the virus vault of Avast!.

here are the files that are in my Avast! Virus Vault:



i can restore these files. so please let me know if i need any of the files in this vault, otherwise i will just remove them.


here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:24 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227218333468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227220969906
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4350 bytes


and here is my uninstall list log:

Adobe Flash Player 10 Plugin
AIM 6
avast! Antivirus
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel? Extreme Graphics 2 Driver
Java(tm) 6 Update 10
Magic ISO Maker v5.5 (build 0265)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.4)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Tweak UI
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3

A: Viruses found after reformatting computer - my hijackthis log

Hello and welcome to TSF.

Apologies for the delay in response. If you haven?t received help elsewhere already and still require assistance, please post the logs requested in our pre-posting process outlined below:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 107.94%

I completely reformatted my computer and reinstalled all Windows updates and afterward, Avast! found some viruses and malware during a scheduled boot scan. i was a little concerned, so i thought i would post a hijackthis! log. just to be safe that i wasn't removing any needed Windows files that the scheduled boot scan found, i moved all files to the virus vault of Avast!.

here are the files that are in my Avast! Virus Vault:

i can restore these files. so please let me know if i need any of the files in this vault, otherwise i will just remove them.
here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:24 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program ... Read more

More replies
Answer Match 65.52%

We have run a scan with Avira and it found 43 viruses and we have them quarantined; however, they were on the back up drive. Now what can we do with those viruses and how do we know they are gone. Below is my hijackthis log of the normal c: drive. I do not know how to run a hijackthis scan on the back up drive however.

By the way, you guys are awesome at what you do. I have used you guys and I have told multiple friends and they have used you guys for their own problems. Keep up the great work. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:42 AM, on 7/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\TeamViewer\Versio... Read more

A:43 viruses found with Avira + Hijackthis log

16 more replies
Answer Match 62.16%

please help!!!!!!
NORTON does not work, only antivirus that i have is panda, i ran it and it said that i had 13 viruses including a .dll one and cant delete or fix this viruses, my comp does not want to start in other mode than safe
system restore doesnt work,
i dont have the cd's that gateway asks me to use to reformat
have a lot in this drive dont wanna loose all that
but if necesary ill reformat the drive
this is the hijackthis log>:

Logfile of HijackThis v1.97.7
Scan saved at 03:21:34 p.m., on 11/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Win... Read more

More replies
Answer Match 59.64%

I'm completely computer illiterate, and I have absolutely no clue what any of this means.

This morning my windows (xp) crashed, so when I got back on I ran a virusscan online and found all of this crap.

C:\Documents and Settings\...\child.dll Downloader-GS
C:\Documents and Settings\...\Temp\ljgfkkgo.htm BackDoor-AXJ.htm
C:\Documents and Settings\...\Temp\npegkjop.htm BackDoor-AXJ.htm
C:\Documents and Settings\...\newobject1[1].hta HTML/Debeski
C:\msdos.exe DDoS-Decill
C:\netlog.exe DDoS-Decill
C:\Program Files\Internet Explorer\omkqbkxt.exe BackDoor-AXJ
C:\System Volume Information\...\A0185734.exe AdClicker-O.dr
C:\System Volume Information\...\A0189891.exe BackDoor-BDG
C:\System Volume Information\...\A0191005.exe Keylog-Briss
C:\System Volume Information\...\A0191065.dll Keylog-Briss
C:\System Volume Information\...\A0196852.exe Downloader-JU
C:\WINDOWS\infamous.exe Keylog-Briss
C:\WINDOWS\SYSTEM32\Ayk45X3S.exe Downloader-NY
C:\WINDOWS\SYSTEM32\child.dll Downloader-GS
C:\WINDOWS\SYSTEM32\Dyf0o5.exe Downloader-NY
C:\WINDOWS\SYSTEM32\Dyf0p5.exe Downloader-NY
C:\WINDOWS\SYSTEM32\Fnodfocn.dll BackDoor-AXJ.dll.gen
C:\WINDOWS\SYSTEM32\FnwN9.exe Downloader-NY
C:\WINDOWS\SYSTEM32\Hhnoha32.exe BackDoor-AXJ
C:\WINDOWS\SYSTEM32\Hjkap.exe Downloader-NY
C:\WINDOWS\SYSTEM32\IfojrV.exe Downloader-NY
C:\WINDOWS\SYSTEM32\Ipg3qM.exe Downloader-NY
C:\WINDOWS\SYSTEM32\jao.dll Keylog-Briss
C:\WINDOWS\SYSTEM32\Juiw50.exe Downloader-NY

I plan on buying some McA... Read more

A:Help help help!! McAfee found 25 viruses on my computer!

6 more replies
Answer Match 59.64%

Somewhere between 2-6 times a day I get a popup saying:

Viruses were found on your computer. "You need to clean the computer to prevent the system crash."

I have run MB and several other scans that all come back clen. What's next?

A:"Viruses Found On Your Computer" Popup

What happens when you click on the popup?

17 more replies
Answer Match 59.64%

Hello! I have the same issue. These are my results: SECURITY CHECKUnavailable. Document did not pop up.FSSFarbar Service Scanner Version: 24-06-2012 01Ran by lisa (administrator) on 25-06-2012 at 01:39:46Running from "C:\Users\lisa\Desktop"Microsoft Windows 7 Professional Service Pack 1 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============mpsdrv Service is not running. Checking service configuration:The start type of mpsdrv service is OK.The ImagePath of mpsdrv service is OK.MpsSvc Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy: ============================Windows Defender:==============WinDefend Service is not running. Checking service configur... Read more

A:Pop Message:Viruses Found On Your Computer

First: Before we look for malware lets check your Hard Drive.Please read these instructions and don't continue if you have any questions about what I am asking you to do! You may want to print these instructions.Please go to Western Digital and click DOWNLOAD.NOTE: This test will work on drives other than WD drives.Please unzip the file to your desktop.Run WinDlgSelect your driveAbove the "drive window" select the icon to the left of the words "to run test or"BE CAREFUL on this step select Extended TestPlease let me know if your drive passes or fails.

1 more replies
Answer Match 58.8%

I'm trying to clean a friends computer, and having problems. He was complaining of it freezing after around 10-20 minutes of use, and really slow response times when starting up/shutting down.

I ran MalwareBytes AND TrendMicro HouseCall, and have cleared more than 200 trojans off the machine already, using those programs.

Any help you can provide would be GREATLY appreciated.

Thanks,
Samantha

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3034 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1293 Mb
Hard Drives: C: Total - 223434 MB, Free - 99921 MB; G: Total - 476268 MB, Free - 421347 MB;
Motherboard: Dell Inc., 0K138P
Antivirus: Trend Micro Titanium Maximum Security 2012, Updated: Yes, On-Demand Scanner: Enabled
HiJackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:17 PM, on 12/25/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 -... Read more

A:Computer Freezes, Same Viruses Found at Startup

6 more replies
Answer Match 58.8%

A couple weeks ago, my computer started being extremely slow and freezing randomly.
Today, I scanned it with Malwarebytes and found a couple viruses.
I figured, if Malwarebytes found a few viruses, there's most likely more to be found.
So, I was wondering if someone could help me clean my computer.
Oh and also, task manager is telling me my hard drive is currently writing at full capacity while i'm not performing any tasks which is quite strange.
Here's MBAM's log
 

 
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2013.11.19.12
Windows 7 x64 NTFS
Internet Explorer 9.10.9200.16736
Dark :: XXDARKSHADOWXX [administrator]
Protection: Enabled
11/19/2013 6:29:31 PM
mbam-log-2013-11-19 (18-29-31).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 510141
Time elapsed: 1 hour(s), 18 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CSCRIPT.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Windows\KJ\KJ_Remover... Read more

A:Computer freezing randomly, viruses found

Hello darkritual, I need you to consider this first.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

9 more replies
Answer Match 58.8%

My computer started running really slow the other day, so I ran a Bitdefender 2008 Total Security Deep scan and it didn't detect anything... I've done some other things, like cleaned my registry (also with bitdefender) ran CHKDSK, but still my computer locks up frequently and often isn't able to run more than one application without freezing.

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:00:23 PM, on 6/17/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files (x86)\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adaptoid\wishd201.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157... Read more

More replies
Answer Match 58.8%

Spybot S&D found viruses and computer is slowI have one post for my desktop at work and one post for my laptop at home. Please do not delete one. These are separate computer issues. Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:13:57 AM, on 3/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\MATLAB7\webserver\bin\win32\matlabserver.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\... Read more

A:Spybot S&d Found Viruses And Computer Is Slow

Hello outqast,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

26 more replies
Answer Match 58.38%

I ran scan with Malwarebytes and found two (2) viruses. PUP.Zugo. Malwarebytes quarantined, may be removed. Also ran Norton's Power Eraser which Did not find PUP.Zugo.

Today I ran OTL - Old Timer. Got name from Gringo, last friday advise to another party. I ran "FIX" in OTL, but got error message, did not recognize Custom Scan code I had inserted ( <%TEMP%\*.*/s> (Gringo provided but to a laptop owner)
I have the OTL log to provide to Bleeping Computers tech support.

SYSTEM INFO: I have an hp Pavillion, 64 bit, Windows 7, desktop, about 3 years old.

ERROR MESSAGES : DAMAGE VIA PUP.Zugo: to a hot key, START UPS, and hot key (cannot find the messages)

SEPT. 1 MALWAREBYTES FOUND: 3 VIRUSES: FREEZE FROG

Folders Infected:
c:\program files (x86)\freezefrog\bin\2.0.21.0 (Adware.FreezeFrog) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\freezefrog\bin\2.0.21.0\copyright.txt (Adware.FreezeFrog) -> Quarantined and deleted successfully.
c:\program files (x86)\freezefrog\bin\2.0.21.0\freezefrogsacb.exe (Adware.FreezeFrog) -> Quarantined and deleted successfully.
I KEEP GETTING ERROR MESSAGE THAT GOOGLE IS NOT INSTALLED AND IS NOT AVAILABLE, although set as my default. Also, another error message from Interet Explorer 9 which opens every time I open any file. Both of these error messages open whenever I open any file,and are, of course, v... Read more

More replies
Answer Match 58.38%

Hi,
Ive had issues with my computer for about 6 months now. At the time I had quite a few viruses that I thought I had successfully removed on my own. However since then the computer seems to be barely crawling. Web pages take about 20 seconds to load, programs take even longer to open. Ive run the kaspersky scan and it found no viruses, same with AVG.
I use adaware but it doesnt seem to find anything besides cookies.

After following your 5 steps, the panda scan did find some issues, I have pasted that as well as the Main text and have attached the extra.txt


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Adware:adware/webattaker Not disinfected c:\windows\uniq ... Read more

A:Computer running extremely slow, no viruses found

bump.

13 more replies
Answer Match 58.38%

hi, my computer is running very slowly and avg and symantec have found at least 5 viruses. ALSO, when i log onto my computer, an alternate operating system was created (not by me)... it's all numbers (something like 14430485) and it's password protected. i don't know what to do, so i'll just post a hijackthis logfile.

thanks in advance

jeff

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:03 AM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program File... Read more

A:multiple viruses found and computer is running slow

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

2 more replies
Answer Match 57.54%

Hi,

I hope I am posting in the correct place and I hope somone can help because this has been driving me crazy trying to fix this. On Wednesday, my computer was fine. On Thurday, it took about ten minutes for the icons and taskbar in Windows to load (I'm running XP home edition, SP 2). Once loaded, my computer couldn't access the internet. It seems like I am infected, but I ran AVG and only found a few tracking cookies, which I deleted. I also ran Malwarebytes in normal and safe modes, and both modes showed no threats. Other programs I've checked my system with are CCleaner, F-Source Blacklight Rooktkit locater, lspfix, drweb-cureit, and smithfraudfix -- all showed no problems. I used system restore and went back to a month ago, but I'm still having the same symptoms. My internet is run through a router with another computer, and the other computer is working fine. I've tried reseting the modem and the router, and neither fixed my internet problem. If I load Windows in safe mode, then the computer loads quickly. But everytime I load it in normal mode or in safe mode with networking, it takes about ten minutes to load. The slow loading and no internet connection began at the same time, so I assume they must be connected. But since I haven't found any threats, I'm not sure where to turn. So if you can point me in a direction or offer any help, I would greatly appreciate it.

Tim

More replies
Answer Match 57.54%

I recently noticed deteriorating performance in my computer, also getting pop ups from mtn6 addresses. Another problem was that for a period of time when i was opening firefox i would get this microsoft security risk that would tell me to go download Perfect Defender 2008. So i decided to check for trojans, virus, etc etc. I downloaded Ad-Aware and Malwarebytes, I scanned with both of them Ad-Aware found nothing and Malwarebytes found 38 trojans. This really made me worried, but the popups and the perfect defender virus was gone. I'm here because I was wondering is there anyway to check if my computer is truly clean?

Thank you very much

HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:32 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.e... Read more

More replies
Answer Match 57.12%

Hello,
I have been having difficulty for awhile (months). My computer started running slow and I was getting pop up ads. About 5 months ago the pop ups stopped (a friend deleted some program he found) but other symptoms persisted. I will note some details on my system, what is happening and what I have tried doing. Let me preface this by saying I am essentially a novice. I use my computer daily but have little understanding of the inner workings of such things which is why I selected Bleeping Computer to come to for help because all of the forum posts I read were so helpful. I have searched through many of the forums for symptoms similar to mine but none seem to match quite right.
I have a Lenovo computer, AMD Athlon Processor 1640B  2.70GHz, 2.00 GB RAM, 32-bit operating system, running Windows Vista Home Premium Copyright 2007.
 
Symptoms: Overall slow operations. Both online and even within my own programs like opening a file or searching documents. I do run a few things simultaneously but I didn't think it was a lot. I will typically have 2 or 3 internet explorer tabs open, one or two with email and a third for searching online with google etc. I may also have one or two word or excel documents open. I don't play games or use photoshop type of programs, just basic websites and simple files. Often when I click to open a Microsoft Word (or Excel)document Word will open but I will get an error message and the document itself won't open. This is easily remedied by c... Read more

A:Slow computer, IE closes unexpectedly, no viruses found with scans performed

    Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:... Read more

26 more replies
Answer Match 57.12%

just wondering,if you reformatted your hard drive would it get rid of any viruses you may have or can they linger somewhere in your system until later.whats a stealth and trojan virus?ive scanned my hard drive 4 times with an updated norton 2000 and it came up clean,but whenever things dont work as they should i get a little paranoid,ive noticed data transfer is very slow compared to friends computers,i run win 98 on a p2 300 128ram,norton utillities 2000--i defrag regularally and do a disc cleanup on a regular basis also.norton diognostics cant find any problems
 

A:viruses and reformatting

Virii can hide in the Boot Record or Master Boot Record. The MBR is not changed when you format your drive, or even when you FDISK - only when you FDISK /MBR

As for speed - there are many things that can cause your system to seem slower than someone elses. Does he have the same brand / model hard drive and motherboard as you?
 

2 more replies
Answer Match 57.12%

Hello,

I am about to use my system recovery CD, which I believe will reformat my hard drive. If I do have viruses/spyware on my computer, will reformatting my hard drive totally remove them? Is there anywhere left for them to hide? Thanks!!

A:Reformatting Hd And Viruses

Reformatting should remove viruses completely.
If you have something called a restore partition on your drive, there's a chance the files in there could be infected if the restore CDs don't recreate that partition. If you wipe the entire drive from the CD though, you should be fine.

5 more replies
Answer Match 56.7%

Websites keep getting redirected, I keep getting strange popups, and now one of my harddrives seems to have disappeared. I've tried running Mbam and SuperAntiSpyware, but Mbam comes up with an error and won't let me run it and SuperAntiSpyware keeps freezing. Here is my most recent hijackthis log file. I noticed it says I'm running Internet Explorer, but I don't have it open and haven't opened it at all.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:21:40 PM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\... Read more

A:Hijackthis log help viruses taking over my computer

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 56.28%

Hey Everyone, I recently reformatted my computer in hopes of being able to start over, on a virus free system. However, even after two, apparantly successful, reformat attempts, my system is still plagued with viruses, spyware, popups, etc.. I have absolutely no idea what to do... I always thought of reformatting as a "nuclear weapon" that was intended to destroy everything. Here is my Hijackthis logfile, I'd be happy to provide any other information you need. Thank you in advance for your help!Logfile of HijackThis v1.99.1Scan saved at 1:31:43 PM, on 12/24/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exeC:\PROGRA~1\NORTON~1\... Read more

A:Viruses And Spyware After Reformatting!

You have 2 active AV's - remove one - you only want one on a system========================Please download http://www.atribune.org/ccount/click.php?id=4 to C:\Double-click VundoFix.exe to run it.click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HijackThis log.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.=======================Download Superantispywarehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREE Install it and double-click the icon on your desktop to run it.? It will ask if you want to update the program definitions, click Yes.? Under Configuration and Preferences, click the Preferences button.? Click the Scanning Control tab.? Under Scanner Options make sure the following are checked:o Close browsers before scanningo Scan for tracking cookieso Terminate memory threats before quarantining.o Please leave the others unchecked.o Click the Close button to leave the control center screen.? On the main screen, under Scan... Read more

1 more replies
Answer Match 55.86%

Deckard's System Scanner v20071014.68Run by Felizadio on 2007-12-29 22:52:56Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 239 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2007-12-29 22:53:26Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\MSTpscre\Tpscrex.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Comm... Read more

A:I'm Trying To Remove The Viruses On My Computer, And This Is My Latest Hijackthis Log

Hello themadavenger,Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please follow these steps:If you still have dss on the desktop, click start > Run, copy&paste this line into the empty runbox:"%userprofile%/desktop/dss.exe" /configPress OK. You will see DSS Configuration window, click on Check All then click Scan!, when the scanning is done, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you don't have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen ! If dss doesn't ask to download and install HijackThis then follow these steps:Click here to download HJTInstall.exeSave HJTInstall.exe to your desktop.Doubleclick on the HJTInstall.exe icon on your desktop.By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install.It will create a HijackThis icon on the desktop.Once installed, it will launch Hijackthis.Close it for now because we will not use it since dss reports will provide the information that is needed so we can proceed.Regards,

2 more replies
Answer Match 55.86%

Logfile of HijackThis v1.99.1Scan saved at 8:30:36 AM, on 6/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quick... Read more

A:Computer Freezing / Suddenly Slow / Recurring Viruses Found By Adaware, Etc., But They Keep Coming Back

Here is my Hijack This log as requested. I ran the other programs to remove what could be removed. My computer has been super slow and it is actually freezing thus requiring me to remove the battery to unlock. Also, I think someone at my company may be monitoring what I am doing--any suggestions on how to figure that out? Thank you so much for your help. TonyLogfile of HijackThis v1.99.1Scan saved at 11:42:03 AM, on 6/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Citrix\ICA... Read more

9 more replies
Answer Match 55.44%

Here are the specs of the machine: here

What I did was try all the top spyware/virus removal, registry cleaners, ect from download.com. They helped to a small degree, but the machine is still very slow and unresponsive. Help would be greatly appreciated.
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:45 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q30... Read more

A:Friends computer has embedded viruses that I can't remove - [Hijackthis Log]

12 more replies
Answer Match 55.44%

On Tuesday a fast mp3 plugin was installed on my computer, since then and since Mozilla Firefox was opened for the first time I have been having alot of problems with my computer. I cannot access all of the internet pages I once could, a blank screen appears for some. I cannot uninstall any programs using add/remove, a couple of days ago my computer kept crashing and it said it recovered from a serious error. Symantec email windows kept popping up with spam, [I uninstalled then reinstalled Norton Antivirus and that stopped as well as the computer crashing], and my windows firewall said due to an unidentified problem it couldn't display settings. So many spyware trojans and viruses have been found with my Ad-Aware, Spybot, Norton Antivirus, Windows Defender, Xoftspy, and CCleaner programs all of which fail to eliminate all of the spyware and viruses. There were so many things found I couldn't name them all but some that kept popping up were Trojan Anserin, Downloader, Haxdoor, Torpig, Killsec, Spydoctor2006, and windowssecuritycenterfirewalldisabled. How can I get rid of all these problems, I just took my computer to a repairman a month ago for basically the same problems, he installed CCleaner to help with these problems but it hasn't worked. He also installed Mozilla Firefox which I just opened, I was wondering if this could also be causing problems. Please help, I don't want to have to take my computer back to the shop again. Logfile of HijackThis v1.99.1Scan saved at 10:49... Read more

A:Torpig, Trojan Anserin, Killsec And Many Other Viruses And Spyware Found On Computer After Fast Mp3 Plugin Installation

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Your system is terribly infected. The problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused... Read more

22 more replies
Answer Match 55.44%

I was surfing yesterday when with multiple browser windows open when my browser froze. I noticed that other items weren't working properly like my tool bar wouldn't re-appear. I tried a CTL-ALT-DELETE but it wouldn't close any of the open processes. I tried to shut down and that wouldn't work either so I did a hard shut down and restarted in safe mode. I then ran Spysweeper twice and McAffee twice in safe mode which each identified a few items and deleted or quarentined them. I then tried to restart my computer which initally froze in the boot up process. I powered down and tried again. My machine restarted but after a few minutes of running will lock up again. I can only seem to operate in SafeMode which I'm doing now. I did manage to run Hijackthis in normal mode which you see below. Thanks for your help in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:51:53 PM, on 1/1/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINNT\system32\spoolsv.exe... Read more

A:Was surfing when computer froze, found some viruses and spyware w/ current software but didn't fix freezng problem.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 52.92%

Hey guys, just trying to reformat my computer and start over fresh, but... upon the restart . . . it tries to boot up and I get a message that's centered in the middle of the screen that says:

a0txp6zv.sys cannot be found.

Press any key to reboot.


This file can't be googled . . . and I don't know what to do, I can't reformat for some reason . . . I think I'm stuck, does anyone know anything about this file?

I'm heading off to work, I'll check back and if you need further info, I'll reply as soon as I return home, I look forward to any responses.

A:a0txp6zv.sys Cannot be Found (Reformatting)

You said it does this on the restart. When exactly does this occur? When you reboot after the DOS portion of the XP install, or after you completed the XP installation and rebooted? Did XP start successfully once since you reinstalled?

BMR777

1 more replies
Answer Match 52.92%

first of all, i have done an antivirus(nortons)within the past week.

today, i was doing a full reformatting. as i was downloading microsoft updates,zone alarmbasic,and norton antivius updating/scanning,...all at the same time,the norton AV found a virus,i quickly took the option to delete the file to rid the virus.

the name of the virus?,i missed the name as i took the option to delete the file asap. i do recall a message about the possible of harm was unlikely.
the norton's Antivirus program's log says this:
the file c:windows\java\classes\xmldso.cab was affected by the virus. the file was deleted.
can anyone provide any infor? i have rescanned and everything is ok. also,where could i have picked up the virus? understanding emails is a likely place,i never use outlook and never open email attachments. actually ,i opened one last week,but did a virus scan immedaitely afterwards. could it be from microsoft downloading or zone alarm downloading?
thanks.
ps during the past 24 hours,i did notice my computer was automatically rebooting after i was attemping to open up multiple windows at the same time. occurred about 10 times and in part the reason i did a reformat to clear up anything if anything.
 

A:Found a Virus during reformatting

hav a look here http://service4.symantec.com/SUPPOR...b203b7afdf93d85b88256a85007ca58f?OpenDocument
 

1 more replies
Answer Match 52.5%

Hello, hoping to get some help the internet explorer will not let me open the internet options it opens for a second and disappears on its own.
computer running slow and found infections.Thank you for your help in advance.
 
Here is the hijackthis log as follows.
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:22:32 PM, on 12/14/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\cron\cron.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neat\exec\NeatStartupService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.e... Read more

A:HijackThis Log: Please Help slow computer found infections

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completi... Read more

4 more replies
Answer Match 52.5%

hello i have seen a lot of people having problems with this but nothing specific to what is happening to us. everything was working perfectly and after reformatting our Inspiron 1545 laptop with vista 32bit it shows no network adapter or ethernet adapter and can not connect to the internet. when we go into device manager it shows the network adapters under hidden. we have been reformated clean twice now and both times the same thing. before we reformatted they were working perfectly. if anyone has any information we would greatly appreciate it. thank you for your time
jonathan and mandi

A:No Network Adapter found after reformatting

Hello Jon and Mandi, and welcome to Vista Forums.

Did you install your ethernet network adapter's driver for Vista 32-bit and your specific laptop model number?

Drivers & Downloads

Hope this helps,
Shawn

9 more replies
Answer Match 48.3%

So I searched the forums but coulnd't find a case specifically like mine because it's an HP and I have an additional question regarding it.

I have an HP Pavilion dv9000 with Windows Vista and an AMD Turion 64 processor.

I don't have a problem with Vista, but I do have a few viruses on this PC and I'd prefer to clean it out completely anyways.

I've been wanting to install Windows 7 for a while, and I figured this was the opportunity. I've downloaded the RC on my tower PC and burned it to a DVD.

My questions are as follows:

- I've read on here that through drive options, I can reformat the hard drive through the Windows 7 CD (Drive options). I've noticed that there's an "HP RECOVERY" partition on the hard drive. I've also read how I can get rid of it through the Recovery Mananger.
Can I safely get rid of the HP Recovery partition or should I keep it there, even though I'm going to Windows 7 and my computer has viruses?

- If I get rid of it, I assume it will consolidate both drives into one... Is it safe to reformat the computer with the Windows 7 RC CD (keeping in mind I can't find my Vista CD)?

I think that's everything...
Thanks for any help. This forum is a great resource.
 

A:Reformatting Windows Vista because of viruses, going with Windows 7 (HP laptop)

14 more replies
Answer Match 47.88%

Hello. I have Vista Home Premium. Two days ago, my CPU started running hot. In processes I see that explorer.exe is running anywhere from 30% to as much as 60%. svchost is alos running high. My memory is pretty much maxed out. My cpu meter will hit 100% consistently.Before posting here, I did some checking and found a lot of posts on this but no consistency in the causes. I ran HijackThis and found "runit_32", "runitu_32", and a text file with nothing in it in a folder called 'runit' in my programs. All info I could find said get rid of it. I ran Avast and SPybot and turned up nothing. I ran Trend's Housecall and turned up SPYWARE_KEYL_KGBKEYLOG. I let Trend dispose of that. I ran everything again and found nothing. I uninstalled AVAST and installed Comodo. It found nothing. I uninstalled all my Apple software except the actual iTunes and Quicktime programs. I still have the same problem. I have disabled almost everything I could in STart-up and still have the problem.In addiiton, I tried to do a system restore and it won't work. It keeps telling me it's unseccessful and to try again. I also cannot seem to change anything to do with my user account except my picture. (I am the Admin)Here is my most recent HijackThis Log. ANy help would be greatly appreciated. I hope I posted this in the right place.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:35:12 PM, on 9/25/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6... Read more

A:CPU at 53% - Found two viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 47.88%

my avg antivirus/antispyware found these files in a routine scan:
c:\SDFix\apps\legacy.txt
backdoor.hupigon
c:\SDFix\apps\svc.txt
backdoor.hupigon
c:\SDFix-troubleshooter\apps\legacy.txt
backdoor.hupigon
c:\SDFix-troubleshooter\apps\svc.txt
backdoor.hupigon

i thought i was smart to put the first one in the virus vault but i don't know if i should have. please help. how do i properly get theses files off of my computer?

attached are the screenshots of the scan results
 

A:Viruses Found

is there a particular reason why no one is helping me with this problem?
 

2 more replies
Answer Match 47.88%

My computer is a wreck. IT freezes and crashes, it takes forever to do anything. Also, weirdly sounds can be really distorted and ratchety sounding sometimes. (Amongst other general problems) here is a kaspersky log that found 3 viruses.

KASPERSKY ONLINE SCANNER REPORT
Saturday, November 04, 2006 11:32:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/11/2006
Kaspersky Anti-Virus database records: 238200
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 63170
Number of viruses found 3
Number of infected objects 31 / 0
Number of suspicious objects 0
Duration of the scan process 07:29:51

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped

C:\Documents and Settings\Al... Read more

A:Help! Viruses Found!

11 more replies
Answer Match 47.88%

my avg antivirus/antispyware found these files in a routine scan:
c:\SDFix\apps\legacy.txt
backdoor.hupigon
c:\SDFix\apps\svc.txt
backdoor.hupigon
c:\SDFix-troubleshooter\apps\legacy.txt
backdoor.hupigon
c:\SDFix-troubleshooter\apps\svc.txt
backdoor.hupigon

i thought i was smart to put the first one in the virus vault but i don't know if i should have. please help. how do i properly get theses files off of my computer?

attached are the screenshots of the scan results
 

A:Viruses Found - Please Help!

7 more replies
Answer Match 47.88%

Hi

thanks for the advice. I have now been able to clear my computer of the KLEZ virus.

I scanned my computer again after clearing the first virus and was absolutely dumbfounded to discover I have three othe viruses on my system:

W97-TITCH.A

TROJ-DIALER.B

JS-EXCEPTION.GEN

the anti virus software again has told me that it has been unable to delete or clean these viruses.

I'd been grateful again if you could give me some extra tips about how to get rid of these ones.

Thanks.

Cubbycuddly
 

A:Found more viruses!

Please continue in the original thread:

http://forums.techguy.org/t93695/s.html
 

1 more replies
Answer Match 47.88%

I have been trying for months to get rid of all of the viruses i downloaded trying to get a player to waych the world cup. I have tried many online dectors and fixes but nothing seems to find and remove them. any help wouodl be great
 

More replies
Answer Match 47.88%

Every time I have turned my computer on (Windows XP with SP2) Norton Antivirus has detected a few viruses and threats, and shown the following statuses:

August 20th:
wjqs.exe made 2 modifications to your Windows Startup Settings (DETECTED)
emjbmbdn.exe modified your Program Startup Settings (DETECTED)
Auto-Protect has detected Trojan.Bluson (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)
Auto-Protect has detected Trojan.Blusod (BLOCKED)
Auto-Protect has detected Trojan.Blusod (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)
Auto-Protect has detected Trojan.Blusod (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)
Auto-Protect has detected Trojan.Bluson (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)

August 21st:
Auto-Protect has detected Joke.Blusod (BLOCKED)
Auto-Protect has detected Trojan.Bluson (BLOCKED)
Auto-Protect has detected Joke.Blusod (BLOCKED)
hpwucli.exe made 132 modifications to your computer (DETECTED)
SecurityRisk.URlRedir detected by Virus Scanner (REMOVED)
Sample Submission: Bloodhound.SONAR.1 (SUBMITTED)
Trojan.Blusod detected by Virus Scanner (REMOVED)

August 22nd:
Hacktool.Proxy detected by Auto-Protect (REMOVED)
Auto-Protect has detected Hacktool.Rootkit (BLOCKED)
.ttfc.tmp modified your Windows Startup Settings (DETECTED)
.ttFC was allowed to access your network resources (Allowed)
Joke.Blusod detected by Auto-Protect (REMOVED)
Auto-Protect has detected Trojan.Adclick... Read more

A:Several Viruses Found

2 further threats found by Kaspersky scan (now 95% complete) - in total 22 infected objects:

Trojan.Win32.Monder.gen
Trojan-Dropper.Win32.Agent.vur
 

1 more replies
Answer Match 47.88%

hi again,

i have a problem, for the last week i have had a/some viruses, (180 im told) i have run microsoft secrurity essentials and spybot a number of times (also rolled back the computer) and tried running both of them in safe mode, but it is still showing,

i am unable to update microsoft or mse, i get error 080072efe and have tried running microsoft fixit, but that hasnt worked

please help i have attached a copy of the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:36, on 19/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.e... Read more

More replies
Answer Match 47.88%

These are the 3 have found

downloader.istbar.ie
downloader.istbar.ie
i worm sober cf
 

A:3 Viruses Found

What scanner found them and what location?

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 47.88%

I did a McAfee system scan on my computer and it found 17 viruses. McAfee would not let me delete most of them, so I quarantined them. I followed all of the steps of the HJT log instructions, did another system scan, and it did not find any viruses. However, I want to be sure that I don't have anything else on my computer.

I use spybot and AdAware SE as well as McAfee, and I mostly stay away from sites that give me a lot of popups and I don't often get them, either. Do you have any other recommendations to keep my computer clean? Thank you so much for your time, I appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 8:57:19 AM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Pr... Read more

A:17 Viruses Found--or not? HJT Log

Your HJT log appears to be clean. To be sure nothing is lurking, please run the following online scan:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

3 more replies
Answer Match 47.88%

I ran Housecall and found the following viruses:

TROJ AGENT.EG C:\_RESTORE\TEMP\A0108567.CPY
TROJ AGENT.CA C:\_RESTORE\ARCHIVE\FS72.CAB *A0090370.CPY*
TROJ ALCHEMIC.A C:\_RESTORE\ARCHIVE\FS72.CAB *A0090377.CPY*
TROJ DYFUCA.M C:\_RESTORE\ARCHIVE\FS72.CAB *A0090386.CPY*
TROJ DYFUCA.M C:\_RESTORE\ARCHIVE\FS89.CAB *A0102539.CPY*

My system is clean according to AdAwareSE and SpybotSD except for DSOexploit that Spybot cannot remove.

Here is my HijackThis log file:

Logfile of HijackThis v1.98.2
Scan saved at 10:53:29 PM, on 9/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\POWERPANEL\BAYSWAP\BAYSWAP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\SONY\JOG DIAL UTILITY\JOGSERV2.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\PROGRAM FILES\COMMON FILES\XCPCSYNC\TRANSLATORS\ERPHN2\ERTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEX... Read more

A:5 viruses found please help

they are all in system restore
turn sytem restore off and then back on again
then reboot to create a fresh restore point

1 more replies
Answer Match 47.88%

Hi, I have downloader.MScache and Bloodhound.Packed on my computer NAV wont get rid of them it says it cant access the file or delete it... my running processes are
Logfile of HijackThis v1.98.0
Scan saved at 10:04:23 AM, on 7/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Anthony\Desktop\Tony Sammarco\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main... Read more

A:Viruses found

6 more replies
Answer Match 47.88%

Help... I just don't know what to do anymore... I was able to fix my pc up properly in the past... but my pc got hit by a virus I am not familiar about... I ran SUPERAntiSpyware and found some nasty viruses i'm not familiar of(Attached is logs for SUPERAntiSpyware) and... well, here I am.. I though it was anothe bar311 threat... but I was kinda wrong...and for some reason, I don't have safe mode, or any versions of safemode... I tried fixing the safe mode registry but to no avail... when I start safe mode, it just restarts the pc...DDS (Ver_09-12-01.01) - NTFSx86
Run by MarkVincent at 18:23:28.78 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1281 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:�... Read more

A:Help... Viruses I found is new to me

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

5 more replies
Answer Match 47.88%

I had some help last month with about 4/5 viruses, spyware, adware and gay porn randomly popping up on my desktop.

Here is the link to my resolved thread;
http://www.techsupportforum.com/secu...nfections.html

The last few days my AVG has started picking up 2 trojan viruses in the PC health centre... My start up is running really slow and my comp freezes quite a lot as well.

I tried to do a root kit scanner, but it blue screened my comp and restarted it. And when I done a Rsit scan all I got was a log.txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Viki at 2008-10-28 21:10:18
Microsoft? Windows Vista? Home Premium Service Pack 1
System drive C: has 38 GB (26%) free of 146 GB
Total RAM: 1014 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:27, on 28/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxp... Read more

More replies
Answer Match 47.88%

please help these are the 4 viruses
bkdr beastdoor.l x3
peper.a

Logfile of HijackThis v1.97.3
Scan saved at 9:27:05 PM, on 10/29/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\HP\KBD\KBD.EXE
C:\windows\redirect4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\Spy734V2.exe
C:\WINDOWS\System32\Wryu.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-... Read more

A:4 viruses found

13 more replies
Answer Match 47.88%

So i just found 2 viruses in my appdata/roaming folder GRRRR it was a RAT i assume, PS MSE did not and had not found them, who knows how long they had been embedded there, i found them manually looking for something else. Anyhow I also found Wuup.exe in that folder which i cant find much on. Is this an essential file for windows?

Here is its scan, looks bad!


AhnLab-V3 2011.05.20.01 2011.05.20 -
AntiVir 7.11.8.81 2011.05.20 -
Antiy-AVL 2.0.3.7 2011.05.20 -
Avast 4.8.1351.0 2011.05.20 -
Avast5 5.0.677.0 2011.05.20 -
AVG 10.0.0.1190 2011.05.20 -
BitDefender 7.2 2011.05.20 -
CAT-QuickHeal 11.00 2011.05.20 (Suspicious) - DNAScan
ClamAV 0.97.0.0 2011.05.20 -
Commtouch 5.3.2.6 2011.05.20 -
Comodo 8769 2011.05.20 -
DrWeb 5.0.2.03300 2011.05.20 -
Emsisoft 5.1.0.5 2011.05.20 -
eSafe 7.0.17.0 2011.05.19 -
eTrust-Vet 36.1.8338 2011.05.20 -
F-Prot 4.6.2.117 2011.05.20 -
F-Secure 9.0.16440.0 2011.05.20 -
Fortinet 4.2.257.0 2011.05.20 W32/Injector.FWQ!tr
GData 22 2011.05.20 -
Ikarus T3.1.1.104.0 2011.05.20 -
Jiangmin 13.0.900 2011.05.20 -
K7AntiVirus 9.103.4684 2011.05.19 -
Kaspersky 9.0.0.837 2011.05.20 -
McAfee 5.400.0.1158 2011.05.20 -
McAfee-GW-Edition 2010.1D 2011.05.20 Heuristic.BehavesLike.Win32.Downloader.D
Microsoft 1.6903 2011.05.20 -
NOD32 6138 2011.05.20 a variant of Win32/Injector.GLI
Norman 6.07.07 2011.05.20 -
nProtect 2011-05-20.01 2011.05.20 -
Panda 10.0.3.5 2011.05.20 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.20 -
Rising 2... Read more

A:Just found 2 viruses

just to update, that scan is from virustotal.com but both MSE and AVG have skipped right passedthe file? any thoughts?

5 more replies
Answer Match 47.04%

I have just noticed recently that various programs are not responding like they should. I use Firefox 99% of the time, but there are a few sites that you need to use IE to access. When I tried to start it, I would click on the icon and nothing would happen, I could click on it forever and nothing would start. I tried to download and re-installed it because I thought I may have done something and it got corrupted, but it still didn't seem like something was right.

Last night I ran a virus scan and it came back saying I had 10 infections and only one was cleaned. I have CA Anti-Virus.

I ran Hijackthis here is the log.....please help....Thanks..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:00 PM, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1... Read more

More replies
Answer Match 47.04%

Hello, I'm having problems with my computer: it is slow and google was redirecting to the wrong links. Every day, my AVG finds and deletes between 2-6 viruses after it performs it's scan (it seems to run okay after the scan but this goes on every day). Here is the latest AVG scan results:

"C:\WINDOWS\system32\csrss.exe (1288):\memory_00270000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\WINDOWS\system32\csrss.exe (1288)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe (200):\memory_00250000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe (200)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
"C:\dell\E-Center\EULALauncher.exe (184):\memory_00250000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\dell\E-Center\EULALauncher.exe (184)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
MBAM did not find any malware on the computer.

Here is the hijackthis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:55 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS... Read more

More replies
Answer Match 47.04%

Hi,

I tried to install a program using its exe file, the program - Daemon Tools 4.10, would install up to a certain bit then ask to restart repeatedly. I found that my computer wouldn't restart properly, and on times it does it takes a very long time to boot up.

I ran a virus scan on virustotal.com - below is the pasted results:

Antivirus Version Last Update Result
AhnLab-V3 2010.09.13.00 2010.09.13 -
AntiVir 8.2.4.50 2010.09.13 -
Antiy-AVL 2.0.3.7 2010.09.13 -
Authentium 5.2.0.5 2010.09.13 -
Avast 4.8.1351.0 2010.09.13 -
Avast5 5.0.594.0 2010.09.13 Win32:Adware-HT
AVG 9.0.0.851 2010.09.13 -
BitDefender 7.2 2010.09.13 -
CAT-QuickHeal 11.00 2010.09.13 -
ClamAV 0.96.2.0-git 2010.09.13 -
Comodo 6065 2010.09.13 -
DrWeb 5.0.2.03300 2010.09.13 -
Emsisoft 5.0.0.37 2010.09.13 Riskware.AdTool.Win32.WhenU.u!A2
eSafe 7.0.17.0 2010.09.12 -
eTrust-Vet 36.1.7852 2010.09.13 -
F-Prot 4.6.1.107 2010.09.13 -
F-Secure 9.0.15370.0 2010.09.13 -
Fortinet 4.1.143.0 2010.09.13 Misc/WhenU
GData 21 2010.09.13 -
Ikarus T3.1.1.88.0 2010.09.13 -
Jiangmin 13.0.900 2010.09.13 -
K7AntiVirus 9.63.2496 2010.09.11 -
Kaspersky 7.0.0.125 2010.09.13 not-a-virus:WebToolbar.Win32.WhenU.u
McAfee 5.400.0.1158 2010.09.13 -
McAfee-GW-Edition 2010.1B 2010.09.13 -
Microsoft 1.6103 2010.09.12 -
NOD32 5446 2010.09.13 -
Norman 6.06.06 2010.09.13 -
nProtect 2010-09-13.02 2010.09.13 -
Panda 10.0.2.7 2010.09.12 Suspicious file
PCTools 7.0.3.5 2010.09.13 -
Prevx 3.0 2010.09.13 High Risk Worm
Rising 22.65.00.03 2010.09.1... Read more

A:Found viruses on a file I ran, what to do next?

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:56, on 13/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Expl... Read more

3 more replies
Answer Match 47.04%

My browser was "highjacked" today. Its back up and running now. I did the LiveOneCare scan from Microsoft and it found two viruses it cannot clean. Trojan:Win32/Anomaly.gen!A and Trojan:Win32/Goldun.gen!dll.
The instructios on the Live Safety site say that when a virus can't be cleaned, type it in the virus encyclopedia. I do this and nothing happens. What do I do? Anyone help me?

A:Viruses Found But Can't Clean It

Run these online virus scanners:BitDefenderTrendmicro HousecallAlso this online Trojan scanner:TrojanScanIf that doesn't help rid you of the problem, then:Read How to post a HijackThis Log. Please read, and follow, all directions carefully!!!Then, run a log, and post it in the HijackThis forum, >at this link<. Do not, post it in this topic.Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.Also, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

1 more replies
Answer Match 47.04%

Hello, I'm new and fairly computer-stupid. :)

The other day, I was searching for something on Google (I use Chrome) and accidentally clicked on the wrong result, which took me to a page that didn't load and gave me a notice from Chrome that said my computer was infected. I don't have a specific Removal Program on my computer, besides a free version of Avast and SpyBot, and neither program detected anything, so I thought nothing of it really.

But then the next day, every time I went to close Chrome, and shut down my computer (Vista), it told me that there were downloads still in progress. I wasn't downloading anything. That happened every time. So I downloaded the trial scan of Webroot Spy Sweeper, and it picked up only Spy cookies, which I deleted. I'm still having this problem, and it's getting worse. The free version of Webroot Desktop Firewall that I have is blocking abnormal amounts of things, and when I'm out of Safe Mode, everything crashes or just won't respond.

As I said, I'm computer stupid. I have no idea what to do, and my parents have threatened to take away my computer if I get it infected. I'm lame. Would anyone care to help?

EDIT: I also tried downloading the free scan of Webroot SpySweeper with Antivirus, but it said the download files were corrupted and aborted the installation. I'm also beginning to get pop-ups.

A:Possible Viruses That Aren't Being Found

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 47.04%

Hey guys i havent done a spyware/virus check in a while and today i ran my free antivir edition and it found like 7 problems,4 virus/3 spyware,also i found viewpoint media player in my add/remove list so i removed it, here are the hjt report,and antivir report.
I have deleted all the files and backedup on quarantine in case you needed to know


Starting the file scan:

Begin scan in 'C:\' <Local Disk>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP483\A0055595.exe
[0] Archive type: ZIP SFX (self extracting)
--> resource.0000.pkg
[1] Archive type: ZIP
--> RPCInstall_US.dll
[DETECTION] Contains suspicious code HEUR/Malware
--> RPCInstall_INTL.dll
[DETECTION] Contains suspicious code HEUR/Malware
--> blinksetup.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.aqr.1
--> Freeze-SmartShopper_Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
--> osfreez118.exe
[DETECTION] Contains detection pattern of the dropper DR/OneStep.A
--> PCCInstall_US.dll
[DETECTION] Contains suspicious code HEUR/Malware
--> PCCInstall_INTL.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] A backup was created as '4785c80a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern o... Read more

A:Viruses/Spyware found

is it looking ok ??
 

1 more replies
Answer Match 47.04%

avast! has found viruses the past 4 days
My XP Home PC has been clean for years
On Feb. 10, 11, and 12 the file name was "IEDFix.C.exe"
Today it was "A0378822.exe"
All 4 days the virus name was "Win32:Adware-gen[Adw]"
They are currently in the avast! Virus Chest
In addition, two viruses were detected that were too large for the Chest.
One was yesterday and one today
I deleted them and they are system files of 588,752KB each
They are currently in the Recycle Bin
Thanks for your help.
 

More replies
Answer Match 47.04%

Please help me identify any problems with this issue. I am wondering if it is AVG or if it is all the other antivirus programs not finding this issue. It has just found eight infections and all are associated with JAVA. Here is the log from HJT:Logfile of HijackThis v1.99.1Scan saved at 10:18:04 AM, on 10/9/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\PROGRA... Read more

A:JAVA viruses found by AVG

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by RoadrunnerR3 - Default URLSearchHook is missingReboot your computer and post a new log and tell me if your better.

1 more replies
Answer Match 47.04%

Please help me with the viruses that have infected my computer. Unfortunately, I have tried a few processes to resolve (with mild success), which are listed below.Programs/processes that anti-malware found:trojan.agent, trojan.bho, trojan.vundo, spyware agent.h, backdoor.bot, heuristics.reserved.wor.exploit, fake alert, backdoor.prorat, trojan.downlaoder, hijack.folderoptions, hijack.display.Symptoms: System restore does not seem to function, haven't figured out if its possible to boot in safe mode, internet does not work, background says pc is infected and cannot be changed, etc.So far, I have tried the following: Disabled wireless adapter, Anti-malware (which claimed to have removed the above list) and adaware. I tried to follow the wikihow article to remove vundo, but the vundofix program did not detect anything as it may have been removed by anti-malware. Currently, the computer is much slower than it was 3 days ago (prior to virus), and the internet still doesn't work. There may be other problems as well. Also, I cannot run sfc /scannow from the start/run menu.Thanks in advance for your help.This is not meant to bump my thread as I just posted it, I just want to attach the latest hijackthis report as I have one available.I await instruction. Thanks.Merged posts. ~ OB

A:Vundo and Other Viruses Found-Need Help

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

19 more replies
Answer Match 47.04%

I'm using a PC running MS XP OS.

Kaspersky found several viruses but doesn't have an option for deleting them.

How do I get rid of these?

-bob

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 31, 2005 11:07:22
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 31/12/2005
Kaspersky Anti-Virus database records: 158209
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 80279
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 4884 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Bob Sacco\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda3ff-6e5ccaa0.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\Bob Sacco\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-650ff2dc.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Bob Sacco\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-650ff2dc.zip/Counter.class Infec... Read more

A:Kaspersky found several viruses...now what??

Java Cache

# Click Start | Settings | Control Panel
# Click the Java Plugin Icon
# Click the Cache tab
# Click the Clear button and click OK to confirm
# Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

or

Control Panel > Java > General tab
Temporary Internet Files > Delete Files
Checkmark all 3 options and click OK

Empty the recycle bin
 

1 more replies
Answer Match 47.04%

Hi, and thanks in advance for any help. My computer runs on Windows XP. I was recently locked out of my computer because of a suspected virus. In the past, I logged on by clicking a user without having to enter a password. However, it had recently shown a new user ID that I did not create (SQLDebugger, which appears to be associated with SQL Server 2000 Service Pack 3), while no longer showing my old one, and it was asking for a password which I obviously did not know. I tried restarting in safe mode, but it still asksed me to log in with that user ID or as an admin. I don't recall my admin password so I could not get in that way either. I was at a complete standstill.

After some research, I managed to get into my computer by running Kon-Boot. (Two other programs did not - PC Login Now and Ophcrack XP Live.) It seems that my old user identity was erased or perhaps taken over by sqldebugger. I created a new account and found some of my old records on the C drive, although it seems that perhaps all my old emails are gone (as are my email accounts I ran through Outlook Express). Hopefully there is a way to restore these, though I am doubtful.

When I first got on, I ran Spybot and found some relatively minor issue. But then I ran Malwarebyte's Anti-Malware and found 4 trojans + another item. I fixed them through the program, but I suppose you can confirm later if they are really gone. The identified issues from this are posted below:

Files Detected: 5
C:\WINDOWS\Offline ... Read more

A:Viruses found - help needed

Hi,

Please do the following:

Please download TDSSKiller.zipExtract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start ScanIf Malicious objects are found then ensure Cure is selected
If TDLFS File System is found then ensure Delete is selected
Then click Continue > Reboot now

Copy and paste the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem ... Read more

2 more replies
Answer Match 47.04%

I'm posting my sound and virus issue together as I'm not sure if they are related or not. Please advise if I should post sound question in another forum.

My no sound problem seemed to develop shortly after I began to use RealPlayer last week to watch some live feeds. Up until that time I still had system sounds, could use Windows Media Player and could watch vidoes without problem. My first steps to resolve this included checking my speakers, volume controls, running Windows sound tests and checking the device manager, where no yellow or red alerts appear. All devices say they are working properly. I also did a system restore to several days before I began using the RealPlayer but it did not resolve the problem. While attempting to fix the problem on my own I may have reinstalled the wrong CreativeBlaster drivers (out of ignorance), but I'm not sure. I have a CreativeBlaster Audio PCI 128D sound card.

While seeking information on the internet for the sound problem I came across this website and read some threads instructing people to run various adware and virus programs and I ran my own AVG program and discovered that I had a virus (Trojan.Classloader.g). Subsequent tests using software recommended by this site have unearthed a few other problems.

I've completed all of the diagnostics in Steps 1-5. The results are below and in an attachment as requested. I may have programs which are redundant on my machine and am open to serious housecleaning if you feel there a... Read more

A:No sound and viruses found

- bump -

3 more replies
Answer Match 47.04%

Firefox was running slow. I upgraded to the newest versions but it seemed to get even worse. When I scanned with Avira Antivir it found 2 viruses. I also went back to the old Firefox version.

The viruses were:
EXP/CVE-2010-0842.0 exploit
EXP/Midesq.A exploit

They are in quarantine.

Should I do anything further? We are running Windows XP. We also run SuperAntispyware daily. It seems like Firefox is running ok now.

Thanks.

A:antivir found 2 viruses

Hello, thiu is a detection for Java malware that exploits a vulnerability in the Java Runtime Environment (JRE).Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any pro... Read more

10 more replies
Answer Match 47.04%

I had norton pop up three times with some viruses. It said that it deleted two of them and one was unfixable. I ran adware and spybot and deleted the temp internet files. Hopefully that got rid of it. Here is a copy of my highjack this log. Hopefully everything looks good. Thank you

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Microso... Read more

A:Norton found some viruses

10 more replies
Answer Match 47.04%

Well, I've been steadily working on this for 3 days now and am finally ready for some technical assistance. I have a super reliable Dell XPS with 2 hard drives and an active Norton Anti-Virus. The system began slowing a few months ago, then green underlined words were seen in IE and FF which linked to advertisements, then about a week ago my administrator user could not access the internet but the guest user which has restrictions can. Just recently porn pictures have begun popping up. Also recently, a blue screen will appear right after I turn the comptuer on - it reads there is a problem with recently installed hardware or software. It appears to run some diagnostic tests and after several minutes Windows will appear. These are the following steps I have taken before seeking help from you guys: - Run Disk Clean up Disk Defrag - Installed Stopzilla - which seemed to slow the computer down and porn pics started appearing - Uninstalled Stopzilla - 2 weeks after install - Installed and ran HiJackthis (saved log file) - Ran Winsockxpfix - Installed and ran Malwarebytes (saved log file) - Installed and Ran all the items in the bleepingcomputer.com Prep for Malware Removal Guide which include: - DDS (created log files) - GMER - this crashed my computer which defaulted to a blue (dos looking) screenI think she just needs a really good cleaning and a trained eye to make sure all Viruses are removed. Hope you can help get my computer running again! Much thanks ... Read more

A:41 Viruses Found by Malwarebytes

Hello Marley2000Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

22 more replies
Answer Match 47.04%

ok my friend just did a scan and had 70 viruses found and most were cleaned except 2 which are n' html.redlof.a and w32.pinfi which are both found in temporary internet files and she cant open explorer any more so anyone know how to fix this?
 

A:2 Viruses Found On Win98

16 more replies
Answer Match 47.04%

Windows XP SP2
Today my Symantec Real Time Scan showed 31 notifications of
viruses like Backdoor.DSNX located in C:\WINDOWS\Temp
that it couldn't clean or quarantine... I tried to open that folder, but
couldn't find files with names like C:\WINDOWS\Temp\DWH9B.tmp
Should I worry? How to make sure that they're gone and there
won't be others like those?
Please let me know what to do to protect my PC. Thanks!
 

A:Viruses found (Backdoor, etc.) - Please help!

7 more replies
Answer Match 47.04%

After weeks of problems from something diabling my services I finally installed the full version of AVG AntiVirus and Firewall. Prior to that I had tried Symantec Endpoint, SpywareDoctor, Stopzilla (which usually finds any bad stuff), Malwarebytes, and Avast free version. None of these found any viruses that might have caused the problem.

This morning AVG found Win32/Heur, which is a dangerous self-replicating trojan that can do a lot of damage. It was too big a file to put in their vault or to delete because it was in a DVD freeware program that I had downloaded a couple of years ago and never installed. Also AVG couldn't clean it. I found the program and deleted it. When I ran a scan of the same Recycle area where the virus had been found, it was now clean.

My question is, could this have been the Trojan that has been disabling my services?

Thanks.
 

A:Finally found viruses

6 more replies
Answer Match 47.04%

I posted twice already but no replies

My computer is still infected im sure ,i did 2 boot scans in 2 days

Avast boot scan found a Trojan Downloader AQX Virus and PUPwin32 PuP-Gen the first boot scan

Now this morning once it was done with the second boot scan , It found a HTML:Iframe-inf Virus

I deleded em but i know its not done yet

My task manager is going crazy !

it knocked out all my Internet settings so now i can't get online unless im in safe mode (with networking)
Please help and Thank you

A:VIRUSES FOUND !! NEED HELP!!! INFECTED BAD

I have this under http://www.bleepingcomputer.com/forums/topic410232.html

3 more replies
Answer Match 47.04%

MalwareBytes found around 143 different viruses, on my bro's gf's computer
MalwareBytes log say that they were all quarantined successfully and recent scans indicate that the computer is clean
but when I try to use the internet, google chrome or ie8 cannot connect to the internet
I have successfully pinged all websites I was trying to access...(google.com, facebook.com, msn.com, yahoo.com)
Yet scans still indicate that the computer is clean
There is no anti virus software currently installed on the comp
also the os is windows xp
I have attached all MBAM logs of scans that I have run since I started working on the comp
I thank everybody who is willing to take the time to help me fix this problem

A:MBAM found 100+ viruses

https connections works on ie8 but not google chrome ex. https://www.google.com
http connections will not connect
I installed avast onto the comp and it found 24 viruses and quarantined them
that is all i have learned so far

9 more replies
Answer Match 47.04%

Hi

I have Windows XP Professional SP3. I have the free Avira version running at all times. I also have Malwarebytes which I run occasionally. My firewall is Comodo the free one. Note that lately I have been receiving via email many files from various people who I don't even know, as part of my job.

Today I was reading a Word document on my computer and noticed that some words, always the same ones, had been distorted - for example, all words "vegetable" would become veg.et.abl.e (something similar, can't remember exactly). This has been happening for a few days now, so I suspected it might be a virus.

I run MB quick scan, and it found "Trojan.Dropper.pws". I deleted it.

Then, I run a scan w/ Avira free. It found TR/Drop.Softomat.AN. I deleted it.

I run MB full scan. Let me copy the report here:

c:\program files\common files\Java\java update\jaureg.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\rainmeter\Addons\rainbrowser\rainbrowser.exe (Trojan.AutoIT.Gen) -> Quarantined and deleted successfully.
c:\program files\Java\jre1.6.0_20\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre1.6.0_22\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\javacpl.cpl (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\javacpl.exe (Tro... Read more

A:Found a few Trojan viruses, what to do now?

Hi tinperson,

Welcome to TSF.

I appreciate your effort posting the scan result. Thank you for that.

C:\System Volume Information is where Windows keeps old system restore points which means the infection is not active (unless you do a system restore).

------

If you require further assist to ensure there is no malware hidden, please follow the instruction here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

3 more replies
Answer Match 47.04%

Hi guys. I'm a complete noob when it comes to stuff like this, so if you tell me to do something, please explain how, even if it sounds easy to you :)

I'm using AVG Antivirus Free, the latest version, and it's picked up 3 viruses. These are:

Trojan horse Generic14.DNP
Trojan horse Crypt.FLA
Trojan Horse Downloader.Generic(rest of file name wont show)

They are all found in C:\Windows\System\Socks.exe

I'm trying to remove the virsuses through my antivirus program and it's saying 'Specified file was not found' for each trojan. Here's a log using HijackThis. Hopefully this can help you guys help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:32, on 28/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\Socks.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Users\Matt\Matt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.e... Read more

A:Viruses found but cannot be removed

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 47.04%

Hello:

I am hoping you can help me with some virus issues I have been dealing with. I've been hit with a few over the past few days, including the Security SHield one, and have removed them all, but I have two left that I can't get rid of.

I am running WIndows 7 and have McAfee installed. McAfee keeps turning off my Firewall, and won't let me turn it back. Whenever I run a scan it finds 2 viruses, which it has zeroaccess to - both in desktop.ini files. One at C:\\Windoes\assembly\GAC_64\Desktop.ini and the other at C:\\Windows\assembly\GAC_32\Desktop.ini

I have run several other malware programs, and after finding and fixing some other problems, they give me the all clear, but McAfee still finds two, and my computer is not running as it did.

I am pasting here the last scan report from ESET onlne scanner.

Any help you could provide would be appreciated.

Thanks in advance.

--Brian

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Wash\AppData\Local\Temp\jar_cache4950963387263414325.tmp a variant of Java/Exploit.Agent.NCU trojan
C:\Users\Wash\AppData\Local\Temp\jar_cache5363613364765386664.tmp a variant of Java/Exploit.Agent.NCU trojan
C:\Users\Wash\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
Operating memory multiple threa... Read more

A:2 Viruses Found, Can't Be Removed

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

20 more replies
Answer Match 47.04%

I wasworking on this computer a couple of weeks ago and Cookiegal helped me get it cleaned off.....here is the thread http://forums.techguy.org/t398103.html

Now, I stopped by today for a visit and PC Illin was up and listed the following problems found....I think friend hasn't had it running the last 2 weeks and that has caused the problems:

TROJ_AEE.A
JAVA_BYTEVER.K
JAVA_BYTEVER.A-1
TROJ_LOWZONES.DV
JAVA_BYTEVER.A

Here is HJT Log....Please help

Logfile of HijackThis v1.99.1
Scan saved at 11:21:20 AM, on 9/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\West Star\Spyware Doctor\swdoctor.exe
C:\PROGRA~1... Read more

A:More Viruses found/Please check HJ Log

Not much showing in the log:

Please download ewido security suite (free), and instal it.
When installing, under Additional Options uncheck both Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
On the left-hand side of the main screen click the Update button.
Click on Start. The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido. Do NOT run it yet.

(If you have problems updating, you can use this link to manually update Ewido.
Make sure that Ewido is closed when installing the update.)

DO NOT RUN IT YET!

---------------------------------------------------------------------------------

CleanUp!

*Download Cleanup from Here

A window will open and choose SAVE, then DESKTOP as the destination.
On your Desktop, click on Cleanup40.exe icon.
Then, click RUN and place a checkmark beside "I Agree"
Then click NEXT followed by START and OK.
A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
Click OK
DO NOT RUN IT YET!

---------------------------------------------------------------------------------

Once you have downloaded both progra... Read more

1 more replies
Answer Match 47.04%

Hello!

My computer has been acting up lately, so I ran WinRoot. When the free trial had scanned my system it came back with 4 virus files and several cookies here is the list:

Troj/daonol-fam
Troj/daonol-c
Mal/generic-a
Troj/byteveri-n

and


2o7.net cookie
Advertising cookie
Atwola cookie
Doubleclick cookie
Atlas dmt cookie
Adrevolver cookie
Trafficmp cookie
Realmedia cookie
Tribal fusion cookie
Yield manager cookie
Media plex cookie
Pointroll cookie
Bluestreak cookie
Questionmarket cookie
Zedo cookie
Tacoda cookie
Apmebf cookie
Redsheriff cookies


I ran ComboFix and this is my log--

ComboFix 09-06-23.01 - Kathryn C 06/24/2009 0:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1592 [GMT -5:00]
Running from: c:\documents and settings\Kathryn C\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-4080453537-3108792750-2752935030-500
c:\recycler\S-1-5-21-4080453537-3108792750-2752935030-500\desktop.ini
c:\recycler\S-1-5-21-4080453537-3108792750-2752935030-500\INFO2
c:\windows\kb913800.exe
c:\windows\wihi.cxo

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 02:38 . 2009-06-24 02:38 -------- d-----w- c:\program files\MSSOAP
2009-06-24 02:37 . 2009-06-24 02:37 -------- d-----w- c:\program files\Webroot
2009-06-24 02:... Read more

More replies
Answer Match 47.04%

I own a VPR Matrix Series 220 Model FT-2100PE, I am currently running Windows XP HOME SP3. I ran avast home from boot up and it found the following viruses present: Win32:Agent-QNI and Win32:Vupa [Cryp].
I selected to delete infected files automatically and am worried i deleted important Windows files. Here are the following files the were deleted: Windows\nvupaguhe.dll._eac_qt_
Windows\system32\dllcache\beep.sys._eac_qt_
Windows\system32\drivers\beep.sys._eac_qt_

Despite these files being removed the computer seems to function fine. I am using it to post this thread.

I greatly appreciate any help you can give me. Thank you.

A:Multiple Viruses found. Please help

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 47.04%

Hey to whoever reads this thread. It appears I have gotten 3 viruses and am having trouble getting rid of them. The symptoms seem to be a much slower computer. Also, Internet Explorer occassionally opens trying to go to an antispyware website. Also I have a yellow triangle in the bottom corner telling me security alerts and to Download antispyware.

Any help you guys can give me will be appreciated. I currently have Trend Micro PCcillin, Ad-Aware 2007, Spybot Search and Destroy, AVG antispyware 7.5, and Smitfraud Fix. The last 4 were downloaded after getting the virus and checking out other forums and advice.

The virus names are PSW.X-Vir, [email protected], and [email protected]

Here's the most recent hi jack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:32 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device... Read more

A:3 Viruses/Trojans found. Please Help

7 more replies
Answer Match 47.04%

Hello,

I need some advice. I ran AVG and Housecall and they indicated my computer was clean. I then ran Kaspersky Online Scanner and it indicates my computer is infected with 2 viruses.

I've posted below a HJT log and the first part of the Kaspersky Online Scanner Report (the entire report is several pages long), if the entire report is required, please let me know.

Thanks.
Claire


Logfile of HijackThis v1.99.1
Scan saved at 7:32:07 PM, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R... Read more

A:Solved: Viruses found

I am not allowed to help out in the security forum!
 

3 more replies
Answer Match 47.04%

Hello again,

I ran AVG Free on my computer recently and it found:

Java/ByteVerify located at these two locations:
Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-504134df-4b260bad.zip
Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-504134df-4b260bad.zip:\OP.class

and

Adware Generic2.ABZP at these two locations:
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.ex
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe:\$JF\PPCToolbar.dll

Steps taken...

1. Used "Javara for Java" update to remove old versions of Java and install new version
2. AVG quarantened all four above mentioned infections.

I am thinking I might be good but I wanted someone to look over my log and make sure. Thanks ahead of time...
DDS (Ver_09-06-26.01) - NTFSx86
Run by Katherine Zaech at 13:05:42.93 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.85 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Viruses and Spyware Found by AVG

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 47.04%

today i recieved a 2004 microsoft windows update cd through the post.

i installed it and after start up, just when the desktop loads i get 2 virus messages from AVG.

1.

C:\Windows\Application Data\Download Plus.exe

Trojan Horse Downloads.Lalus.A

2.

C:\Windows\Application Data\ICMWUETB.exe

Trojan Horse Downloads.Swizzer.A
 

A:2 Viruses Found After Startup

12 more replies
Answer Match 46.62%

Thanks to anyone who can offer some help or info, I ran the AVG Free scan and it came up with two viruses:
Backdoor.Ruledor.C
Downloader.Braidupdate.A

I can find info about the first one, and it just says that it's a non threatening spyware program, but I ran Spybot and couldnt' find anything like it said. And I can find no information at all about the second one. Thanks once again for any help.
 

A:viruses found using AVG Free Edition

Welcome to TSG.

Do this:
go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.
 

2 more replies
Answer Match 46.62%

My pc will not run video... it runs the first few seconds and then stops. It continues to download the file but will not play. It doesn't matter if it's a youtube video.. a yahoo video or a news video on cnn....nor does it matter if I use Mozilla... IE... or Google Chrome. I have uninstalled and reinstalled Adobe Flash Player. I have updated my virus protection for Avast and ran a scan and it found and removed 3 files infected with win32:Small-NEE. I have ran malware bytes 3 times and have removed over 100 malicious files linked to some seekmo weather program...which I have no idea how that got installed on my system to begin with. I have some intermittent connection issues as well where I'm experiencing short periods of limited connectivity... which may or may not be relevant.

I'm running windows vista....and for some reason Hijackthis will not give me the option to run as administrator when I right click the tab. Here's the log I get when I run it though. Please help!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:16 PM, on 7/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program... Read more

A:PC will not run video... viruses and trojans found

16 more replies
Answer Match 46.62%

Hey to whoever reads this thread. It appears I have gotten 3 viruses and am having trouble getting rid of them. The symptoms seem to be a much slower computer. Also, Internet Explorer occassionally opens trying to go to an antispyware website. Also I have a yellow triangle in the bottom corner telling me security alerts and to Download antispyware.

Any help you guys can give me will be appreciated. I currently have Trend Micro PCcillin, Ad-Aware 2007, Spybot Search and Destroy, AVG antispyware 7.5, and Smitfraud Fix. The last 4 were downloaded after getting the virus and checking out other forums and advice.

I have done a Clean of Smitfraud in safe mode and it didnt clean em up. I don't know much about viruses, but i have been viewing forums and advice, and was trying to clean it out myself.

The virus names are PSW.X-Vir, [email protected], and [email protected]

Here's the most recent hi jack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:32 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDO... Read more

A:3 Viruses Found, Slowing my comp

I just remembered some more interesting things happening recently that I think I should report. A Critical System Warning window appears in the middle of my screen. It's not exitable and it asks me if I want to download antispyware. I don't want to hit No because I don't want more problems.

Also 2 new things continue to be on my Desktop and I think the respawn when I StartUP. I delete them and they come back after startup. They are "Live Safety Center" and "Online Security Guide". Live Safety Center has the Blue Icon of the Windows Shield with an exclamation point. Online Security Guide has a Green Icon of the Windows Sheild with a check mark.
 

3 more replies
Answer Match 46.62%

I have read over the post on what to do before posting and have done all of it.

Background:
Over the past few weeks, I've been having problems with my computer not wanting to shut all the way down. It happens randomly. It will get all the way to the "Windows is Shutting Down..." log off screen, but would just stop processing while the HDD still ran quietly and kept the screen lit. I posted about this earlier here, http://www.techsupportforum.com/f10/question-about-a-startup-error-131784.html
Also, my computer seemed to refuse to go into Standby mode automatically, but would do so manually. And once done so manually would go into hibernation without a problem.

Here is my current problem:
I ran Avast AV last night and it picked up about 4 viruses/Trojans. I then looked up this tech support site and read the post on what to do, and ran the Symantec and BitDefender scans and picked up a couple more.

Here is a list of them:

Avast AV picked up-

- C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000026.exe

- C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000036.exe

- C:\WINDOWS\uneng.exe

- C:\Program Files\Internet Explorer\fkfa.exe

Symantec picked up-

- C:\WINDOWS\System\d2ka.exe

- C:\WINDOWS\Downloaded Program Files\okqqsdio.exe

- C:\Program Files\Internet Explorer\okqqsdio.exe

- C:\WINDOWS\Downloaded Program Files\vltxzmyo.exe

- C:\Program Files\Internet ... Read more

A:Several Trojans/Viruses Found [from Windows XP]

Logfile of HijackThis v1.99.1
Scan saved at 2:16:09 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\High Jack This\Hi... Read more

19 more replies
Answer Match 46.62%

Hi - I had posted this in the "Am I Infected Forum" but realized that I should have entered it heres.Sorry for the duplicate entry, I did add a post that I was posting here.klancast.********************************************************************************************I have been working on my daughters computer for a day or so now, her computer was freezing up and could not work for more that a minute without crashing.I started and saw that she had no anti-virus active, which surprised me. I started to try and run an anti-virus and/or an anti malware program but had troubles at first. I did get Malwarebytes Anti-Malware to run and it captured 337+ items. I then was able to get into safe mode and install and run Avira AntiVir PersonalEdition. I t found more items, but I could not update it until I was in normal mode. However, after that run I couldn't get into windows, at the welcome screen I was immediately logged off, was able to repair windows to get into XP Pro.I reran the Malwarebytes program and the Avira Anti-Virus and each time I found another 7-10 items.The computer once an a while freezes, though I can actually use it for a while. I finally found that there was a version of Symantec AV on the computer but it was last run/updated in December. I am not sure how or when the automatic start was turned off for Symantic but the service was set to Manual.I did run a HijackTHis and the log is attached. It shows some strange entries that might be some sort of ... Read more

A:Found Trojans/Viruses/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 46.62%

sorry, im really clueless when it comes to this kind of stuff ^^"

but, my computer has been crashing a lot lately and i've been getting pop-ups, although i wasn't using a browser so i did a scan with Kaspersky and it found 3 viruses and 4 infected objects.
and i believe this is the trogen name? "Trojan-Downloader.Win32.IstBar.gen" and "Trojan-Downloader.Java.OpenStream.w"

here is my HijackThis log.


_______________________


Logfile of HijackThis v1.99.1
Scan saved at 10:06:31 PM, on 26/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program... Read more

A:viruses and infected objects found.

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security SuiteInstall ewido security suite
Launch ewido, there should be ... Read more

9 more replies
Answer Match 46.62%

I have followed the 5 Step Process and I am now ready to post the HJT log file for analsys. The anti spyware and anti virus programs found many items, most notably:

TROJ_GENERIC
TROJ_DLOADER.DHU
BKDR_AGENT.E
ADWARE_EZULA
ADWARE_DYFUCA
ADWARE_WINTOOLS
ADWARE_IBIS.WEBSEARCH

After performing all 5 Steps and supposedly cleaning all of these, here is the HJT log, please let me know if you see anything else that is left over:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:41 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\FNTS~1\smss.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Progr... Read more

A:Multiple Trojans and Viruses Found

That's quite a mess you're cleaning up. This will take some time.

First, let's get some protection on your system.

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Please download and install this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:





Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.





Click the Scan button on the left, and then click Detected.





In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply, at the end of this fix.
Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

---------------------------------------------------------------------------------------------

Next, let's clean some junk.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop. We'll use this l... Read more

8 more replies
Answer Match 46.62%

This will not come as any great news to some; but, I have found how to remove viruses when the OS is so infected you cannot get Windows (NT, 2000, 2003, or XP running NTFS) to run well enough to run a virus scanner or even run Windows at all.

I have been using Bart's PE for quite some time to access NTFS for removing stubborn Adware/Spyware files manually when I knew the name and file path (location) of the files I wanted to delete. For some time now, Bart has furnished a way to incorporate additional programs into his little program; but, I never really tried to do any of that.

Tonight, I noticed he had added easy-step methods to incorporate AdAware and a version of McAfee Antivirus that is free to download. After some hour or two of fidgeting, I succeeded in getting McAfee incorporated into the Bart PE disk and successfully scanned for and removed 'umpteen' viruses from an NTFS disk.

Explaining exactly how I figured it out would take too much time and space so check out the link above. I will warn you, though, there is more involved than following simple on-screen click-throughs.
 

A:I found how to remove viruses on NTFS when OS will NOT run

When I touught about it today, I realized it shouldn't have been a surprise; but, this thing nailed a rootkit today without missing a beat.
 

1 more replies
Answer Match 46.62%

I have AVG Free, and have never had a problem with my computer. Unfortunately, a little while ago, AVG began detecting various things such as 'virus found LOP', Generic9 trojans; .dll files, etc. Primarily these were found in my temporary internet files, although they were also occasionally in my system32 folder. My computer shows few visible signs of being affected; two or three times it has shut down with an NT Authority/system message error and once a day or so it will connect to adaware or some other such site, insisting that my computer needs to be protected (not always the same one, though). I ran AVG in safemode, per the instructions of a friend, but it unfortunately did not fix the problem, so he suggested that I get a hijackthis log and see if anyone could suggest things to fix the computer.

Thanks so much in advance!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:12:48 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:... Read more

More replies
Answer Match 46.62%

Hi

I had a huge problem before but one of these guys help me out of it. NOW, I have one website that do not let me in. Tha pages I've made there open normally but getting into admin area I just get every time this message "504 Gateway Time-out - nginx"

NO malwares tell me Malware bytes. All other websites are OK. What a heck?
 

A:Have check viruses, malwares, nothing found but...

13 more replies
Answer Match 46.62%

Windows ME OS

Location C:\_RESTORE\Temp\A0037457.cpy.....to....A0072563.cpy

Across that range of files, there are 209 infected files with the following Virus Attributes:

PE_Magistr.B
Worm_Yaha.G
Worm_Hybris.D

I've used several virus scanning tools that successfully point these files out to me, but cannot clean/delete/quarantine because the "files are in use."

I've tried in Safe mode and normal...with no success. Please assist as this is one of several issues I'm dealing with in trying to clean this computer.

Thank you!

-Bob
 

A:Several Viruses found, but can't clean or delete...

8 more replies
Answer Match 46.62%

Hello,
I am new here. Looks like I'm in a good place to get some answers.
Yesterday my anti-virus programs started running every few minutes, I had to reboot my computer at least 20 times, but the problems found kept coming back.
According to SuperAntiSpyware these are the problems found:
1. Adware.Tracking Cookie
C:\Documents and Settings\Mariya\Cookies\[email protected][2].txt

2. Trojan.Dropper/Gen
C:\WINDOWS\Prefetch\~.EXE-3B3A448A.pf
C:\WINDOWS\SYSTEM32\~.exe

3. Trojan.Unclassified/Braviax
C:\WINDOWS\SYSTEM32\Braviax.exe

(*there was one more location in C:\WINDOWS\Prefetch, and the file was called: braviax.exe-0B81BC9.pf,
but I deleted it manually through the Start-->Run-->cmd ...)
(**However, when I look in system32 directory, the remaining braviax is not showing)

---------------------------------------

I have tried running ComboFix (at the advice of my friend) but was unable to, even with all the programs turned off.

I just keep getting 10-15 error messages: "Windows cannot access the specified device, path, file."

And then the last message is: "Cannot open file nircmd.cfxxe"

Also, I renamed ComboFix before downloading it to my Desktop, but the virus seems to be smarter.

-----------------------------------

So, I followed the advice in the forum dedicated to this instance (unable to run ComboFix)
and downloaded and ran ATF-Cleaner and Malware... Read more

A:Found Braviax.exe and some more viruses. How to clean?

Let's use Dr.WebBefore we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move... Read more

12 more replies
Answer Match 46.62%

Lately, I have noticed my computer is becoming a little slower than normal and also a little odd. Random freezes are one of the things that are occurring. Anyhow, I have decided to clean up my computer and I have done what I normally do in steps of security.I have updated both Windows and my programs. I have run a disk clean-up, defrag, and check. As well as CCleaner and ATF Cleaner. I used both AVG Anti-Virus and Kaspersky Web Scanner. I also used Ad Aware Free 2007, CWShredder, and Spybot S&D.I also scanned one of my external USB drives and found a virus on that and don't know how to remove it. All help is greatly appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:49 PM, on 3/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avga... Read more

A:Several Viruses Found By Kaspersky Web Scanner

I would like to request that this topic be closed.

2 more replies
Answer Match 46.62%

Hi, I just finished a scan with AVG Free. It said it found 3
viruses of the Java Byte Verify type. I clicked details and where it showed completed test, it showed the virus amount. I highlighted it and clicked remove. Did i only remove the test results, and if so, when i do another sacn and they show up again, how do i get rid of them with AVG Free.
chuck.
 

A:Solved: AVG FREE Found viruses, need some help.

9 more replies