Tech Problem Aggregator

Popups, Multiple unknown processes, Multiple viruses and malware found...

Q: Popups, Multiple unknown processes, Multiple viruses and malware found...

"Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-22 04:41:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-12-22 09:41:59 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-12-22 09:40:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:57 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.secondlife.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\That This.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [CreativeWeb] C:\DOCUME~1\Owner\APPLIC~1\LITEPL~1\Defy bias plus.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12954 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R1 atitray - c:\program files\radeon omega drivers\v3.8.360\ati tray tools\atitray.sys
R1 avfwot - c:\windows\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 AMDMSRIO - c:\docume~1\owner\locals~1\temp\safe to delete 3_0_4_8\amdmsrio.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 EMCFILT (Alcor Micro Corp for Emachine- 9361) - c:\windows\system32\drivers\emcfilt.sys <Not Verified; Alcor Micro Corp.; emcfilt>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 XDva062 - c:\windows\system32\xdva062.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirFirewallService (Avira Premium Security Suite Firewall) - "c:\program files\avira\avira premium security suite\avfwsvc.exe" <Not Verified; Avira GmbH; Firewall NT service>
R2 AntiVirMailService (Avira Premium Security Suite MailGuard) - "c:\program files\avira\avira premium security suite\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Mail Guard>
R2 AntiVirScheduler (Avira Premium Security Suite Scheduler) - "c:\program files\avira\avira premium security suite\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 antivirwebservice (Avira Premium Security Suite WebGuard) - "c:\program files\avira\avira premium security suite\avwebgrd.exe" <Not Verified; Avira GmbH; >
R2 AVEService (Avira Premium Security Suite MailGuard helper service) - "c:\program files\avira\avira premium security suite\avesvc.exe" <Not Verified; Avira GmbH; AVE Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-22 04:00:00 262 --ah----- C:\WINDOWS\Tasks\A0CF75839190E6FF.job
2007-12-15 16:35:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-22 and 2007-12-22 -----------------------------

2007-12-22 04:11:12 0 d-------- C:\ie-spyad_zo
2007-12-22 04:03:13 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-22 04:03:12 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 00:38:10 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda? Antivirus>
2007-12-22 00:35:54 8576 --a------ C:\WINDOWS\system32\drivers\vmqmecgwpatk.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-21 23:46:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-21 23:46:54 0 d-------- C:\WINDOWS\LastGood
2007-12-21 20:13:32 0 d-------- C:\Program Files\Trillian
2007-12-21 20:13:20 0 d-------- C:\Program Files\Trillian Pro 3.1.8
2007-12-21 18:56:34 0 d-------- C:\Program Files\MaxType LITE
2007-12-21 11:44:06 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-12-21 11:01:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Premium Security Suite
2007-12-21 08:51:48 63488 --a------ C:\WINDOWS\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>
2007-12-21 08:51:47 0 d-------- C:\Program Files\Avira
2007-12-21 04:44:18 0 d-------- C:\Program Files\VMware
2007-12-21 04:44:18 0 d-------- C:\Program Files\Common Files\VMware
2007-12-21 04:39:34 0 d-------- C:\Program Files\PowerISO
2007-12-21 01:25:42 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-12-20 16:23:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-20 15:34:07 2 --a------ C:\WINDOWS\system32\wtsisvsu.exe
2007-12-20 15:34:05 0 d-------- C:\Program Files\?dobe
2007-12-20 15:34:05 0 d-------- C:\Program Files\Outerinfo
2007-12-20 15:33:58 0 d-------- C:\WINDOWS\s?stem32
2007-12-20 15:29:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool
2007-12-20 15:29:34 0 d-------- C:\Program Files\lite plan bend
2007-12-20 15:29:33 0 d-------- C:\Documents and Settings\Owner\Application Data\lite plan bend
2007-12-20 15:28:50 0 d-------- C:\Documents and Settings\Owner\Application Data\WinTouch
2007-12-20 06:04:32 293888 --a------ C:\WINDOWS\b148.exe
2007-12-20 02:02:00 0 d-------- C:\Program Files\ffdshow
2007-12-19 19:52:22 274432 --a------ C:\WINDOWS\TLCUninstall.exe <Not Verified; Riverdeep Interactive Learning Limited; Launcher>
2007-12-19 19:52:22 0 d-------- C:\Program Files\Broderbund
2007-12-19 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2007-12-19 16:22:38 0 d-------- C:\Program Files\Windows Live
2007-12-18 23:08:07 0 d-------- C:\Documents and Settings\Owner\Application Data\VMware
2007-12-18 22:58:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2007-12-18 22:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2007-12-18 22:11:21 0 d-------- C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-12-18 21:46:26 0 d-------- C:\Program Files\ImgBurn
2007-12-17 19:19:33 0 dr-hs---- C:\BOOTWIZ
2007-12-17 19:19:33 22528 -r-hs---- C:\bootwiz.sys
2007-12-17 16:23:46 1082880 --a------ C:\WINDOWS\system32\AutoPartNt.exe <Not Verified; Acronis; Acronis Autopart>
2007-12-17 16:23:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2007-12-17 16:00:03 0 d-------- C:\Program Files\Knight Online
2007-12-17 15:38:12 99776 --a------ C:\WINDOWS\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
2007-12-17 15:38:05 0 d-------- C:\Program Files\Common Files\Acronis
2007-12-17 15:38:05 0 d-------- C:\Program Files\Acronis
2007-12-17 15:36:08 102400 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2007-12-16 19:04:21 0 d-------- C:\Documents and Settings\Owner\Application Data\ICQ
2007-12-16 04:39:55 0 d-------- C:\Program Files\DivX
2007-12-16 03:20:38 0 d-------- C:\Program Files\SecondLife
2007-12-16 03:05:50 0 d-------- C:\Program Files\Open Sim
2007-12-16 01:33:08 0 d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-16 01:33:07 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-16 01:26:28 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-12-16 01:25:30 0 d-------- C:\Program Files\Microsoft SDKs
2007-12-15 20:58:29 57344 --a------ C:\WINDOWS\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2007-12-15 20:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-15 20:47:33 0 d-------- C:\Program Files\NCH Swift Sound
2007-12-15 20:47:33 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2007-12-15 16:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 16:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Wings3D
2007-12-14 11:55:07 0 d-------- C:\Program Files\AC3Filter
2007-12-14 11:39:24 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-13 19:31:01 0 d-------- C:\Program Files\Frets on Fire
2007-12-13 18:21:17 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-12-13 16:12:09 0 d-------- C:\Program Files\Square Soft, Inc
2007-12-13 15:45:01 0 d-------- C:\Program Files\wings3d_0.98.36
2007-12-12 17:33:29 0 d-------- C:\Program Files\Easy Cleaner
2007-12-12 13:39:17 0 d-------- C:\Program Files\GLIntercept0_5
2007-12-11 17:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 17:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 17:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 17:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 17:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 17:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 17:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 16:10:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 19:38:55 0 d-------- C:\Program Files\OpenPlsInWMP
2007-12-09 17:57:15 0 d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2007-12-09 16:52:24 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-12-09 15:07:00 0 d-------- C:\Program Files\SopCast
2007-12-09 14:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-08 20:39:29 0 d-------- C:\Program Files\Bonjour
2007-12-08 20:22:15 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-08 20:14:07 0 d-------- C:\Program Files\Photoshop CS3 Extended
2007-12-08 17:58:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTyrant
2007-12-08 17:22:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2007-12-08 17:21:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-08 16:58:03 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-08 16:58:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-08 16:58:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-08 16:58:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-08 16:58:03 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-08 16:58:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-08 16:58:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-08 16:58:03 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-08 16:58:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-08 16:58:03 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-08 16:58:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-08 16:58:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-08 16:58:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-08 16:58:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-08 16:58:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-08 16:58:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-08 16:58:01 1916928 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-08 07:56:10 0 d-------- C:\Program Files\Lavasoft
2007-12-08 07:56:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-08 07:55:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 07:53:56 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-08 06:50:19 0 dr-h----- C:\$VAULT$.AVG
2007-12-08 06:35:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-07 06:16:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 18:16:43 0 d-------- C:\Program Files\Citrus Alarm Clock
2007-12-04 14:50:12 0 d-------- C:\Program Files\SHOUTcast
2007-12-04 09:47:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-04 09:41:58 3744 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-12-04 03:42:25 0 d-------- C:\Program Files\Common Files\Java
2007-12-04 03:41:52 666 --a------ C:\WINDOWS\mozver.dat
2007-12-03 06:54:01 0 d-------- C:\Program Files\QuickTime
2007-12-03 06:52:48 0 d-------- C:\Program Files\Apple Software Update
2007-12-03 06:52:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-02 14:32:20 0 d-------- C:\Program Files\MySQL
2007-12-02 09:49:45 0 d-------- C:\Program Files\Picasa2
2007-12-02 06:01:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-01 20:01:18 0 d-------- C:\Nexon
2007-12-01 12:44:10 0 d-------- C:\Program Files\VideoLAN
2007-12-01 10:32:58 0 d-------- C:\Documents and Settings\Owner\PsiData
2007-12-01 02:33:26 0 d-------- C:\Program Files\SecondLifeWindLight
2007-11-28 21:07:02 0 d-------- C:\Fraps
2007-11-28 13:40:40 28 --a------ C:\WINDOWS\system32\autoscan.dll
2007-11-27 12:07:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Flickr
2007-11-26 10:53:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 10:17:24 0 d-------- C:\WINDOWS\pss
2007-11-26 09:08:32 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-26 09:08:26 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2007-11-26 09:08:19 0 d-------- C:\WINDOWS\Sun
2007-11-26 04:19:08 0 d-------- C:\Program Files\epsxe
2007-11-25 17:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-25 15:05:00 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2007-11-25 14:53:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-11-25 14:51:13 0 d-------- C:\Program Files\FrostWire
2007-11-25 11:09:37 0 dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2007-11-25 01:15:22 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-24 08:43:52 0 d-------- C:\Documents and Settings\Owner\trebcache
2007-11-24 08:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
2007-11-24 08:38:57 0 d-------- C:\Program Files\Furcadia
2007-11-23 07:10:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue


-- Find3M Report ---------------------------------------------------------------

2007-12-22 03:42:52 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTyrant
2007-12-22 02:31:48 0 d-------- C:\Program Files\Google
2007-12-22 00:33:25 0 d-------- C:\Program Files\Digital Media Reader
2007-12-21 14:15:42 0 d-------- C:\Program Files\?dobe
2007-12-21 11:58:00 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-21 04:29:16 0 d-------- C:\Program Files\Common Files
2007-12-20 15:31:15 10 --a------ C:\Program Files\.autoreg
2007-12-19 16:27:59 0 d-------- C:\Program Files\Ahead
2007-12-17 16:09:15 0 d-------- C:\Program Files\Lavalys
2007-12-17 16:00:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-17 15:34:23 0 d-------- C:\Program Files\MSBuild
2007-12-16 03:55:00 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
2007-12-14 04:19:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-09 11:19:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-12-09 08:04:36 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2007-12-08 20:39:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-06 06:40:18 0 d-------- C:\Program Files\Yahoo!
2007-12-04 03:43:37 0 d-------- C:\Program Files\Java
2007-12-02 14:37:10 0 d-------- C:\Program Files\SpacialAudio
2007-12-02 11:02:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-11-25 11:27:14 0 d-------- C:\Program Files\CyberLink
2007-11-20 06:04:43 0 d-------- C:\Program Files\Reference Assemblies
2007-11-20 05:51:39 0 d-------- C:\Program Files\MSXML 6.0
2007-11-20 05:49:14 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-20 04:11:09 0 d-------- C:\Program Files\Flickr Uploadr
2007-11-19 01:53:53 0 d-------- C:\Program Files\MultiRes
2007-11-19 01:53:16 0 d-------- C:\Program Files\Radeon Omega Drivers
2007-11-18 03:05:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 21:20:12 0 d-------- C:\Program Files\BitTyrant
2007-11-17 17:31:53 0 d-------- C:\Program Files\Firebird
2007-11-17 17:29:16 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-11-17 15:27:09 0 d-------- C:\Documents and Settings\Owner\Application Data\atitray
2007-11-17 15:17:57 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-17 15:08:34 0 d-------- C:\Program Files\ATI Technologies
2007-11-17 14:46:27 0 d-------- C:\Program Files\MSXML 4.0
2007-11-17 13:55:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-11-17 10:09:23 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2007-11-17 10:09:22 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-11-17 10:07:47 335 --a------ C:\WINDOWS\nsreg.dat
2007-11-17 10:07:25 4 --a------ C:\WINDOWS\Pix11.dat
2007-11-17 1040 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-17 10:05:22 0 d-------- C:\Program Files\Synaptics
2007-11-17 09:59:16 0 d-------- C:\Program Files\AMD
2007-11-17 09:57:12 0 d-------- C:\Program Files\Common Files\New Boundary
2007-11-17 09:57:11 2 -r-hs---- C:\USER
2007-11-17 09:55:40 0 d-------- C:\Program Files\CONEXANT
2007-11-17 09:53:20 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2007-11-17 09:52:29 0 d-------- C:\Program Files\Windows NT
2007-11-17 09:52:26 0 d-------- C:\Program Files\Movie Maker
2007-11-17 09:50:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-11-17 09:49:26 0 d-------- C:\Program Files\microsoft frontpage
2007-11-17 09:49:26 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-17 09:49:26 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-17 09:49:26 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-17 09:49:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-11-17 09:48:53 0 d-------- C:\Program Files\Common Files\AOL
2007-11-17 09:48:08 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-11-17 09:46:53 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-17 09:42:51 0 d-------- C:\Program Files\Common Files\Real
2007-11-17 09:18:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-11-17 09:04:30 0 d-------- C:\Program Files\Siber Systems
2007-11-17 08:59:26 0 d-------- C:\Program Files\Skype
2007-11-17 08:59:23 0 d-------- C:\Program Files\Common Files\Skype
2007-11-17 08:54:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-17 08:48:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-17 08:35:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft? .NET Framework>
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 10:47 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 10:47 AM]
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [05/26/2004 08:57 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"AtiPTA"="atiptaxx.exe" [02/21/2006 08:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [04/12/2006 03:15 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM]
"Curb tool help dart"="C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\That This.exe" [12/22/2007 03:54 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 07:05 PM]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [04/13/2007 10:08 PM]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [04/13/2007 10:08 PM]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [12/21/2007 09:00 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/17/2007 09:53 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [11/17/2007 09:04 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"CreativeWeb"="C:\DOCUME~1\Owner\APPLIC~1\LITEPL~1\Defy bias plus.exe" [12/20/2007 03:29 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - ANTIVIRFIREWALLSERVICE
*Newly Created Service* - ANTIVIRMAILSERVICE
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - ANTIVIRWEBSERVICE
*Newly Created Service* - AVESERVICE
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SSMDRV
*Newly Created Service* - VMQMECGWPATK



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7734 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-22 04:45:33 ------------"

Thankies for you help in advance...Whatever else you need let me know.

A: Popups, Multiple unknown processes, Multiple viruses and malware found...

TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
In the File menu click Exit to exit Spybot Search & Destroy.

Download http://www.techsupportforum.com/sect...etTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


----------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\That This.exe
O4 - HKCU\..\Run: [CreativeWeb] C:\DOCUME~1\Owner\APPLIC~1\LITEPL~1\Defy bias plus.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Ignore any prompts for a reboot


---------------


www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

6 more replies
Answer Match 107.1%

Hi,
 
I have run malwarebytes, hitman Pro, ADWcleaner and multiple dllhost.exe *32 Com Surrogate processes keep popping up in task manager.
Computer/internet is very slow.
 
Here is the Scan result of Farbar Recovery Scan Tool
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Pattie (administrator) on MININT-Q9CGG1P on 05-11-2014 15:57:31
Running from C:\Users\Pattie\Downloads
Loaded Profile: Pattie (Available profiles: Pattie)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched... Read more

A:Malwarebytes found multiple trojans, multiple dllhost.exe *32 processes computer

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554909 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 102.9%

Computer: Dell Dimension 4600 OS= Windows XP SP3I recently downloaded a corrupt file from a website claiming it was a trial version of 'Microsoft Office 2007', then my Opera and Firefox web browsers began to redirect my searches, about 40% of all my searches. I have used the following programs, but to no avail: ALL WERE UPDATED AND THEN RUN-HijackThis-Autoruns-SUPER Anti Spyware-CCleaner-Malwarebytes' Anti-Malware- Ad-Aware-Webroot Anti-Virus w/ AntiSpywareThey were all updated before running, but I could not boot it in Safe Mode because a blue screen appears and says windows had to shut down. Any help would be greatly appreciated, and if you have any further questions FEEL FREE to ask, I am almost losing my mind Thank You!

More replies
Answer Match 95.34%

I would really appreciate some help figuring this out...

I've run many anti-malware cleanups using 6 of the better softwares out there.

None of them has been able to eliminate this noxious iexplore.exe process.
It makes random clicking noises, random audio popups and also both
full-screen and smaller popups. Always re-starts very quickly when I
kill the processes.

I've run HijackThis and done my best to locate any dubious processes but at
this point I'm stuck. I think this Malware is attached to some legit process
or something that keeps re-starting it.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:06, on 7/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Microsoft Office... Read more

A:Audio popups, plus popups - multiple Iexplore.exe processes - please advise

Hi

Please do the following:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

NEXT
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan bu... Read more

3 more replies
Answer Match 92.82%

My computer has run into trouble because there are many processes, Known and Unknown, running that quickly reopens when ended and is eating up my CPU. I had them for awhile now because I have no idea to get rid of them. There are also several invisible Internet Explorers running that aren't on screen. Another problem is that Windows Explorer would stop responding and reset constantly. Another problem is that downloads from any browser wouldn't download and wouldn't pop up. Also did I mention is extremely slow? All of this put together makes the computer almost inoperable and unwanted.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by 1 at 12:07:30 on 2015-01-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3807 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.ex... Read more

A:Computer gets multiple of problems because unknown processes

Hello Tr1pkt12,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions. 1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked to cl... Read more

3 more replies
Answer Match 92.82%

Hello,I've had IE 8 - 32bit slow down and crash moreso recently, and problems with java webpages. I noticed I have multiple iexplore *32 processes running. After the first run and exit of IE, and can never kill the last 2 processes in Task Manager.Since I'm running Win 7 - 64 bit OS, I could not run RootRepeal.Here's the DDS log:DDS (Ver_09-12-01.01) - NTFSX64 Run by Bum at 1:53:43.74 on Tue 02/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3322 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour ... Read more

A:Multiple Internet Explorer unknown processes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 91.14%

I've been having random pop ups, warnings of backups, and being told I need to run virus scans. Any help is appreciated.
 
Also, just to clarify -- this is not my computer. I have experienced a few of these problems but not all of them. I am being told what the problem is and hoping to fix it with your help.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Owner at 16:12:22 on 2013-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1549 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* ::: MAIN CONTENT AREA ::: 5
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* ::: MAIN CONTENT AREA ::: 4
SP: Windows Defender *Disabled/Outdated* ::: MAIN CONTENT AREA ::: 3
FW: McAfee Firewall *Enabled* ::: MAIN CONTENT AREA ::: 2
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program... Read more

A:Infected with multiple unknown viruses

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:The fixes are specific to your problem and should only be used for the issues on this machine.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.Please be sure to subscribe to this topic so that you can see when there are new responses.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data. Having said that.... Let's get going!!---------- Please download aswMBR to your desktop.Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, press the s... Read more

24 more replies
Answer Match 91.14%

Hi there, I really hope you can help me? I opened Chrome a few days ago and there were pop-ups everywhere until Chrome crashed... the icons on my desktop keep on flashing, and then when I open Task Manager there are about 20 Chrome.exe32 files running and the CPU keeps spiking to 100% as the icons flash.

I managed to block the adverts with Adguard Adblocker and Adblock, but the system still seems to be doing huge amounts of background processes, and webpages seem to time out now from slowness.

A huge amount of RAM is being used as well, even when hardly any programs are open. I have tried several malware removal programs, ESET Powerliks Cleaner, Malwarebytes Anti-malware, Hitman pro, Roguekiller, Emisoft emergency kit, and none seem to be reaching it.

Thank you very much for your time, and I really hope you can help me.
 

More replies
Answer Match 90.3%

I own a VPR Matrix Series 220 Model FT-2100PE, I am currently running Windows XP HOME SP3. I ran avast home from boot up and it found the following viruses present: Win32:Agent-QNI and Win32:Vupa [Cryp].
I selected to delete infected files automatically and am worried i deleted important Windows files. Here are the following files the were deleted: Windows\nvupaguhe.dll._eac_qt_
Windows\system32\dllcache\beep.sys._eac_qt_
Windows\system32\drivers\beep.sys._eac_qt_

Despite these files being removed the computer seems to function fine. I am using it to post this thread.

I greatly appreciate any help you can give me. Thank you.

A:Multiple Viruses found. Please help

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 90.3%

Hello, I'm having problems with my computer: it is slow and google was redirecting to the wrong links. Every day, my AVG finds and deletes between 2-6 viruses after it performs it's scan (it seems to run okay after the scan but this goes on every day). Here is the latest AVG scan results:

"C:\WINDOWS\system32\csrss.exe (1288):\memory_00270000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\WINDOWS\system32\csrss.exe (1288)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe (200):\memory_00250000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe (200)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
"C:\dell\E-Center\EULALauncher.exe (184):\memory_00250000";"Trojan horse Vundo.JD";"Moved to Virus Vault"
"C:\dell\E-Center\EULALauncher.exe (184)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"
MBAM did not find any malware on the computer.

Here is the hijackthis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:55 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS... Read more

More replies
Answer Match 90.3%

I am helping my fiancee's sister out. She was having multiple issues with virus/trojans, and popups. I have done what I can to clean most of it up and hopefully some of you will see some things that I have missed, or are being reapplied during startup. Thanks in advance. If you need anything else just ask.

Update i did upgrade to windows sp3, after and took care of windows media player update exploit thing after I ran the panda online virus checker. so the ms06-006 thingy is now closed

A:multiple viruses/trojans popups

bump* i know you guys are busy.

and adding files

1 more replies
Answer Match 90.3%

Here is my Sys info:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 9
Processor Count: 2
RAM: 1014 Mb
Graphics Card: Intel(R) 82915G/GV/910GL Express Chipset Family, 128 Mb
Hard Drives: C: Total - 109662 MB, Free - 2763 MB; H: Total - 38130 MB, Free - 37670 MB;
Motherboard: Dell Inc., 0JC474
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled

I have scanned using Avast which has found nothing. (of course) I also frequently get the message that my shockwave is busy. I am going to post the Hijack this log also.:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:52 PM, on 9/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.... Read more

More replies
Answer Match 90.3%

hi i have done the 5 steps and have resulted with the following logs, but before that i wanted to tell u guys that this has been happening for a couple days, and its getting a bit annoying, i have ran somescans to find out that i do have a keylogger in my system, and i do realize what that means but my main concern here is the popups, i believe there all linked here are all the logs:

i have also attached all these to this thread so if u guys want to download them feel free to


hijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:19 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Softwa... Read more

A:CiD: prefix popups + multiple viruses

Quote:




O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\KGB Keylogger\winlogons.exe




Is this something you installed?

12 more replies
Answer Match 90.3%

One week ago, I started getting popup windows whenever I used Internet Explorer, so I ran AVG virus scan and got five virus which AVG healed. I wish I could tell you the name of the viruses but I did not save the report. Sorry! Since then, AVG Virus scan shows that I am virus free; however, I still get multiple popups. These popups open a new Internet Explorer window each time I open a new internet page and are always ads related to the web page I am viewing. Every time I run the AVG spyware scanner, my cookies are infected with at least five tracker cookies. I can post the most recent AVG virus scan log if you need it. Thanks in advance for your time!

Deckard's System Scanner v20071014.68
Run by jbridges on 2008-06-17 17:23:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2008-06-17 22:23:49 UTC - RP490 - Deckard's System Scanner Restore Point
55: 2008-06-17 14:37:56 UTC - RP489 - Removed Ad-Aware 2007
54: 2008-06-17 14:25:07 UTC - RP488 - Software Distribution Service 3.0
53: 2008-05-28 17:28:53 UTC - RP487 - System Checkpoint
52: 2008-05-27 13:18:17 UTC - RP486 - System Checkpoint


-- First Restore Point --
1: 2008-03-24 16:58:22 UTC - RP435 - System Checkpoint


Backed up registry hives.
Perform... Read more

A:Constant popups - multiple viruses

Bump - please

16 more replies
Answer Match 90.3%

Initially had a problem with Google results getting hijacked and now random windows will pop up in IE and Firefox without prompting. New processes running and some under rundll32.exe in the TaskManager. New things appearing in prefetch. Generic Host Process for win32 consistently needs to close. Then shuts downs the PC within a minute.

Attempted SpyBot early on, then AVG, and SDFix. Now trying HijackThis as a possible solution.

Please help.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Damian at 12:11:15.14 on Wed 02/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.71 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG... Read more

A:Unknown Infection - Multiple Trojans and Viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 90.3%

My computer has contracted a pretty bad virus. I have played around with GMER, Hijackthis, Malwarebytes, and Stopzilla with no luck. It opens IE to www.stopdog2009.com (or something like this). It blocks me from going to any Antivirus websites. I had Symantec Endpoint Protection installed but somewhere along the way it has become disabled, and it wont let me reinstall it. Stopzilla pops up with multiple viruses and trojan, but after it "repairs" them and reboots, they are right back there. It lists Malpak.D, W32Dropper.APN, Reader_s, Sopidkc, Qva61, and others. Same with Malwarebytes, its finds infected thing, fixes them, rebots and they are back. Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:49:56 PM, on 5/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\Ati2evxx.exeC:\WINDOWS.0\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\Ati2evxx.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\System32\svchost.exeC:\... Read more

A:Computer has unknown virus or multiple viruses, plz help

I reformatted the drive and it seems to have fixed everything. I have Symantec Endpoint Protection back up and it says the drive is clean, as does Malwarebytes. So, this thread can be closed.

2 more replies
Answer Match 89.88%

Hi there! I kinda new here so I want to say sorry if I'll be committing some mistakes on my post. 
 
http://www.bleepingcomputer.com/forums/t/506468/internet-explorer-opening-multiple-processes-in-task-mgr-when-not-using-ie/
http://www.bleepingcomputer.com/forums/t/505348/internet-explorer-opening-multiple-processes-in-task-mgr-crashing-internet/
http://www.bleepingcomputer.com/forums/t/484738/multiple-internet-explorer-processes-running-in-background/
 
I may have the same problems as these people but I'm way over my head on understanding the troubleshooting. Every time I turn on the computer and starts the taskmanager, I constantly see 4 "iexplorer.exe" on the process tab even though IE is not running. I tried ending the process but it keeps coming back no matter what I do. I have run ESET NOD32 AV to check if there are any viruses causing this problem but I have no luck. And these processes tend to slow down the computer all the time.
I do appreciate it if someone can help me out on this. And again, I apologize if I miss or broke rules while posting this topic. I thank you in advance and more power to bleeping computer.  
 

A:Multiple Internet Explorer processes found on Taskmanager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

9 more replies
Answer Match 89.88%

Hello,
 
about a week ago i was informed by my step father that the internet kept closing on him. I decided to investigate and saw what he meant. After opening ie and a seemingly random amount of time, ie will just close. After doing a bit of poking around on my step fathers account and making sure everything is updated, the problem persisted. i tried running ie without add-ons (in case of a buggy one), i tried resetting ie to default settings, and i tried re-installing ie updates. Nothing helped the problem.
 
Finally i noticed Multiple internet explorer processes in the task manager. I found this unusual since ie was not running. i restarted the computer and found Multiple internet explorer processes running without ever touching ie upon fresh boot. Now since i was on my step fathers account, i decided to see if this problem was on my account. (There are two accounts on this Win7 desktop machine. Mine(admin) and my step fathers(basic user). Mine is password protected and his is not. He is not allowed update programs or install programs without admin password. I had this arrangement to hopefully prevent a situation like this.) Anyways i inspected my account and i don't find Multiple internet explorer processes upon boot or closure of ie. Also ie does not just close like on his account ( i use chrome most of the time anyways). 
 
Since i thought something was not right and i thought the computer might be infected, i ran full scans with:
Vipre Antiviru... Read more

A:Multiple internet explorer processes found even when ie is closed

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

21 more replies
Answer Match 89.46%

First time using this site. I have at least 2 viruses, maybe more. No matter how many times i remove malware/spyware it seems they just keep coming back. I ran Avast boot scan which found Win32:Agent-QNI and Win32:Vupa[Cryp]
My computer seems to run okay, a little slow but no restrictions that I've run into. I followed the First Step instructions but wasn't able to attach the ark and attach zips because the Manage Attachments button wasn't located in the Additional options. Here are my logs from the DDS.txt


DDS (Ver_09-07-30.01) - NTFSx86
Run by user at 2:11:04.67 on Sat 08/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.220 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program ... Read more

A:[SOLVED] Multiple Viruses found. Please help

Hello, offbeatgene and Welcome to TSF -

I see that this topic is marked as Solved, but there are some items in the log which indicate it might not be a clean machine.

If you still require help, please post new logs from DDS and GMER. If you still have issues with attaching, simply post all the logs in reply.

2 more replies
Answer Match 89.46%

I have followed the 5 Step Process and I am now ready to post the HJT log file for analsys. The anti spyware and anti virus programs found many items, most notably:

TROJ_GENERIC
TROJ_DLOADER.DHU
BKDR_AGENT.E
ADWARE_EZULA
ADWARE_DYFUCA
ADWARE_WINTOOLS
ADWARE_IBIS.WEBSEARCH

After performing all 5 Steps and supposedly cleaning all of these, here is the HJT log, please let me know if you see anything else that is left over:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:41 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\FNTS~1\smss.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Progr... Read more

A:Multiple Trojans and Viruses Found

That's quite a mess you're cleaning up. This will take some time.

First, let's get some protection on your system.

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Please download and install this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:





Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.





Click the Scan button on the left, and then click Detected.





In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply, at the end of this fix.
Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

---------------------------------------------------------------------------------------------

Next, let's clean some junk.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop. We'll use this l... Read more

8 more replies
Answer Match 89.46%

Hi,

I would appreciate any help anyone could provide with the following issue I have recently encountered.

I scanned my computer with SUPERAntiSpyware and it found multiple trojans including:
Trojan.Vundo-Variant/Small-GEN
Trojan.Unclassified/Packed-Win
Unclassified.Unknown Origin
Trojan.Vundo-Variant/NextGen
Trojan.Vundo-Variant/NextGen-Six
Browser Hijacker.Internet Explorer Zone Hijack
Trojan.Unknown Origin
Adware.Vundo Variant/Rel

I quarantined these and my system seemed to be fine again.

However, now I am constantly getting popups, including one which is from hxxp://pro-anti-virus-scan.com telling me to scan my computer from malware and trying to get me to download anti-virus software, and I keep having to close Firefox via the task manager to get rid of it.

Here is my log:



DDS (Version 1.0) - NTFSx86
Run by Helen Fraser at 21:46:31.56 on 10/12/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.276 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\p... Read more

A:Think I'm infected with multiple viruses/trojans - keep getting popups

Hi hfraser

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We need to disable your TeaTimer as it may interfere with the fixes that we need ... Read more

7 more replies
Answer Match 89.04%

Hi,My computer is infected with something but I don't know what it is as scans via Spyware Doctor and McAfee have showed up nothing. Tried the Kaspersky scanner and it found 8 items but I was unable to save the report. However, some of those items were trusted programs such as IRC so...In any case, here's the problem.When I start up my browser, either IE or FF, there would be popups in other tabs or via a new window. They seem to be different websites everytime, and below are some of them:- <http://antispywaresuite.com/data/index.php?02005c5f570e6b100d025701574c3909036f084e0a665356073a43053a5c596e020451501f04580b591f550a565748020d5d455e5e5f095a5b3a0157570e03023a040703015556510556525b0c0957050608540f5d08010601510301035f5157033e56500d5102530003025a5b0e525755065a5d5b0b06010f5d5356500c55085151130555060953420109570a1e01095f01531f5f53090510065d5f541f5a453a085b04565e015556576b52660952595b04460a790c0105003a003d510b0204431257060452>- <http://joybuyjoy.com/hobbies_games.html>- <http://http://82.98.235.210/go//?cmp=impressions_se_juan&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&lid=http> (x)- <http://82.98.235.210/go//?cmp=vm_cmp793_xt&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&rid=ccnt_ha&lid=http> (x)- <http://83.149.75.33/info.png?cmp=ghrnc&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=15... Read more

A:Unknown Infection With Multiple Popups

Hello Cloud_D and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

8 more replies
Answer Match 88.62%

I run Windows Vista Home Premium. AVG fund multiple JS/ viruses, mostly JS/obfuscated (also JS/worm and JS/phish). However, the program was unable to resolve these. I'm not sure whether to select "remove all selected," whether these are acutal problems, or what I should do. I'm not noticing any issues with computer performance, per se, but I'm concerned that my computer is infected and I'm just unaware. Thanks for any help.

A:Multiple JS/ viruses found on AVG, unable to heal?

Hello Seastone, what app couldn't remove them..Please run these... MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection... Read more

17 more replies
Answer Match 88.62%

I have recently started to clean up my boyfriend's computer and it is a mess since he didn't have it properly protected. I already managed to get rid of the fake Antivirus problem that keeps you from using malware removal products and removed a host of malware and viruses that I could get with the online Trend micro scanner, AVG, Spybot, and Malwarebytes.

In the process of doing this something is keeping me from opening any icons in the control panel and I get the following error message.

"Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'

I checked and the file was missing. I checked in the backup folder and it is just a blank page. I still tried to copy and paste this into the system32 folder but it didn't fix the problem.

Also I still have some nasty viruses that seem to be beyond my expertise to remove.

Spybot detects Win32.Agent.syn in two registry keys, as well as Win32.Delf.uc in 2 registry keys

AVG detetcs a number of viruses that it seems to not be able to remove; including

Togan horse Pakes.EYA
Trojan horse Clicker.AHVO
Virus Win32/Heur
May be infected by unknown virus "Win32/DH.AA54534F48" in multiple files
Trojan Horse BackDoor.Generic12.BCBN
(maybe some others)

I would really appreciate some help!

I will post a HJT log in the next post. If there is any other information you need let me know.

Thank you!
 

A:Rundll32.exe not found, and multiple trojan viruses

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:18 PM, on 06/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\VRT5.tmp
C:\WINDOWS\System32\8134271.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\exp... Read more

3 more replies
Answer Match 88.2%

Hi,
 
Back again after 2 trouble free years. I was able to find and remove malware using the usual tools but still am still getting multiple dllhost.exe with Com Surrogate in the description processes spawning. I end them and they still come back. Not sure if related, but:
 
IE keeps changing security settings to disable file downloads whether I set the Internet zone to default or Custom.
Getting blue screen DRIVER IRQL for netw5v64.sys but downloading latest intel driver seems to have fixed it
 
Thanks for the help,
Larry

A:Multiple dllhost processes & malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Sca... Read more

2 more replies
Answer Match 87.78%

hi, my computer is running very slowly and avg and symantec have found at least 5 viruses. ALSO, when i log onto my computer, an alternate operating system was created (not by me)... it's all numbers (something like 14430485) and it's password protected. i don't know what to do, so i'll just post a hijackthis logfile.

thanks in advance

jeff

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:03 AM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program File... Read more

A:multiple viruses found and computer is running slow

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

2 more replies
Answer Match 86.52%

Hi,
 
I have been experiencing multiple dllhost processes lately.  After some research I found that it is due to the Poweliks malware that enters into the Registry along with a script embedded in there that gets itself started using powershell.  Unfortunately this registry entry is somewhat hidden and cannot be easily removed.
 
At this point I am at a lost as to how to remove this Poweliks.  Any help would be appreciated.
 
Thanks, gravity_boy

A:Multiple dllhost processes, infected with Poweliks malware.

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

13 more replies
Answer Match 86.52%

My father has a desktop computer running Windows 7. Recently, the computer has been slowing down and almost coming to a halt. When I checked the Task Manager, there are multiple (10-20+) "dllhost.exe *32" processes running. CPU and memory usage both go as high as 100% and the machine freezes up completely, to the point where a hard shutdown must be performed.
 
I suspect a malware infection, but I have run full scans with Malwarebytes and Norton and neither one has found anything. What steps should I take to resolve this?
DDS log is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Manson at 17:32:04 on 2014-09-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2116 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\s... Read more

A:Multiple dllhost.exe processes - suspect malware infection

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi Grendel_J,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to r... Read more

16 more replies
Answer Match 86.1%

PANDA ACTIVE SCAN:


Incident Status Location

Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/searchrelevancy Not disinfected Windows Registry
Ad... Read more

A:Viruses found, malware, spyware, and popups.

WOW this is old BUMP!!!!

1 more replies
Answer Match 86.1%

I have an HP dv6 1355dx laptop running a 64bit version of Windows 7.

I didn't deviate from any normal day-to-day internet activities, but got really worried when IE started opening up popups. I NEVER use Internet Explorer, so I was instantly on alert. The popups close easily, but are becoming more frequent. I also learned that whenever I try to search using Google on any of my broswers, about 80% of the time I get redirected to random, shady looking sites.

I have run all of my virus programs multiple times regularly and in safe mode. Microsoft Security Essentials would not open normally, and did not detect anything when I ran it in Safe Mode. In safe mode, it tells me that Malwarebytes picked up four different trojans, but successfully removed them and is now coming up clean.

Any help would be so greatly appreciated.

I ran one of the DDS logs, which gave me the following:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Teddi at 22:36:44 on 2011-06-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1823 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows&#... Read more

A:Unknown Infection causing multiple popups and Google redirect.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 85.68%

Hello,I am having multiple problems from what I believe is some sort of virus. I am getting random advertisement popups, warnings across the top of webpages with viruses found and need to scan, as well as the inability to load profiles including the administrator.I have gone through all the steps prior to posting here and nothing has seemed to work. I was not able to turn on the firewall because when I tried to load the admin profile in safe mode, I just got the black screen with safe mode in the corners. Below is my txt document.DDS (Ver_09-01-07.01) - NTFSx86 Run by Brian at 22:25:43.14 on Wed 01/07/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1528 [GMT -5:00]AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.E... Read more

A:Multiple problems from an infection that has popups, warnings across top of webpage with too many viruses, and not loading cert...

Hello Brian and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Download LSPFix and extract it to your desktop.Don't use it yet.A tutorial on the use of thsi tool can be found here : http://www.bleepingcomputer.com/tutorials/using-lsp-fix-to-remove-spyware/3. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your ... Read more

7 more replies
Answer Match 85.68%

I found trojanproxy.win32.agent.dam#2 this virus in windows/system32/vftqmpvn.exe in online scan with RAV. Does anyone know what this virus is and how to get rid of it? Does anyone know about function of vftqmpvn.exe file?
OS is windows XP
Thanks

A:multiple viruses/malware need advice

vftqmpvn.exe appears to be a random-named file,most likely created by the trojan.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

16 more replies
Answer Match 85.68%

I think perhaps I bit off more than I can chew. A co-worker of mine gave me her laptop after surfing without an antivirus or firewall. I've used Avira and Adaware, but I still seem to come up with infections (TR/Monde for starters . . .). Logs below. Thanks in advance!Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Celeron® M processor 1.50GHzPercentage of Memory in Use: 52%Physical Memory (total/avail): 502.42 MiB / 239.68 MiBPagefile Memory (total/avail): 1225.74 MiB / 935.56 MiBVirtual Memory (total/avail): 2047.88 MiB / 1927.13 MiBC: is Fixed (NTFS) - 55.68 GiB total, 23.58 GiB free. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 55.68 GiB - C: \PARTITION1 - Unknown - 203.95 MiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FirstRunDisabled is set.AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\... Read more

A:Multiple Viruses/malware Infections

Hello Hhv100 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

5 more replies
Answer Match 85.68%

Hi there
 
I am having trouble with many pieces of malware at once I think.
A few days ago I noticed I was being redirected around to different websites (something like www.ads-find-all-you-want.com) about 20% of the time when I clicked on any link. I have tried to get rid of it with malwarebytes, but it didn't go away. Today I noticed the computer slowing donw significantly and I have multiple instances of 300k+ memory usage "explorer.exe" being open and multiple "iexplore.exe" despite me having never used internet explorer.
 
I have tried using the dds tool to make a dds.txt, but it will only generate me the attach.txt  and no dds.txt file no matter the options I select. I visited this forum (or a similar one) many years ago now and was told to make HijackThis logs. Not sure if this is still a thing at all but I made some anyway and i'll attach those.
 
I also took a screengrab of all the explorer.exe's running
http://imgur.com/b945RG0
 
Hope you can help me, and I can provide any other things you need
 
Thanks!
 

A:Multiple viruses - Internet website redirects, multiple "explorer.exe's"

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

18 more replies
Answer Match 85.26%

Working on a client's retail POS computer (Windows 7 Professional, 32-bit), noticed it was very slow.  Checking running processes, found that 15-20 DLLHOST.EXE processes were running with large amounts of resources being consumed (CPU/RAM).  Tried shutting them down, but they just kept coming back.  Was able to stop them returning by killing explorer.exe, and left just the essential windows running that my client needed to conduct business -- this seemed to work as a temporary fix.  However, attempts to clean whatever malware is causing this were not completely successful.  Scans found some malware and removed, but this problem of the "creeping" DLLHOST.EXE processes still remains whenever explorer.exe is running.  As soon as I start explorer.exe, the DLLHOST.EXE processes start multiplying rapidly within minutes.
DDS.TXT -->
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.55.2
Run by pos at 16:07:48 on 2014-11-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2012.1148 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program... Read more

A:Unsuccessful Malware Cleaning -- Multiple DLLHOST.EXE Processes Running

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554745 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

15 more replies
Answer Match 85.26%

Hi,
 
My laptop seems to have a virus. I think there is an extra dllhost.exe process running and when the laptop is connected to the Internet, several COM Surrogate processes begin running as well. They can be killed, but will come back after a few minutes. They slow down the computer severely.
 
Can someone help me figure out how to remove this? I posted my DDS log below and attached the attach.txt file. 
 
Thanks,
 
Mike
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Michael at 16:19:08 on 2014-11-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3792.2512 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\A... Read more

A:Malware creating multiple COM Surrogate processes, slowing computer

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

8 more replies
Answer Match 85.26%

Hi,

I have noticed that on my PC IE seems to run GREATLY faster than Opera and Mozilla Firefox when many windows are open, but it lacks the features and add-in support I need. I have found that the reason it is so much faster is because it opens a seperate process for each window that is open while mozilla and opera only use one process for everything. Is it at all possible to somehow use Opera or Mozilla and have one process per window or tab like IE has?

I really need to know if this is possible because more than one person uses this computer and lots of windows and tabs are eventually open, but when I have over 10 tabs or windows open running from the same process on this computer, it eventually gets so slow that it is almost unusable (most windows become almost unresponsive and get blank for a few seconds when you click)

Any help with this would be greatly appreciated.

More replies
Answer Match 85.26%

my new laptop is running very slow. Typing is difficult because it skips letters if I type quickly. There are also multiple popups. Some are full page advertisements, never the same. Most are just new tabs in already opened IE windows and always are blank with an error '404 Not Found' in the tab. Once my screen filled up with blank windows, probably 30 or more before it finally quit and I closed out the group. Thank you for your help!Deckard's System Scanner v20071014.68Run by dustan marshall on 2008-05-22 09:13:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-05-20 10:56:40 UTC - RP388 - Scheduled Checkpoint10: 2008-05-17 07:00:30 UTC - RP387 - Windows Update9: 2008-05-17 04:47:22 UTC - RP386 - Scheduled Checkpoint8: 2008-05-16 15:46:00 UTC - RP385 - Scheduled Checkpoint7: 2008-05-15 19:09:36 UTC - RP384 - Scheduled Checkpoint-- First Restore Point -- 1: 2008-05-09 15:52:37 UTC - RP378 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-22 09:17:40Platform: Windows Vista (6.00.6000)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\dwm.exeC:\Windows\System32\taskeng.exeC:\Windows\explorer.exeC:\Program Files\... Read more

A:Slow Computer Multiple Blank Popups/ 404 Not Found

dustanlm

Sorry for the delay.

If you still need help post a fresh Hijackthis log

10 more replies
Answer Match 85.26%

Hello. I am abeus. I have problems on my regular computer running Windows XP. Because of the severity of those problems, throughout the process of eliminating those problems I will be communicating on this, a separate computer. I started this topic in the "Windows XP and Professional" Forum on July 9, 2011. I had an exchange of five emails with Artrooks before he advised me on July 12 that my problems were not of the right nature to be handled on that Forum. He advised me further to start a new topic at this "Virus, Trojan, Spyware and Malware removal Logs" Forum. I have read all of the information requesting certain steps be taken previous to starting a topic on this Forum and I complied with the ones relative to "Notification". Other steps I didn't comply with for the reason that I believed any effort I might make to comply could possibly complicate the circumstances already on my computer. I'll be happy to comply to any steps requested by the trained and experienced person who replies to this topic. The history and circumstances of my problems are spelled out in the emails sent to Artrooks. If the party who answers this posting would refer to those emails they would get a fairly clear picture of what the circumstances are. Or, if it is preferred I will be more than happy to copy and paste or restate them here on this forum at you request. I look forward to your reply. Thanks
abeus

A:UNKNOWN MULTIPLE MALWARE ETC

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409482 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

3 more replies
Answer Match 84.84%

Hi there,

A couple days ago, my girlfriend told me her laptop was acting strange.

It's a Dell Inspiron E1505
1.66 GHz Intel CPU; x86
MS Windows XP Home Ed. Service Pack 3 (Build 2600)
She has Comcast high speed and is running McAfee

While browsing the web using IE, a message popped up that she thought was from McAfee stating that the computer was not protected and needed to be updated. She clicked OK. It then told her she needed "Personal Antivirus" and a bunch of pop-ups came up stating there was malware, viruses, etc. This is when she let me know something was wrong. She also said that within the last few weeks while using her Yahoo mail, she would suddenly be re-directed to what looked like a Dell search page. Also, when the computer boots, a message comes up stating that "Google installer has encountered a problem and needs to close" She said she always clicked "Do not send" the error report.

The first thing I did was ran a scan using McAfee. It found the following:
Generic Rootkit.d!rootkit (Trojan) removed
Artemis!8DC942DFF375 (Trojan) quarantined
FakeAlert-DI (Trojan) quarantined
FakeAlert-EL (Trojan) repaired (removed)

I then installed AdAware and ran a scan. it found the following:
Win32.Trojan.Tdss - removed

I have since uninstalled AdAware.

I cannot use IE now, as it crashes immediately upon launch. It was launching, but when I tried to go to any address, it redirected me to a page stating that the computer ... Read more

A:Seem to be infected with multiple trojans/malware/viruses

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files ... Read more

20 more replies
Answer Match 84.84%

Not really sure what she downloaded or what weird site she visited to give me all of this. I noticed I had a virus when My "CPU Usage" in the "Task Manager" showed 100% for 30 minutes straight. I then restarted my computer in "Safe Mode With Networking" and started to try to find out what the issue was. I have Norton 360's complimentary trial service that came with my laptop and when I did a "Complete Computer Scan" It showed me the viruses but would not remove them. When I used "SpyHunter's" free scan it showed me 106 threats and detected even more malware. Due to the rules of the forums I didn't want to post any logs or attachments until told to do so. So here are the Viruses I noticed my self using "Norton 360", sad thing is Im pretty sure there is a ton more...My Profile has all of my computer info, thanks in advance.
Viruses Shown:

Backdoor.Rustock.B
Backdoor.troserv
Backdoor.Rustock.A
Trojan.peacomm
Infostealer.Snifula.
Spyware.EzURL
Spyware.Keylogger
 

A:My Computer Has Been Infected with MULTIPLE Viruses/Malware.

16 more replies
Answer Match 84.84%

I have had svchost errors for quite a while now. More recently, I have an unknown, long number process in task manager, and related to it is the emergence of a system error related to explorer.exe, svchost.exe and firefox as well. The error states "The maximum number of secrets that maybe the stored in a single system has been exceeded. The length and number of secrets is limited to satisfy United States State Department export restrictions." As I cannot run GMER in normal mode due to the following error: "Windows cannot access the specified drive, path or file. You may not have appropriate permissions to access the item." The attach.zip file does not include a GMER log. However, I was able to run MBAM in safe mode, where it cleared out about 8 trojan related files. Here is the DDS log.

Edit1: I forgot to mention, for whatever reason, I cannot disable my AVG free 2011: When I open the GUI, it states there are no components. In addition, when I open the "Temporarily disable real-time protection" settings and key in 15 minutes, it gives me the error "An error occured when trying to save the configuration. The connection is offline." Lastly, today I started having the issue of the services.exe process eating up CPU usage, and virtually causing my system to hang.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by Michael at 0:41:11 on 2011-09-07
Microsoft Windows XP Professional 5.... Read more

A:Multiple viruses/malware/system errors

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follo... Read more

11 more replies
Answer Match 84.42%

Hello All-
 
I am part of team of people who are experiencing a weird issue that we cannot seem to pin point the root cause of;
 
So far the only commonality between the computers seems to be Windows 7 and LabTech Software.
 
I, personally have seen the issue occur on 3 separate computers. It happens when you reboot the machine. However, we have a large network on machines on various clients and we are noticing the issue on a certain percentage of our clients, and then a certain percentage of their machines. It does not appear to be spreading, but it has affected a great number of computers.
 
One of the computers was unable to install windows updates, .NET seemed to have been turned off, unable to turn it on, event viewer was inaccessible, restoring windows worked the first few times and now the restore will not even work. (that computer is hosed after experiencing the crash 4 times)
 
Another computer, which I am currently on, is still repairing and rebooting into windows. I rebooted into a restore point from yesterday morning "after the crash." The user used the computer all day yesterday without issue. We decided that we would use it to perform some test on...
I booted it into safe mode and ran an MBAM scan.
I found 2527 threats and attempted to remove them (necessary reboot)
computer would not boot up, necessary restore.
tried to remove malware bytes which was still there, but could not, downloaded a removal tool recommended by MBAM, removed prog... Read more

More replies
Answer Match 84%

Hello,I'm an IT Manager for a medium sized company.I've fought this problem for a solid week. It's occuring on about a dozen computers out of 150, all Windows XP Professional Service Pack 2.They get the following error in a window: ERROR: 16 bit MS-DOS SubsystemC:\WINDOWS\system32\a.exeThe NTVDM CPU has encountered an illegal instruction. (etc)(Buttons to select "Close and Ignore") If the user clicks "Ignore" NTVDM will use from 20 to 50 cpu dealing with it, evenually slowing it to a craw if ignore is pressed repeatedly. If "Close" is pressed life goes on as usual till the next error.After the 16 bit error window our Trend Micro Worry Free Business Antivirus comes up with one or more websites it blocked.I can delete the a.exe file and in 10 minutes to an hour it will reappear.I've run Malwarebytes, Kaspersky Virus Removal Tool, Trend Micro Sysclean, Macafee Stinger, Combofix, Trend Micro Housecall, Norton System Scan, OTL.exe, RKill and others. They find some malware but the problem continues.None of the affected machines seem to be on tonight so I can't connect to them from home as I usually can. I can post results from them tommorrow. I'll recheck the post then.I would appreciate any help offered. Thanks in advance.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

More replies
Answer Match 84%

I have run scans with Norton Security Suite and Malwarebytes and I get several detected objects. It says they were removed, but everytime I run another scan with Malwarebytes, I keep getting a different set of detected objects. I'm not sure what else to do? I don't mind doing a clean install of Windows 7 Enterprise, but I no longer have the CD/key, etc. Below are my Farbar logs.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015
Ran by D (administrator) on LI-PC on 06-06-2015 10:10:19
Running from C:\Users\D\Desktop
Loaded Profiles: D &  (Available Profiles: D)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.7.0.11\n360.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.7.0.11\n360.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\ch... Read more

A:Ran scans with multiple software - viruses/malware galore!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CreateRestorePoint:
CloseProcesses:

HKLM\...\RunOnce: [{8F5135D2-2815-49B0-B035-FBDE35EE11EC}] => cmd.exe /C start /D "C:\Users\D\AppData\Local\Temp" /B {8F5135D2-2815-49B0-B035-FBDE35EE11EC}.cmd
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4231112004-1192876706-404484655-1003\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <====... Read more

7 more replies
Answer Match 84%

First off, thanks for your extensive efforts with this great community - you've presented fixes that have helped me in the past. But this time, I'm up against a stubborn sitation.My virus protection (PC-cillin) detects several items about 5-10 minutes after each boot up. I've tried multiple cleanup utilities only to have the problems return at the next boot up.I've completed the steps in the Preparation guide, and here's my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:39:21 AM, on 7/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32�... Read more

A:Multiple Recurring Malware/viruses - Vundo, Magicantispy

Welcome to the BleepingComputer HijackThis Logs and Analysis forum blackvinyl My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.-----------------------------------------------------Please download Combofix and save to your ... Read more

7 more replies
Answer Match 84%

Hey guys. I've noticed my computer has slowed down drastically since a few months ago. I know part of the reason has to do with my malware. I keep getting redirected to random URL's every few minutes while firefox is open. Also, i cannot get rid of this "searchbutler" homepage. This is my first time dealing with any malware stuff, so let me know if anything is wrong in my log/etcHere is my log, hope you guys can help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:37:07 AM, on 8/4/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesLavasoftAd-AwareAAWService.exeC:Program FilesAlwil SoftwareAvast5AvastSvc.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exeC:PROGRA~1ALWILS~1Avast5avastUI.exeC:Program FilesiTunesiTunesHelper.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMStatus.exeC:Program FilesWestern DigitalWD SmartWareFront ParlorWDSmartWare.exeC:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:Program FilesApplication UpdaterApplicationUpdater.exeC:Program FilesBonjourmDNSResponder.exeC:WINDOWSSystem32svchost.exeC:Program FilesJavajre6binjqs.exeC:Program FilesCo... Read more

A:Multiple viruses/malware including searchbutler, redirecting URL's

Hello jack9, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delayin replying, we are very busy at the moment.Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If youhave since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediat... Read more

11 more replies
Answer Match 83.58%

I was unable to get a DDS log. When I double click on dds.scr, I get a security warning stating that "The publisher could not be verified" and I click on "Run" to run it anyway. The dds.exe *32 appears in the task manager for about 12 seconds getting up to about 3,240KB, the command prompt window appears and instantly closes, and the dds.exe process disappears as well.

Since I'm running a x64 machine, I can't get a GMER log.

I've run Malware Bytes and it removed 1 malware and I ran it after rebooting and it's showing clean now. Trend-Micro doesn't show any issues. I've also run the Kaspersky Virus Removal Tool and it didn't show anything. I've also run TDSSKiller and it didn't find anything..

Even though MalwareBytes isn't showing any threats, I have seen a couple of notices from the taskbar where it has blocked outbound communication with a maliciious website.

Edit: DDS ran and here's the log:
Edit2: Just had another popup from MalwareBytes where it says it's trying to contact a malicious website. This one had a different port number, but the IP address is the same and it's still the csrss.exe that's showing up in the message.
I just saw another popup from MalwareBytes and this one was from coreserviceshell.exe. It popped up multiple times trying to following bing links in Chrome. I then get a message that says "Unable to load the webpage because the server sent no data."

I'... Read more

A:Zero Access malware? Extra csrss.exe, multiple conhost.exe processes, google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

12 more replies
Answer Match 83.58%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

A:Unknown Virus, Trojan, Spyware after multiple reboots and multiple virusscan attempts $RECYCLE.BIN returns and system fold...

Sir or Ma'am, We at my house really appreciate your reply.I turned off this computer since the last post on June 6, 2010.I have been checking online from a different computer daily for replies, which is infected as well.I assume we should fix them one at a time, as two others are in the same condition, and possibly a third; correct?Okay as for Today June 14, 2010 at 3:50pm Central when I turned on my computer it had no internet connection.I had to manually go to Control Panel and start a new connection. However HP assistant found it but wouln't connect, strange huh?Additionally, magically a Human Interface device installed on the this boot up as well.Lastly before going to control panel to manually connect to the internet in the CMD prompt when I did an IPCONFIG /all it had some strange stuff(AFTER Reading below there is still more, I thought it was done...)Microsoft Windows [Version 6.0.6002]Copyright © 2006 Microsoft Corporation. All rights reserved.C:\Users\Leslie>ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : Leslie-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoWireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter Physical Address. .... Read more

8 more replies
Answer Match 83.16%

Last night, I was cruising around my browser and was gonna watch a vid, but it required me to download an update to Active-X (which I already have had because it allows me to watch vids on Windows Media player). When I downloaded it, it instead downloaded "virusheat" which apparently was a cover up to bunches of spyware that want me to download other "anti-virus software" programs. I've been trying to get help from my friend who's good with computers, and she's told me all the popups that are saying I have all this spyware and viruses are probably a ruse to get me to download more spyware...she directed me to download AVG which is scanning right now to see if that would help because the anti-virus I had was horrible. It did nothing but quarentine the files and cut off access to my internet- not taking care of the problems I had. I really hope I can get some help with all this and get my comp back to normal. I've noticed lag issues since this started last night and I'm afraid of any personal info being stolen from me..I apologize if this is too much or not clear enough, but I beg for help. Please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:34 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WIN... Read more

More replies
Answer Match 83.16%

Running XP SP3Got virus warnings after visiting unknown website 36 hours ago. Internet stopped working immediately. Avira quarantined several files. Restart and new scan found another file. Now scans find nothing. Adaware scan finds nothing. Spybot and MalwareBytes wont run. Have run CCleaner.Deleted internet connection and reinstalled. Also ran Winsock XP helpers to no avail. Also no connection with cable.Malware is clearly still on computer. Several programs hogging CPU including windowslogin.exe and searchindexer.exe. First run of GMER stopped with short blue screen--couldnt read it--and restart. 2nd time the program froze. DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Lindsey Rosse Canant at 10:17:53,57 on 02/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2115 [GMT 2:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Co... Read more

A:Unknown Malware Cant Be Stopped? Multiple problems.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 82.32%

Hi, I downloaded something last night which I thought was safe, but now I don't remember exactly what it was. Anyways, it started trying to change my registry settings, and Scotty (on WinPatrol) kept asking me to change entries. I kept saying no, but it was in an infinite loop of asking na dbeing persistent. I even tried rebooting to get it to stop, but no such luck. It just continued afterwards.

My dad told me to download stinger last night, to which it found a few things which I deleted. Then I found the MBAM program, ran that, and got rid of a lot of stuff. I remember seeing the word Vondo last night, but I don't know what else is on here.

Today I did a virus scan with CA Internet Security Suite. It didn't find anything, but around 5ish it got rid of egao.exe (Pripecs/generic).

I ran the VundoFix.exe tonight, and it found nothing else on the machine.

Other things that are occurring:
- I keep getting asked by Scotty (every 20-30 minutes) if I want to change my registry (.REG) settings -- from "regedit.exe %1" to "regedit.exe %1 %*" (have always said no)

- I keep getting asked by Scotty (immediately afterwards) if I want to change my .SCR settings from "Company Name." and the next line saying "%1 /S" to "%1 %*" (have always said no)

- I keep getting told (not as frequently as the other two)
"A change has been detected in background page displayed on your Desktop

Your new page is

If this is ok, the... Read more

A:having multiple issues (virus/malware/popups)

6 more replies
Answer Match 82.32%

I'll keep this as consice as possible.

I am on vista,

and I have three types of popups in both ie and firefox:

1. New tab is opened and the url is invalid
2. New tab is opened and ie cannot connect
3. New window is opened with a seemingly random pattern of sites ranging from university advertisement to adultfriendfinder to react2media sites.

I have used spybot s&d, norton 08, and ad-aware to no avail.

My HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:07 PM, on 6/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetoo... Read more

A:Malware installed, popups of multiple types.

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scann... Read more

1 more replies
Answer Match 82.32%

While running a full system scan AVG found the following:
delf.ctx
bx18dvx.dat
generic10.rjf
vundo.n
downloader.zlob
sheur.aorj
agent.hwc
msprint.exe
(There may have been a few others as well.)

I removed them from my system, then ran CCleaner, but I think I may still have problems. The reason I say this is that I still have some odd things (rundll32.exe files located in temp folders) in my startup tasks that I can't stop from running on startup.

I have included my HJT logfile. Many thanks in advance for the help.
 

A:AVG found multiple malware items

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply with a new Hijackthis log.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

1 more replies
Answer Match 82.32%

I started getting an abundance of pop-ups with Internet Explorer which gets to the point of surfing the web impossible. Many web-sites are even redirected to advertisements and fake Virus Cleaners that ask for money. So far I have performed full scans with Spybot S&D and the free version of Adaware by Lavasoft. Both have detected multiple infected files which some are un-cleanable.

I am using Google Chrome Browser and all the pop -ups have stopped, but right now Internet Explorer is simply unusable. Below is my recent HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:05 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilitySer... Read more

A:IE Unusable and Multiple Malware Found

Checking if my topic was skipped. I believe I also have Virtumonde Malware and need some assistance removing it.
 

2 more replies
Answer Match 82.32%

Hello. I have an infected computer and need advice on how to get it running again. I am running Windows XP.

It started with pop up windows for advertisements for antispyware products Next icons for bdsm appeared on my desktop. I was advised by a friend to use Spybot so i dl it and ran the scanner. Its results turned up
1.virtumonde.sci
2.microsoft.winseccen_disabled
3.smitfraud-c.
4.virtumonde
5virtumonde.generic

Today is 48 hours after all that and the bdsm icons are back, as well as the5 listed items Spybot found a a sixth one
antispywarester which was opening an installer directly onto my desktop.

I use Mcafee for my antivirus and firewall. It has done me no good in clearing this up.

I am fairly computer literate, I just have no clue what to look for with malware.

A:multiple malware programs found

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

11 more replies
Answer Match 82.32%

Hi!
I've been having some major problems with my computer since last week. I've had a variety of issues and have been able to fix some of them, but new ones keep emerging... Over the past few days, I've scanned my drive multiple times with Malwarebytes, AdAware, McAfee Stinger, Hitman Pro, and the Windows malicious software removal tool. Each one of them found suspicious files and deleted them. Here are the symptoms I'm currently experiencing:

- About 10 min to an hour after I start my computer, I get a "Generic Host Process for Win32 services" error message
- The windows update website won't load. Yesterday I wasn't able to access any website related to malware, antiviruses, through Google but it seems like now I can. Also, my internet would stop working after a few hours, but this stopped happening too.
- When I restart my computer, the computer turns off and freezes on a blue screen that reads "c000021a system error"
- Sometimes, one of my svchost.exe uses a lot of UC, even when I'm not doing anything on the computer. THis is a new problem that started happening this morning

It all started last Friday when I was trying to fix her computer that has crashed. I did a few file transfers using a flash drive from her computer to mine, and she has a similar problem on her computer now. It started off with the "Generic Host Process" error message and with the internet related issues. Also, yesterday a fake antivirus ... Read more

A:Malware infection - unknown virus, multiple symptoms...

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please no... Read more

25 more replies
Answer Match 81.06%

First off, THANK YOU SOOO MUCH for taking your time to look at this and help me out.

On 09/22/10 , our computer around 6PM got a fake antivirus virus that popped up and installed automatically. I went and removed it off my computer. That one was called "Malware Doctor". Later, about 2 hours later, I got another one that popped up on my task bar called "Antivirus 2010". That one didnt install and I removed it. On 09/23/10 i started up our computer, and I got Antivirus 2010 again. I exited out of it, and removed it. Then I could not access the internet via Google Chrome, so i tried AOL. AOL worked, but it was freezing as always. I decided to restart my modem and my computer.

When I turned it on, It would go past the XP screen and continuously reboot. I then hit F8 many times, and got the menu(not sure what its called) and make it so it would not auto-reboot on system failure. I then got this error on a blue screen when i booted and had it set to not auto-reboot:

Stop: c000021a {Fatal System Error}
The Windows logon process system process terminated unexpectedly with a status o
f 0xc0000022 (0x00000000, 0x0000000)
The system has been shut down.

I do not have a XP installation disc, but I do have the windows recovery disc. In this thread I got help, and found that 3 files the virus was messing up.

These are the 3 files in the WINDOWS\SYSTEM32 folder that were messed up:

Winlogon
Userinit.exe
msgina.dll

I took... Read more

A:[SOLVED] Infected by multiple instances of malware/viruses -No desktop,start menu, or

Sorry for bump, but I have more info and I cannot edit the post.

I keep getting redirected when I am on any site, whether its yahoo, or even tech support forum. It keeps taking me to "google-analytics.com" and then a site that has a fake malware scanner, then it give me a javascript pop-up when i exit saying I am infected.

About every 5 or so pages I go onto it does this. I got a screeshot of it luckily, but not of the malware scanner thing, i closed that as soon as I could (not enought time to take a screenshot, save and take another).

Here is the screenshot.

19 more replies
Answer Match 80.64%

Hi,
My laptops performance has taken a bit hit due to multiple pop ups that run invisibly in the background. I use Avast Anti virus and it is continuously trying to block these ads. The infections details according to Avast are:
URL: http://reannewscomm.com/ads.php?sid=1803
Infection: URL:Mal
Process: C:\Windows\explorer.exe

No matter how many scans I run I can't seem to find the files and delete them. I only see the pop-ups when I got to shut down my computer.
Any help greatly appreciated!
 
**
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Sam (administrator) on SAMANDKAT-TOSH (13-02-2016 18:28:09)
Running from C:\Users\Sam\Downloads
Loaded Profiles: Sam (Available Profiles: Sam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
()... Read more

A:Infected with reannewscomm.com Malware - creates multiple invisible popups

Hello RiotAkt,
 
I'm Stan and I will be helping you for this problem.
 
First of all I want to clear some things about the malware removal process:
Do not run/install any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
Share with me any problems/changes you experience while working with the current system.
Please, do not use any quotes or code boxes when you post logs.
I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.
 
I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my an... Read more

5 more replies
Answer Match 80.64%

Hi

I opened some webages and the links had been replaced with usercash links and the other site keeps loading different sites/popups at the bottom bar and froze. So worried there is a virus I have run Malware, AVG and no problems detected.

Still doing it so I ran DDS.

Then GMER, but this crashes when it gets to :
\device\HardiskVolumeShadowCopy1

CAN ANYONE HELP?

Below are DDS data:



DDS Scan:

DDS (Ver_09-10-26.01) - NTFSx86
Run by udesmeister at 1500.52 on 21/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2045.937 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkSer... Read more

A:Links replaced and multiple popups loading malware/spyware?

Hi,

Please try running GMER in safe mode. make sure all your security programs are disabled.

If it still will not run, please run the following program instead:
Download RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)Primary Mirror
Secondary Mirror
Secondary Mirror

Rar Mirrors - Only if you know what a RAR is and can extract it.Primary Mirror
Secondary Mirror
Secondary Mirror
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

16 more replies
Answer Match 80.64%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:47:16 PM, on 9/6/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\OEM02Mon.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\DELL\MediaDirect\PCMService.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Digital Line Detect\DLG.ex... Read more

A:multiple malware found on Dell Inspiron 1420

Please help!!! I have tried uninstalling the malware but still am having troubles.. When searching with google it comes up with another search engine. And any search goes to a totally different website????
Thank you for any help or suggestions.

3 more replies
Answer Match 80.22%

Ok, I'm sort of getting the feeling that with every new Anti-Virus, Anti-spyware, Anti-Worm, etc program I download, I'm getting new problems. Argh!

So it started with my parents accidentally clicking on those of those IE pop-ups that pretend to be an actual warning of "spyware found" and then trying to (but unsuccessfully) install the *.exe file they try to get you to download.

When I did a scan on Avast, it finds some trojan in C:|WINDOWS labelled bdmanager.dll (Something with the word *lob* in it). I removed it, then two days later (3-4 reboots later -- without doing anything else on the PC), it came back as another filename, also in the WINDOWS folder.

Now that *lob* trojan doesn't show up anymore with Avast, but I never removed the second one. Makes me think that it didn't really get removed.

Now, using SpywareTerminator and ClamAV, it find a Hupigon-8496 trojan. First in:
c:\WINDOWS\hh.exe
Then after removal and reboot, it finds another one in:
c:\WINDOWS\system32\dllcache\hh.exe
Then after another removal, it finds another one in:
c:\WINDOWS\SoftwareDistributio\download\<abitrary string of numbers>\sp2gr\hh.exe

I don't think this one wants to go away, but i can't find the source.

Help! Here's my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:24 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running proce... Read more

More replies
Answer Match 80.22%

Ok im living a nightmare right now with this computer and I have no clue what happened. Im gonna try and make this short but A LOT has happened since last night. Some background:Bought this computer brand new from Staples (warranties have long since lapsed) in 07. Was one of the first with Vista. After my antivirus expired and I ran through a few free ones I just never got antivirus again. (I know, I know)...Ive been without antivirus software since 09 and my computers been ok. I download tons of stuff, play online games, spend plenty of time on the net and Ive never had a problem. Recently I just got a virus. My computer has been acting crazy slow and freezing and yesterday this new thing happened where everytime I would Google antivirus software, it would redirect me to another website to download some software. Im assuming this is the virus, and that this other website is bogus. I finally got avast downloaded on my computer and i did a boot scan (I had to reinstall avast about 3 times btw. It kept saying UNSECURED; avast has stopped) The scan found a ton of stuff with the same name in all types of different locations. The names were win32 patched and winamp--- (didnt catch the rest) now I selected the option to delete all, but when it finished the next morning and I was at the main page, it said this copy of windows is not genuine. I googled, it seems that avast is usually the root of this problem, so i uninstalled it and it went away.Now basically this is where I'm at... Read more

A:Multiple Viruses, Multiple Problems

star feeds mixer is the website it keeps directing me to by the way...

6 more replies
Answer Match 79.8%

My computer is running Windows XP. I previously had Symantec Antivirus and on Tuesday (July 20) when I went to use my computer I received the BLUE screen twice. I was just checking email and surfing the web. Later that night I was surfing the web again and all of the sudden my screen became bombarded with Symantec email proxy pop ups. They took over machine whenever I was connected to the Internet. I removed Symantec Antivirus and the pops up stopped. I installed the free version of AVG Anitvirus which completed a scan of my computer and found 6 infections. They are:

C:\WINDOWS\system32\mcvup.exe
C:\WINDOWS\p3dens.dll
C:\Documents and Settings\me\Local Settings\Temp\qodigx.exe
C:\Documents and Settings\me\Local Settings\Temp\bxwn.exe
C:\Documents and Settings\me\Local Settings\Temp\5F.tmp
C:\Documents and Settings\me\Local Settings\Temp\5D.tmp

They have all been moved the the "virus vault".

The next day AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006724.dll and moved it to the virus vault.

The day after that AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006725.exe and moved it to the virus vault.

Now when I do a google search and select a link I get redirected to somewhere else. I primarily use Chrome but I have Internet Explorer installed as well and have run into the same problem regardless of browser or search engine (I tried yahoo too and I get redirected.)

I d... Read more

More replies
Answer Match 74.34%

Hello to all, After noticing an inital slow-down in machine startup and shutdown, then re-directed web-pages in both I.E. and Firefox (to various useless ad sites and blank pages) I reasoned that my ESET Nod was no longer catching something going on. I quickly realized it was that horrilble Antivirus 2010 con-program that was in. My REGEDIT is locked about 50 % of the time, so is my Taskmanager, so are various other folders and files. I uninstalled NOD, put in Kaspersky and have spent the last 3 days running scan after scan with Malwarebytes, Spy-bot, Super-antivirus, Stopzilla, Panda-scan, Windows Defender, Malicious Software Removal Tool and all the best tricks I had up my sleave to remove them from the startup with services and msconfig. Despite all this, I keep booting slow and keep finding re-occurring infections via Kaspersky from Network Attack Intrusions to Trojan.Win32's, Trojan.Dropper.Win32's, PDM.Worm.P2P's, and Packed.Win32.Krap. Taking the advice of this forum, I'm putting out a call for help and am including the DDS and Attach.zip files along with the GMER output. I have COMBOFIX waiting on stand-by if need be but will of course wait for any instructions.I await in silent confusion.JaneCanada

A:Multiple malware or just multiple virii ?

No suggestions?Jane.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member... Read more

16 more replies
Answer Match 72.66%

I'm having difficulty figuring out this persistent malware. I think it's likely that there are multiple issues.

I'm running Windows Vista.

The malware started off with "google redirect" symptoms, and disabling my Symantec software

Shortly following, I could no longer access the web. However, the malware itself would create an internet explorer popup every 5-10 minutes (not my default browser) that would go to "search sites" (none that I recognized....) and search for lewd topics. Running the taskmanager would show multiple instances of iexplore.exe running on my machine (one for each popup). The popups would have to be eliminated one by one using the task manager.

Trying to run a system restore, I discovered all restore points had been deleted.

I installed AVG antivirus and got it to run once which seemed to help the problem. However, upon restart, all issues were back and I could no longer run avg. Windows defender constantly pops up that a new trojan is attacking my machine.

At this point, I unplugged my internet connection and started using another machine. I had left my problematic computer alone for about a month.

Upon turning it on last night, each time I logged on, it gave me a warning that "Windows had encountered a critical error and will restart in one minute" and would restart. I tried running cmd (in that one minute) to intercept it, but the task manager would freeze if I tried to run it from there and explorer wo... Read more

More replies
Answer Match 72.66%

Hi its been a long time since my computer has been slowing down. I didnt mind it at first but it has gotten into my nerves lately. earlier, only 2 folders were open, my pictures and a subfolder of it I recall but it has become really slow, as in super slow. it seems ok now but i encountered a new problem. it reboots in itself, it happened 3 times today. I also can't install yahoo messenger, tried it a couple of times but failed.

Recently, I just detected lots of viruses from removable disks. it changed the name of my flash disk to anti taga lipa are and added a virus called silentsoftech.exe, i also had a couple of trojans and also this brontok.n which is said to have prevented me from showing my hidden files and folders but fortunately, (I think) I have healed those viruses. and so as my antivirus says. by the way its kaspersky, I just changed from norton, it didn't even detected any of those viruses I have mentioned. i also have some problems with MS Word, when i open a document, only the application would open, I still need to click open and look for the document again. i think there are more problems, but these are the ones that I can remember. I'm still hoping that I could fix this without reformatting. Thanks

I ran hijackthis and got the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:59 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\... Read more

A:Multiple Viruses/ Removable Disk Viruses

bump!
 

2 more replies
Answer Match 71.82%

Multiple IE Processes launched by "User = NT AUTHORITY\SYSTEM" all while IE is not an open application, when IE is opened by me "User = BLACKBOX\Chris". The processes always run under the svchost.exe running the "DCOM" and "Terminal Services" Services and result in slow performance, pop ups & volume of sound card randomly set to zero (0). I have seen similar posts and have worked ahead with the following Bootkit Remover, DDS and GMER Rootkit Scanner actions executed and results supplied as requested. I will sit tight on any ComboFix.exe actions until I get direction..

BOOTKIT REMOVER Results -

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 454f8f8f464d74f8b4b6306cbff41597
\\.\K: -> \\.\PhysicalDrive2
MD5: 454f8f8f464d74f8b4b6306cbff41597
\\.\M: -> \\.\PhysicalDrive3
MD5: 454f8f8f464d74f8b4b6306cbff41597

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown boot code
465 GB \\.\PhysicalDrive2 Unknown boot code
465 GB \\.\PhysicalDrive3 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

---------------------------------------------------------------------------------------... Read more

A:Multiple IE Processes

8 more replies
Answer Match 71.82%

Hi, I'm new here.
I've recently upgraded my PC (first time) and put in a new power supply and a video card.
Now for the first few days it was working completely fine, but now it's starting to act up.
I'm not sure what the cause is, but there are multiple problems that I have.

First is, when I look at the processes for Task Manager, there are two instances of exact same process. Like I would have steam.exe and another steam.exe, or even more.

Second is, the games that worked smoothly before is being choppy, slow to load, and generally unplayable even when I lowered the video settings. (TF2, Oblivion, COD4, and some more).

I'm not sure whether damage to the video card, hdd, or any other component could have caused this, because I tried to move cables inside the case when the computer was on (but I didn't graze or touch the video card at all). Does anyone have a clue why my PC is going crazy?

Could it be malware/spyware/adware or trojan? I ran S&D and Adaware (free). I also did a system restore to a point where I wasn't having any problems and I installed the latest driver.

Thanks for reading this long post.
 

More replies
Answer Match 71.82%

I've been looking at some of the different processes currently running on my computer, and I recognize most of them. For those that I don't recognize, I usually Google them. Everything is fine, but I was just wondering if its normal to have multiple of the same process? For example, there are currently 5 SVCHOST.EXE's running, two in SYSTEM, two in NETWORK SERVICE, and one in LOCAL SERVICE.

Oh yeah, this is XP Pro. Thanks for any info!
 

A:Multiple Processes?

6 more replies
Answer Match 71.82%

At any given time, until I get rid of them I find 2-3 cmd.exe processes open each taking up around 33% of my processing power. This is a very new issue I'm having and I don't know what I could have done to make it occur. I'm posting a hijackthis log to see if any of the professionals here might see a bad process that might be spawning these cmd.exe processes.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:53:18 AM, on 8/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.21073)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\asus\ASUS Data Security Manager\ADSMSrv.exeC:\Program Files\ATKGFNEX\GFNEXSrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\taskswitch.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\Program Files\... Read more

A:cmd.exe multiple processes

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

8 more replies
Answer Match 71.82%

I was on Facebook last night when all of a sudden things slowed down. A window popped up saying that there was not enough virtual memory. I had 3 photo pages open, and was running the D&D app when this happened.

It wasn't like that earlier in the day, so it made me wonder. Although earlier in the day, I did download a file converter (I needed to change an m4a into an MP3, but I ended up getting rid of the program because it only converted a sample of the song), and I read through the reviews to be sure no one had said "OMGZ TERRBILE PROGRAM IT HAZ A TROJAN!!1!1!".

My brother was really concerned about this - he checked the user resources and found three IE processes running. I think he mentioned something about them either opening or closing at the same time? (He's not here to ask right now.) He re-started the computer, and things seemed okay. He ran Super Anti-Spyware (he found some tracking cookies), and he ran BitDefender (which didn't find anything).

He's talking about using the bookmarking system to go back a week, or just reformatting the computer altogether. I thought that I should check in here before any of that happened.

We don't actually have a proper anti-virus scanner - we DID have AVG 8, but my brother dumped it because it was eating up resources awhile ago.

We are operating on Windows XP with IE 7.

Any ideas?

Thanks in advance!!

[EDIT] - I got Task Manager open, and there are 2 (formerly 3) IE... Read more

A:Multiple IE processes?

explorer.exe is the Desktopiexplorer.exe is the browserThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be pat... Read more

14 more replies
Answer Match 71.82%

First off, I'm going to be honest, I've already asked for help on another forum BUT they found nothing and said my HJL was clean. The topic there should be closed. And I already posted this on the web browsing issues section because when the other forum said my computer was clean, I figured it had to be an error on my laptop, I got no replies so I've asked for that topic to be closed. As crazy as it might sound, I know that there's something affecting my computer. This is the jist of what I posted on the other section: "A few days ago I noticed that some of webpages weren't loading correctly. It was shortly after updating Java. Web pages that I visited like Yahoo, Adobe, and Facebook started to load plain text (no graphics of any sort). The Microsoft site wouldn't load at all until I read instructions somewhere on this forum about enabling secure sites. Most other sites loaded perfectly so I figured it had to be some sort of malware that was blocking me from certain sites. I ran a lot of scans using several anti-malware and anti-virus programs. I ended up finding about 3 trojans that were removed. That didn't solved my problem though. I got fed up and decided to reformat my computer hoping that whatever was wrong with it would get fixed, it didn't. Since I formatted my computer I tried updating Windows but I kept getting an error: "WindowsUpdate_8024402C". Wouldn't work in Normal mode even after I followed the instructions g... Read more

A:Found unknown hidden processes in my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

12 more replies
Answer Match 70.98%

So I opened task manager the other day and noticed that there was an ever-changing list of processes labeled: Flzvnbcuzs.exe *32 labeled as by Google Chrome. I figured the process name in and of itself was pretty suspicious so I checked the file location and it led to: C:\Users\Matthew\AppData\LocalLow\pybcbjl\hyfppxuol\Flzvnbcuzs.exe
and I looked around in these folders and all of them had random gibberish names. I troobleshooted for a bit around first by uninstalling google chrome and google drive and anything related to Google but the processes were still there. And someone said uninstalling uTorrent would do something, so I did, and the processes were no longer in task manager, so I proceeded to delete the file location of the processes (which it previously wouldn't have allowed me to do because the file was open and running). Upon doing so the processes immediately reappeared in task manager and the new file location became: C:\Users\Matthew\AppData\LocalLow\SKS\pybcbjl\hyfppxuol
So basically it just remanifested itself in another folder. I'm looking to get rid of this because it's been eating up my processor and slowing down my browser.
*I've run through all of my virus protection, Malwarebytes, Microsoft Security Essentials, and even CCleaner, nothing detected

A:Chrome.exe *32 Multiple Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

13 more replies
Answer Match 70.98%

It appears that we have been hacked and files have been deposited that do NOT get detected as malware.I'm running Trend Micro OfficeScan and everything comes up clean. I also scanned w/ Kaspersky and Symantec Endpoint Protection with "No Virus Found".A process NTVDM (virtual DOS machine) keeps taking over the CPU. I can kill the process, but it always returns. If I leave the system for more than a few hours, there are multiple instances of NTVDM running that have to be killed.The problem is on more than one system, one (1) running Windows Server 2003, sp2 and the others running Windows Server 2000, sp4. There is a process XXXXX.exe that I can only kill from Safe Mode, but it always comes back, with a new name. I found the file in the C:\WINNT\Temp folder. (see below HiJackThis log: G:\WINNT\Temp\QE7DD1.EXE, where G: is the system partition)I've also found a suspicious "2.exe" file in C:\WINNT folder that I can delete, but it also returns before long.I've searched and been unable to find any helpful info on this hack.Running HiJackThis on the W2k3 server gives this result:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:02:55 PM, on 3/10/2009Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:G:\WINDOWS\System32\smss.exeG:\WINDOWS\system32\winlogon.exeG:\WINDOWS\system32\services.exeG:\WINDOW... Read more

A:multiple NTVDM processes take CPU to 100%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 70.98%

I have 3 sometimes even 4 of the same processes running such as svchost.exe, iexplore.exe, ccsvchst.exe. They are eating up my memory and my computer is slow and crashes! I think its a virus or spyware.

I run windows xp, sp3. I have Norton 360 and no viruses are found.

The HJT file is attached.

Please help!!

A:Multiple Processes Running

Hi,Multiple instances of svchost.exe and iexplore.exe are totally normal. If you would only have 1 instance of svchost.exe running (for example), you would have a lot of problems as svchost manages many services which are required to run Windows properly.As for iexplore.exe, this is also normal. This was introduced since IE7. This is because of the IE Tabs feature and crash recovery.ccsvchst.exe is a part of your Norton. There's no malware present here, nothing strange/suspicious in your log. The "being slow" and crashes may be because of Norton, because Norton is known to cause this behavior on some systems. To troubleshoo, temporary uninstall Norton, then reboot and see if your Windows behaves better. You can always reinstall Norton again if that didn't solve the problem. If your Windows is behaving faster with Norton uninstalled, it's maybe time for another Antivirus alternative.Also see here for slow computers: Help! My computer is slow!

2 more replies
Answer Match 70.98%

I have a computer with Vista that was recently given to me by a friend. I do not use Internet Explorer whatsoever, but for some reason there are always 2 to 4 iexplore.exe processes running when I look at the task manager. All but one of these processes are always running under SYSTEM. When I try to open the folder containing the file on some of the process, nothing will happen whereas for others, the Program Files\Internet Explorer folder will be opened.

Now, here are the things I have already tried:

1. Full system scan with Ad-Aware
2. Full system scan with Avast
3. Ran ComboFix
4. Scanned with HJT, I can see nothing out of the ordinary in the log, which I will post soon.
5. Searched my computer for fake versions of iexplore.exe, I found nothing.

A:Multiple iexplore.exe processes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:34 AM, on 7/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Howard\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm C... Read more

1 more replies
Answer Match 70.98%

Hi
I have a question. Is it possible to limit to limit how many times a certain process can run at a time?

I work tech support for a company that uses Groupwise for email. If the clients have more than 1 process of IEXPLORE.EXE running(in the background)at the time they check their web based email then the computer freezes and they have to call us to kill the IE processes. If anyone knows how to do this(if it can be done) or direct me in the appropriate direction I would greatly appreciate it.
Thanks in advance
 

More replies
Answer Match 70.98%

I got multiple processes of svchost.exe running and chrome.exe running... This is taking up a lot of memory and I believe I can get my computer to go faster. I took these screenshots in Process Explorer.

Heres screenshots: svchost.exe: http://i679.photobucket.com/albums/vv159/ConnorSev/explorerzz2.jpg
chrome.exe http://i679.photobucket.com/albums/vv159/ConnorSev/explorerzz2.jpg

Any help is apprecited. I have Windows XP... Dell Computer that cost like $900 I got plenty of free space and ram etc.
 

A:Multiple Processes Running?

Having multiple svchost.exe processes in the Windows Task Manager is normal.

I don't use Google Chrome, so I don't know if multiple chrome.exe processes is normal. It would be if you have multiple tabs or webpages open at the same time.

--------------------------------------------------------------
 

1 more replies
Answer Match 70.98%

I am having an issue where the dllhost.exe *32 and explorer.exe are multiplying and continue to. MacAfee inti-virus doesnt detect it. Malwarebytes finds it and removes it but it just comes back again anyways. The memory steadily grows in size as well to the point where it crashes my computer. I need help! The pic is before it gets too bad. explorer gets to be like 4 gb of memory sometimes

More replies
Answer Match 70.98%

There are times when I open the task manager and I see six or eight, sometimes twelve or more instances of explorer.exe running and eating up resources. This can be when I have an explorer window open, or even if I'm just sitting at an empty desktop or doing nothing at all. There's always a "master" one that is eating up anywhere from 10 to 50MB of RAM or more (depending on if I have an explorer window open, whether or not I'm moving files around, etc.), then there are as many as a dozen or more little ones eating up anywhere from 1.5MB to 10MB or more (depending on I don't know what...)

Why is explorer launching multiple instances? Or, why are explorer processes not being killed off the way they should? How can I get this under control?

A:Multiple explorer processes.

Have you changed any Explorer shortcuts to open in certain places besides the default location?

9 more replies
Answer Match 70.98%

I recently reformatted my hard drive and now I'm having a problem with multiple iexplorer processes. Sometimes as many as 10 or more. I have read that it is a malware problem, but I don't know how to resolve it. Can you help?

A:Multiple iexplorer processes

Sounds a lot like browerhijacking, malware, etc. I have had similar problems. I can only suggest running Spy-bot Search and Destroy, Ad-Aware SE, and maybe a few other similar programs. You might also try going over to the security center on the forum, if those things don't work. You might want to get a hijack this log ready too, they may ask for one.

CMA

2 more replies
Answer Match 70.98%

Hello there

I'm currently having a problem in that multiple iexplore.exe keep running in the background without me loading them and a suspicious file called 0w1367q0.exe seems to be the problem. Please find my dds logs below:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Richard at 14:27:37.53 on 21/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1998 [GMT 0:00]
============== Running Processes ===============

C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\WINXP\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvi... Read more

A:Multiple iexplore.exe processes

HiPlease run the following:Scan With RootKitUnHookerPlease Download Rootkit Unhooker and save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers and StealthUncheck the rest. then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished and then click File > Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in your next reply.Note** you may get the following warning, just click OK and continue."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

25 more replies
Answer Match 70.98%

Need help. Most of my programs won't run. Multiple processes appear in my task manager. I tried to clean it with SUPERAntiSpyware but to no avail. It found 70+ spywares but the problem persists. SOS! thanks!

A:Multiple processes, programs won't run

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 70.98%

When the explorer.exe process is running it is causing multiple iexplore.exe processes to keep popping up eating up cpu time and memory space and slowing my computer down to a crawl. If I end the explorer.exe process iexplore.exe processes stop popping up. I am running Windows XP withe latest updates available before the support stopped and am concerned about the system crashing while trying to fix this since I cannot reload.
 

A:Multiple iexplore processes

Welcome aboard
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

31 more replies
Answer Match 70.98%

Hi,

I was just workin on my pc when suddenly it started going really slow, after checking task manger I saw there where 82 processes running, some where in there more then once ( scvhost.exe),

On the forums is showed that this is normal, and scvhost always has more then one process running.

There's definitely something wrong because my Process usage is Either running round 85% and staying there, OR dropping from 17 - 20 to 60 - 70, really weird

I restarted my PC in safe mode, and scanned which found 2 trojans, i deleted those succesfully but the problem is still there,

Here's a screen shot of my Taskmanager View photo | DumpYourPhoto - A free and easy photo hosting service

Ill post a Hijack log to i dont know if this would be usefull, but the more info the better look you guys can get i think ( dont know al that much about pc's), been looking around for 2 days, only found this problem solution for Windows XP,

Hijack:

Code:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:05:06, on 29/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Felix\AppData\Local\ATI Drivers\ATI_MainBoard.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\... Read more

A:Very slow pc, multiple processes

boot in safemode and run Malwarebytes or Spybot

9 more replies
Answer Match 70.98%

Was doing a cursory look at a friends PC and their machine had 3 iexplore.exe processes running. They use IE8 (I use Firefox so am not that familiar with IE8). Is this 'standard' procedure?They claim they have checked for viruses, etc and the PC is fine .... but it seems slow to them.They have many entries in their startup and this may affect boot time and maybe overall response - although the task manager/performance shows a constant 17% - 25% CPU usage .... they run MagicJack for telephone ... could that be 'bogging' the system down?

A:Multiple iexplore Processes

In IE...there is one process running at all times. For every window/tab a user opens...another process begins.

If I have 3 processes under Iexplore.exe, I should have two tabs/windows open.

If either of those reads iexplorer, rather than iexplore...I probably have malware.

I can't answer anything about MJ...but any program running is going to use up system resources. A look at Task Manager should give an indication if such use is excessive.

Louis

2 more replies
Answer Match 70.98%

I have used Google Chrome for almost 2 years without a problem. Now, in the last 2 months, Chrome has gotten woefully slow loading all web pages and crashes frequently. I have tried to uninstall/reinstall multiple times without improving anything. I have tried creating a new user profile multiple times without any improvement. The only clue I have found is multiple "Chrome.exe" processes running per Task Manager > Processes (Windows 7). I tried deleting all that seemed inactive, but, again no help. Help would be appreciated.

A:Multiple Chrome.exe processes

Having multiple Chrome processes is normal.

Do you have a website where Chrome repeatedly crashes? If so, then try a clean boot, then test that website.

9 more replies
Answer Match 70.98%

I am having problems with my computer for the past few months, it has been running a few extra FireFox processes, I uninstalled it and then it went on to use IE processes, all as soon as i turn on the computer.I got HijackThis and installed it here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:08:16 PM, on 3/13/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:K:\WINDOWS\System32\smss.exeK:\WINDOWS\system32\winlogon.exeK:\WINDOWS\system32\services.exeK:\WINDOWS\system32\lsass.exeK:\WINDOWS\system32\svchost.exeK:\WINDOWS\System32\svchost.exeK:\WINDOWS\system32\ZoneLabs\vsmon.exeK:\Program Files\AVG\AVG9\avgchsvx.exeK:\Program Files\AVG\AVG9\avgrsx.exeK:\Program Files\AVG\AVG9\avgcsrvx.exeK:\Program Files\CheckPoint\ZAForceField\IswSvc.exeK:\WINDOWS\system32\spoolsv.exeK:\Program Files\CheckPoint\ZAForceField\ForceField.exeK:\Program Files\AVG\AVG9\avgwdsvc.exeK:\Program Files\Java\jre6\bin\jqs.exeK:\Program Files\LogMeIn\x86\RaMaint.exeK:\Program Files\LogMeIn\x86\LogMeIn.exeK:\Program Files\AVG\AVG9\avgam.exeK:\Program Files\AVG\AVG9\... Read more

A:Multiple Firefox.exe processes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

2 more replies
Answer Match 70.98%

this is from my previous post. avg pops up and says it's win32/pepatch.ao. tried to remove it using malwarebytes and avg, but to no avail. here's the dds.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Vincent Lim at 5:20:23.44 on Fri 12/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.121 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system3... Read more

A:multiple processes, programs won't run

now my system files are infected with win32/pepatch.ao

need help ASAP!!

2 more replies
Answer Match 70.98%

i have a new dell pc with win7 64bit and am having very annoying problems with IE8. I have seen over 20 iexplore.exe processes running and it locks my pc up using all the memory. they dont close even after i close all tabs I have to go in task mgr and manually close the processes to get the pc going again. my pc has 64bit and 32bit IE8, do i need to get rid of one? use an older explorer? HELP!

A:Multiple iexplore.exe processes

Try running your virus scanner and malwarebytes Malwarebytes.org and do a full system scan with both.
It could be associated with a virus or trojan but take a look at this thread to see if it sounds similar to your problem.

http://www.sevenforums.com/network-s...lp-please.html

9 more replies