Tech Problem Aggregator

Slow computer + unknown processes + unknown extensions in chrome

Q: Slow computer + unknown processes + unknown extensions in chrome

My laptop is a HP Pavilion dm1, and has become extremely slow in the past few days. Also, there are some unknown processes shown in task manager, and some extensions in chrome that random pop-up tabs suggesting I may also like t read the following etc. This usually comes on Google results, YouTube, and other news articles.

I don't have access to the boot cd unfortunately.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by hp at 21:18:08 on 2014-03-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1641.256 [GMT 3.5:30]
.
AV: AVG Internet Security 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\PING.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:8080;https=127.0.0.1:8080
uProxyOverride = <local>
uWindows: Load = C:\Users\hp\LOCALS~1\Temp\cccihqex.com
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Object Browser: {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [VoipGain] "C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe" -nosplash -minimized
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
LSP: C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4749CBE8-2413-4C3C-9477-526EDB9FF11F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4749CBE8-2413-4C3C-9477-526EDB9FF11F}\37162716E6 : DHCPNameServer = 5.201.138.5 4.2.2.4
TCP: Interfaces\{4749CBE8-2413-4C3C-9477-526EDB9FF11F}\7594D41485 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4749CBE8-2413-4C3C-9477-526EDB9FF11F}\96140707C6563456E6475627 : DHCPNameServer = 5.201.138.5 4.2.2.4
TCP: Interfaces\{A7C76418-8E2A-407C-906D-3F888C9C77D1} : NameServer = 10.3.192.154 10.3.192.155
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Object Browser: {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\waiv2oaq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\System32\Macromed\AUTHORWA\np32asw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-7-12 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-7-12 42664]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-12 20024]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-21 175480]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-7-12 228008]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-7-12 165688]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-8-27 86016]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-7-12 243712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-12 838216]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-8-27 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-8-27 256000]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-12-24 20480]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-5 59392]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-03-11 14:12:29 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0804C4A2-6C52-432A-9762-DE9543B52FB0}\mpengine.dll
2014-03-04 11:29:54 -------- d-----w- C:\Users\hp\AppData\Local\Skype
2014-03-03 14:58:15 -------- d-----w- C:\a3eb616d61af81d579312207
2014-03-01 08:32:39 -------- d-----w- C:\Windows\Migration
2014-02-21 13:20:34 175480 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-02-16 13:07:00 -------- d-----w- C:\dc577246e848f32d7a0d69d43e
2014-02-16 12:54:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-16 12:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-15 14:25:12 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-15 14:25:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-15 14:25:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-15 14:25:11 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-15 14:23:10 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-15 14:23:10 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-15 14:23:09 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-15 14:23:09 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-15 14:11:43 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-15 14:11:43 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 1147 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-26 09:32:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-26 09:32:48 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 02:43:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-07 12:22:00 50330 ----a-w- C:\Program Files (x86)\AntiDust.exe
.
============= FINISH: 21:20:30.53 ===============

A: Slow computer + unknown processes + unknown extensions in chrome

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Object Browser<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Object Browser

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks: Please download CKScanner? by askey127 and save to your desktop.
Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

12 more replies
Answer Match 101.64%

433HZ P3 + half a gig of memory.This computer is thrashing, I have reallocated the page memory space, and it is still displaying signs of lagg, and it's taking forever for anything to get done.I have Norton on this computer and Windows XP Pro.I have attached a report from HijackthisPlease help.

A:Help! Computer HD is Thrashing & Very Slow, no unknown processes running.

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Answer Match 91.98%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:52 AM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: (no name) - @#? - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: getsn32.msiesn - {2D9F1530-0B38-4DCB-A90A-CECD559F3514} - C:\WINDOWS\system32\getsn32.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (f... Read more

A:Slow unknown processes

Please follow the instructs from this webpage (sticky):

http://www.techsupportforum.com/secu...oval-help.html

You shall have a proper set of logs for us after that. Someone shall be along shortly

* Kindly note that threads without the proper logs is likely be ignored.

2 more replies
Answer Match 90.72%

Hi....first time poster here...lately I have been experiencing a slow noticeably slower boot. I have had a look at all the processes that are running and I am not sure if some of them belong there or not. Can you please take a look and let me know what else I can do to clean the junk from my machine. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 7:48:04 AM, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PRO... Read more

A:Slow boot and unknown processes

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

1 more replies
Answer Match 90.3%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Sempron(tm) Processor 3000+, x86 Family 15 Model 44 Stepping 2
Processor Count: 1
RAM: 1983 Mb
Graphics Card: VIA/S3G UniChrome Pro IGP, 64 Mb
Hard Drives: C: Total - 71523 MB, Free - 40084 MB;
Motherboard: LENOVO, K8M800-M3, ,
Antivirus: None

I have Norton Antivirus installed, which challenged the above TSG SysInfo download, but I downloaded this utility anyway. Also, in addition to the above problems, my Task Manager often shows 100% CPU usage, which causes my computer to freeze and hang often. I have run Windows Malicious Software Removal Tool, ran Window Defender full scans, ran my default Norton Antivirus full scan. My My Computer program shows many red circles with white crosses and yellow triangles with black exclamation points enclosed.

I think my computer is loaded down with a lot of unnecessary junk, infected junk, and I do not know what a lot of that junk is, since the short-hand codes are not very descriptive. I need to know what processes are safe and necessary and what ones I can uninstall without harming other processes.

Thank you for your time and help. I sure do need it. S-Pie
 

A:Too many unknown processes, too slow start up, too slow shut down, hangs and freezes

7 more replies
Answer Match 87.78%

Hi,

Recently my Desktop takes forever to load up after reboot and i have noticed a few 'Unknown Processes' running in my task Manager which are taking up a lot of CPU memory.

I have googled one the of processes named 'eamservice.exe' which belongs to the directory: C:\WINDOWS\system32\drivers\imonagent\eamservice.exe.

I have attempted to delete this directory however it does not let me.

I have also noticed that any browser i use such as IE and Firefox will sometimes close down by itself while surfing the net.

Any help in solving these issues would be much appreciated.

Im running Windows XP service pack 3.

Thanks

More replies
Answer Match 86.1%

My computer has run into trouble because there are many processes, Known and Unknown, running that quickly reopens when ended and is eating up my CPU. I had them for awhile now because I have no idea to get rid of them. There are also several invisible Internet Explorers running that aren't on screen. Another problem is that Windows Explorer would stop responding and reset constantly. Another problem is that downloads from any browser wouldn't download and wouldn't pop up. Also did I mention is extremely slow? All of this put together makes the computer almost inoperable and unwanted.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by 1 at 12:07:30 on 2015-01-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3807 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.ex... Read more

A:Computer gets multiple of problems because unknown processes

Hello Tr1pkt12,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions. 1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked to cl... Read more

3 more replies
Answer Match 86.1%

ok so im trying to clean up my computer abit and iv noticed that theres 90 processes running when in fact to my knowledge theres nothing running bar the norms eg avg, firefox and so forth.

Are these removable, should there be there at all, should i intend to remove them.

help would greatly be appreciated thanks

A:Computer running alot of unknown processes

and the 3rd page of processes

10 more replies
Answer Match 86.1%

First off, I'm going to be honest, I've already asked for help on another forum BUT they found nothing and said my HJL was clean. The topic there should be closed. And I already posted this on the web browsing issues section because when the other forum said my computer was clean, I figured it had to be an error on my laptop, I got no replies so I've asked for that topic to be closed. As crazy as it might sound, I know that there's something affecting my computer. This is the jist of what I posted on the other section: "A few days ago I noticed that some of webpages weren't loading correctly. It was shortly after updating Java. Web pages that I visited like Yahoo, Adobe, and Facebook started to load plain text (no graphics of any sort). The Microsoft site wouldn't load at all until I read instructions somewhere on this forum about enabling secure sites. Most other sites loaded perfectly so I figured it had to be some sort of malware that was blocking me from certain sites. I ran a lot of scans using several anti-malware and anti-virus programs. I ended up finding about 3 trojans that were removed. That didn't solved my problem though. I got fed up and decided to reformat my computer hoping that whatever was wrong with it would get fixed, it didn't. Since I formatted my computer I tried updating Windows but I kept getting an error: "WindowsUpdate_8024402C". Wouldn't work in Normal mode even after I followed the instructions g... Read more

A:Found unknown hidden processes in my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

12 more replies
Answer Match 81.06%

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Sha... Read more

A:Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it
 

3 more replies
Answer Match 80.22%

Hello everyone, new here so bear with me please.
Can't find anything anywhere on file extension ### or folder extension .#
can anyone help?

.### files ARE IN .# folder AND HIDDEN IN:
C:\Users\(user name)\AppData\Roaming\.#\[email protected]*@*.###

THX

A:Hidden files, unknown extensions .###

These are actually not unknown. MBX is a file type which is short for Mailbox. Reading that type as this: MailBoXThis information can be found in the help sections of Microsoft Outlook and Microsoft Outlook Express.

1 more replies
Answer Match 77.7%

My firefox browser has somehow been infected with an obvious Malware of sort. Pages are taking 4x as long to load. In the status bar I can see that information is being directed to various unknown extensions that have nothing to do with the pages I am accessing (ie cars4all.biz) when I go to yahoo. I have ran McAfee and Malwarebyte's Ant-Malware and still have not been able to resolve this problem. I have ran Firefox and IE side-by-side and the problem seems to be limited to just firefox. I am running IE8 and Firefox 3.5.3. Any help to get rid of this are greatly appreciated.

A:Firefox browser infected, being directed to unknown extensions (cars4all.biz etc)

Welcome to BCUpdate mbam and run a FULL scanPlease post the results--------------------------------------Then runATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFIN... Read more

10 more replies
Answer Match 76.44%

Hi,So over the past month I've been having trouble with my computer being annoyingly slow in a way that makes doing work on it sometimes infuriating and watching videos straight-through impossible. When I watch a video online (for example, on hulu) usually the first few minutes are fine, and then it starts to lag a little bit or be jerky, and if I check the task manager, the CPU is shooting up to 100% very often. But this isn't particular to flash videos; I've had this happen when listening to iTunes and working in microsoft word, when I'm just surfing the web, etc, and every time, the CPU is shooting up to 100%, but it's never any one particular process that is always doing this -- it could be Chrome, or iTunes, or Word. My computer is an older laptop (Acer Travelmate 2420) but it didn't start acting this way until about a month ago, and so when it first started I actually did a repair reinstall of windows xp and that actually fixed one problem I had been having (when I used to start up, it would hang with just desktop wallpaper and no icons for a good two minutes without doing anything, before loading the rest of the desktop and explorer). I'm posting my HijackThis log below. I don't think this is a driver problem because my device manager shows no conflicts and I've tried updating my drivers, but I honestly have no idea how to fix this. I have 2 GB of RAM (as far as I can update this laptop), a new hard drive, and a 1.5 GHz processor (si... Read more

A:Slow computer, unknown problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Answer Match 76.44%

So I am on my cousins computer and it's horrible! All the games he downloads and programs he downloads to "hack" those games and what not. So I ran hijackthis to post a log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:34 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\... Read more

A:Unknown Infection - Very Very Slow Computer

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until... Read more

2 more replies
Answer Match 76.44%

Here are the results from my hijack this lon for my computer.

We have run all kinds of diffenrt registery scanners, Trend Source house call, AVG, Each one finds something wrong. But still does not solve the non_responsiveness, or the longness taken to open programs ETC.

Thanks a lot Hijackthis log below.
Vera
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:34:32 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program ... Read more

A:Computer slow.Unknown process going on

6 more replies
Answer Match 76.44%

Hi there,
Lately my computer has been super slow so i have run avast, avg and my current ESET secuirty (one by one so they dont interfere with each other and then after emptying the quarentine, i have uninstalled all except ESET). They all picked up remnants of some kind of trojan which has been deleted but i dont think it is completely gone as my computer is super slow.
I did a combofix and here is the log for it:
ComboFix 09-11-05.05 - BHUDIA 06/11/2009 11:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.310 [GMT 0:00]
Running from: c:\documents and settings\BHUDIA\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\BHUDIA\Application Data\wiaserva.log
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-05 17:49 . 2009-11-05 17:49 -------- d-----w- c:\documents and settings\BHUDIA\Application Data\DivX
2009-11-02 00:13 . 2009-11-02 00:13 -------- d-----w- c:\program files\AVG
2009-11... Read more

More replies
Answer Match 76.44%

Hi
2 days ago my computer became frustratingly slow. I believe it happened after I ran combofix.exe. I have use it many times and found it very useful without problems, I can show you the log if it is necessary.
So far I have:
Used Crap Cleaner, the reg cleanup tool
Gone into safe mode and did a full AVG scan. which came out with a Trojan downloader, from Limewire and a crack for a game. Both were cleaned up.
Problems I have encountered:
Computer has become extremely slow, Windows loading is actually taking longer.
The tray takes around 10 times longer to load.
Many programs become unresponsive and slow when I switch between them, or exit a program, or startup a new one
-none of these things have happened before 2 days ago
*I just thought I'd note, I play online games and opening them and getting into them is much slower but once I'm in them everything is fine
DDS log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Hayden at 23:27:45.34 on Fri 07/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2630 [GMT 10:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost... Read more

A:Slow Computer, Problem Unknown

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

6 more replies
Answer Match 76.44%

This is not my computer, rather I am trying to get my family's computer running better. It is extremely slow but I do not use it often (or at all) and so I don't know much more about the specifics. My family simply tells me it is slow and that they never saw any specific errors. The only thing that I noticed was that Ad-Aware was not able to update and I'm guessing that has some connection to whatever is bogging down this computer. Thank you for taking the time to look at this for me! Deckard's System Scanner v20071014.68Run by Nicole on 2008-05-07 13:22:17Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --57: 2008-05-07 17:22:24 UTC - RP398 - Deckard's System Scanner Restore Point56: 2008-05-06 20:17:08 UTC - RP397 - System Checkpoint55: 2008-05-05 19:52:42 UTC - RP396 - System Checkpoint54: 2008-05-04 00:53:39 UTC - RP395 - System Checkpoint53: 2008-05-03 00:14:53 UTC - RP394 - System Checkpoint-- First Restore Point -- 1: 2008-02-07 20:45:52 UTC - RP342 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-07 13:24:45Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet E... Read more

A:Unknown Infection - Slow Computer

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

33 more replies
Answer Match 76.44%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:53:08 PM, on 6/11/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Windows\System32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\RocketDock\RocketDock.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Blackmarket\Danny\Danny\Documents\protection\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\... Read more

A:Slow Computer For An Unknown Reason

Hi fireinthehole,I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your replyOnce complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.

3 more replies
Answer Match 76.02%

My friend's computer has several unknown processes running in the background, which severely slow down everything else. Her entire audio capabilities have been lost as well. I've already installed Spybot Search and Destroy and given a complete up-to-date sweep, but it wasn't enough and her computer is still very sluggish. Any help is greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 8:19:23 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C... Read more

A:Serious lag, unknown processes

Hi outcastillusion and welcome to the TSF Security Forum.

You mentioned unknown processes running ? do you know what they were? I don?t see any evidence of any bad processes in your log.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.


Disable Webroot SpySweeper
Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:Go to the Options > Program Options
Uncheck Load at Windows Startup
Click Shields & uncheck all items there
Uncheck Home page shield.
Automatically restore default without notification
Exit the program.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep ... Read more

4 more replies
Answer Match 76.02%

Hello there,

I just downloaded the hijackthis program, and I found a few things I fixed... so far everything seems to be working nice

However, there were 4 unknown processes shown in my log and I wondered if someone could tell me what they are and if I need to do anything about it... I could not find info in Google as well... and I don't know too much about the computers so please be patient with me - and thanks for your help.

Anyway, here it is (system is Windows 2000 NT)

C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe... Read more

More replies
Answer Match 76.02%

Hi All

Back again after a 6 month break. Collage, new baby and busy busy busy. In helping someone else I decided to check my own PC for security.

FOUND these 3 Processes Running. I have no idea what they are............BUt web says "Bad News"

NB. ALL entries dissapeared when I re ran HJT an hour later???

Anyone advise if these are bad and if I need to submit full HJT Log (I know you are pretty busy) Fame has its downside!!!

c:\2468678a971131d282dc413321\mrtstub.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe....TWO SEPERATE ENTRIES not a typo

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Thanks

Stuart

A:Unknown Processes

Woops..........

C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

NOT Winlogon...........

AND c:\2468678a971131d282dc413321\mrtstub.exe is reported AS CRITICAL on some sites but found many others saying it is a perfectly safe Windows application!!!!

Confused of Finland

7 more replies
Answer Match 76.02%

Hi there. Just very recently Im have problems with my internet browser randomly freezing then unfreezing. When the browser unfreezes I get an alert saying a plugin has crashed. Also when I look at my processes thru task manager I have 2 image names that have no user name, descrition or any information about them, which I thought was odd. Anyway any help in this area would be much appreciated!

A:Unknown processes

What were the name of the processes?

51 more replies
Answer Match 76.02%

I have HyrdaDM.exe running in my processes ~ I can't find it when I do search, I looked in the Computer Management/Services and didn't see it ~ I ran SpyBot and I am running AVG virus scan ~ I would like to know what it is and what it is doing. I checked Bklviper.com about various services but that web site didnt' have anything either. I did an Internet search for it as well, and nothing ~
Does anyone know anything about HydraDM.exe???

Thanks,
Cathy
 

A:Unknown Processes

8 more replies
Answer Match 75.6%

I have had the problem computer for about 3 years. It has gotten progressively worse over the last year or so. Now it normally takes 5 minutes or more for it to start-up or shut down and another 5 minutes to open any programs, browsers, etc. I don't get any particular error message just very, very slow computing. After running the GMER program over night, it never finished the scan. I have attached the log that it created.DDS (Ver_10-03-17.01) - NTFSx86 Run by Jillian at 18:08:01.44 on Tue 08/17/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_03Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1013.135 [GMT -4:00]AV: avast! antivirus 4.8.1368 [VPS 100325-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: avast! antivirus 4.8.1368 [VPS 100325-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:�... Read more

A:Unknown infection, computer super slow

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

12 more replies
Answer Match 75.6%

Yes hello. I have Windows XP, and for some reason my computer's been awful slow lately. I don't believe I have a virus, so I don't know what's up. I even recently freed up some hard drive room, and I have 19.6 GB free and 17.5 used. Anything I can do to help make my computer run better and faster, or find the cause of the problem? Thanks in advance!

Dave
 

A:Slow computer for seemingly unknown reason

16 more replies
Answer Match 75.6%

Hello everyone,Today my brother was complaining that his computer was slow so I tried as best as I could to help but unfortunately I'm not savvy enough to fix it all by myself. An abundance of popups is still occurring and the computer freezes while doing anything unless in safe mode. Here is the HJT log. Thanks much!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:37:34 PM, on 2/13/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Application Data\U3\00001564CB628D4B\LaunchPad.exeC:\WINDOWS\system32\ctfmon.exeI:\Documents\Downloads\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: &Yaho... Read more

A:Unknown Virus, popups and slow computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

21 more replies
Answer Match 75.18%

They are looking very suspicious. Help please?

2phighin.exe*32 and 2pbrmon.exe*32

A:Two unknown processes running

For info purposes only, http://systemexplorer.net/file-database/file/2phighin-exe AND http://greatis.com/blog/adware/2pbrmon-exe.htm .

I am moving this topic to the Am I Infected forum.

Louis

2 more replies
Answer Match 75.18%

Hello. My (tempoary) computer has been generally slow recently, which sometimes results in it telling me that I don't have permission to shut it down, and I've got some funny processes running. I did both Spybot and Ad-Aware which removed various other things except these processes. The most notable were icrss.exe, winmgt.exe, efes.exe (which now creates an illegal operation at startup- so ceases instantly) and pcdost.exe - I've certainly never seen them before. I'm in the process of the other downloads and programs stated on the topic - but this computer is only 128MB RAM so I had to post before it crashed again.I'm new to Hijackthis so apologies if I've done something wrong.Logfile of HijackThis v1.99.1Scan saved at 18:31:01, on 09/01/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\system32\svchost.exeD:\WINNT\system32\spoolsv.exeD:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeD:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeD:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeD:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeD:\WINNT\system32\svchost.exeD:\WINNT\system\icrss.exeD:\WINNT\system32\... Read more

A:Icrss.exe And Other Unknown Processes

Hi marbles333One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and Download and Execute filesI would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.Should you have any questions, please feel free to ask.Please let us know what you have decided to do in your next post

16 more replies
Answer Match 75.18%

I don't know what really causes this. While i was in game it severally turned on desktop. When I check the process' I saw an IEXPLORE.EXE but actually no ie window was open. Any help is greatly appreciated!
DDS (Ver_09-01-07.01) - NTFSx86
Run by clt at 21:04:26,67 on 14.01.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.2047.1537 [GMT 2:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSa... Read more

A:many unknown processes maybe keyloggers

ok we've got some progress. The file causing this is system.exe . Spybot give alert for Hellz Little Spy. Also my HOSTS file have been changed and there are many host adress' and all are on loopback ip which is 127.0.0.1. Ad-aware and many other antivirus programs detect the files, deletes them but after restart they all come again. I tried to shut down the system restore because it could be the reason for this. Nevertheless I wasn't able to turn it off. Shutting down the system restore is not possible. And may be this is the cause why they all spawn again! Anh help is GREATLY appreciated. Forgive my bad English, hope you all understand the situtation.

3 more replies
Answer Match 75.18%

Hi,

I've recently had to reformat my computer due to trojan horses killing my registry files among others (W32.sillyFDC which supposedly spreads via removable media). After reformatting, i plugged in my external HDD to retrieve my copied files and a virus alert popped up regarding W32.sillyFDC. I'm not sure if the virus has spread back into my computer but i've just noticed some odd processes in task manager.

First of all, ncdrive32.exe is found in the Processes tab of task manager. I previously deleted this from the registry but whenever i reboot, it keeps coming back. I go to task manager and it's there and if i don't click "end process", i can't access the net.

In the Applications tab, when i first reboot and load task manager, a program called "gdf" is always running and i have no idea what it is.

I am hoping that someone can help me analyse the HJT log and get rid off any spyware or malicious programs. Please help!

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:07 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv... Read more

More replies
Answer Match 75.18%

Hello Everybody:

For some unknown reason, my computer is running so slow so about a week ago, I decided to install more memory to it. Currently, my pc as 1.5G ddr memory but still some programs are taking a while to load up. I?m not sure why this is happening and I?d really appreciate all your help. Here?s my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:32:53 PM, on 5/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\protection.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\devldr32.exe
C:\Pr... Read more

A:Unknown processes - protection.exe (From HJT Help)

Please help!!! I've looked everywhere for this Protection.exe and I haven't been able to find a clear answer. Could you please help me out to find out why my PC is working so slow? Thank you so much guys!

19 more replies
Answer Match 75.18%

Sorry! I meant to post this under the HJT log section, can someone please move it for me or something? I couldn't find a 'delete thread' key...

Hi,

I've recently had to reformat my computer due to trojan horses killing my registry files among others (W32.sillyFDC which supposedly spreads via removable media). After reformatting, i plugged in my external HDD to retrieve my copied files and a virus alert popped up regarding W32.sillyFDC. I'm not sure if the virus has spread back into my computer but i've just noticed some odd processes in task manager.

First of all, ncdrive32.exe is found in the Processes tab of task manager. I previously deleted this from the registry but whenever i reboot, it keeps coming back. I go to task manager and it's there and if i don't click "end process", i can't access the net.

In the Applications tab, when i first reboot and load task manager, a program called "gdf" is always running and i have no idea what it is.

I am hoping that someone can help me analyse the HJT log and get rid off any spyware or malicious programs. Please help!

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:07 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system3... Read more

A:Unknown processes running - HJT log

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 75.18%

My task manager shows two running processes that, to my knowledge, i never use: QBDAgent.exe and mrtmngr.exe. I believe that QDBAgent has something to do with quick books and i'm not quite sure what the other does. I'm pretty sure that they aren't spyware, but even in that case, i don't want to have them running if they don't need to be. I know i wasn't having problems before they appeared and i'm not really having problems now, but can someone please tell me how i can keep them from showing up? Thanks.
 

A:unknown running processes

7 more replies
Answer Match 75.18%

Hey guys

When I go into windows task manager these things come up : rld2B7E.tmp. They come around 4 at a time. They all start with rld2, then the next 3 letters or numbers are quite random (rld2***.tmp, they all end in tmp). They all each share out to take up 100% of the cpu. Every time I go to end task they disappear and then new ones come up. They come up for about 20-30 seconds then stop for about 10 and start again. Anyone know what this problem is? (Hopefully it is not a virus)

Thanks in advance :).

A:Unknown .tmp processes coming up

Hello MattyDNZ

Well, I`m sorry but I think that it is some sort of malware. You will have to visit our Virus Removal Forum.

First run CCleaner and clean out all temp files ( since these processes are .tmp)

If the problem persists after that
Please read ?Virus/Trojan/Spyware Removal Help ? and follow the instructions very carefully; then, post all the requested logs and information in the Virus Help Forum
If you cannot complete any step, just miss it out and do what you can, but be sure to include this information in your post.
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

.

1 more replies
Answer Match 75.18%

Hiya,
I have two processes listed that I cannot identify. One is UZA331.EXE and the other is Mia.exe. Has anyone ever come across either of these files?
Cheers.
 

A:Unknown Processes - Any Help Appreciated

16 more replies
Answer Match 75.18%

I'm running my computer, a Windows XP, and currently, there are 96 processes running. From what I've read, this is far too many processes, and, I fear that some of them may be of malicious descent. Is there anything I can do to verify the validity of a process?

Sorry, I forgot to include the Hijack This scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:33 AM, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft\Search Enhancement ... Read more

More replies
Answer Match 75.18%

CMD.EXE
NET.EXE
CRSCS.EXE

they keep opening on my pc and it takes me a few tries to shut them down
hows this for weird.

i had the codes removed from my phone lines ( i'm on ADSL2+) and had my internet reconnected AND formatted my computer and entirely installed a fresh copy of windows xp.. and STILL they come back..
so i've got a new internet connection and a new install of windows and it's still there..

the only weird thing i've noticed is sometimes i'll go to a site from google and it'll automatically redirect to some ****ty "buy something" site.. otherwise everything is really normal.

It sounds to me like my internet company are doing something shifty.. they are the only ones by process of elimination that could do this.

also when i search for these programs none of them exist on my computer, or at least they can't be found. and yeah before u asked i've enabled hidden files and folders.

i'm at a loss as to how to get these processes to stop running...

help mehhhhhhhh
 

A:UNKNOWN PROCESSES help pleaseee

16 more replies
Answer Match 75.18%

I've been a having a couple of recurring problems with my laptop. Sometimes, CPU is at 100% for a long time and only resolves when I have managed to get to the task manager screen showing "processes from all users" and try to open the file location of the culprits. The entries are always blank in the User Name column and when I right-click and select Open File Location, no folder opens but instead the no-User Name entries disappear (and CPU problem disappears for time being.) Last time, the image name I caught was setup.exe

At other times, when playing audio or video media through browser or standalone players alike, the sound will slow to a ghastly slow pace and computer will not respond without hard reboot.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mariusz at 22:38:53 on 2011-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.1916 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Lavasoft Ad-Watch Li... Read more

A:CPU gets bogged down with unknown processes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420228 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

18 more replies
Answer Match 74.76%

Hello my name is Kandy. I am having alot of trouble with my laptop. I believe it has a virus. It redirects when I go to google and the computer overall performance (even off line) is very very slow. It will not let me run Malwarebytes, it says that it has to locate the file. Please help.

A:Unknown infection, redirecting google, whole computer is very slow

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

2 more replies
Answer Match 74.76%

A few days ago I got a warning that there were 4 trojans on my computer from my av software. I removed them as recommended by the software and now have svchost.exe using over 50% of my resources at all times. I have had complete crashes, unable to reboot, and other slowdowns since this happened. Please let me know what other information is needed. Thanks.

When I ran RootRepeal I got this message at the end
"Could not read system registry please contact the author"
DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas at 22:11:44.34 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2292 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\b... Read more

A:Unknown Trojan Removed and Computer extremely slow now

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

23 more replies
Answer Match 74.76%

Hello, I've ran a few searches for the problem I'm having and I found 1 or 2 threads with similar problems, but weren't resolved and were from 2010. So I figured I'd try starting a new thread!

I have never, ever encountered any problems with my pc being slow or even showing signs of slowing down for the few years I've had it, but I turn it off 1 night... turn it back on the next evening, and it took about 30 minutes for it to get past the "starting windows" screen. Even when it finally got passed, it ran so slow loading each desktop icon 1 at a time, 1 every 30 seconds or so. Once everything is loaded, it still sits with the HDD light on but making no noise, and every few minutes you hear it working, then back to silence with the light still on.

I thought maybe it was my hard drive going bad all of a sudden, but after turning it off for a few days letting it sit, I'm now on it writing this after waiting for it to load for about an hour. The mouse pointer never jitters or stalls, it works fine, but windows I have open for a folder or anything will keep freezing for a few minutes and such. I managed to run defrag, and update/scan viruses with norton and both finished fine with no problems.

One scan that had an error, the only 1 to have an error of everything I tried was the SMART scan on the hard drive. But the other hard drive scans worked fine. Its much better as I'm sitting here writing this, but then again I havent tried runni... Read more

A:Computer suddenly very slow for unknown reason, first problem ever.

If SMART tells you that there is a hard drive problem, better backup everything FAST. Because SMART warnings are usually late - your next boot up may very well fail.
 

1 more replies
Answer Match 74.76%

Well, Im out of ideas, so I thought I'd try a hijackthis log to see if anyone out there could give me a definite answer. My computer has been running really really slow, and I've tried everything from Malwarebytes to almost clearing off my HD. Im desperate, although I dont think it;s a virus, My father insists that it is, so for the heck of it, I thought I would try this as a last-ditch.Here is my Hijackthis: tell me if you need more!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:59:09 PM, on 8/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Microsoft Security Essentials\MsMpEng.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\UAService7.exeD:\WINDOWS\system32\atwtusb.exeD:\WINDOWS\system32\ZuneBusEnum.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Exp... Read more

A:Unknown problem; Slow computer, no detections, no idea

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 74.76%

To whom it may concern,

I would like to thank you in advance for any advice/help you can provide. I have had my computer for a couple years and have never had any issues with it until now. Starting about a week ago, I noticed that my computer is taking extremely long when booting and starting windows. Also, immediately after starting windows an internet explorer browser window pops up and freezes/fails to load. Upon opening up internet explorer browser, after closing the pop-up window, I am immediately redirected to "www.sh.com"...I have checked my internet options and have verified that my original homepage settings are still valid. This "phantom" homepage only appears when opening internet explorer the first time, my correct homepage is then restored...until my computer is restarted (then the problem starts over again). I'm not sure if the slow startup and phantom homepage are indicative of a botnet or some other problem, but my friend said that it may be. Thanks again for your help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Just2Sweet at 10:37:46 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1818 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP:... Read more

A:Unknown homepages appear in browser & computer slow on startup

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Answer Match 74.76%

Normally I'm able to clean most inections but this one has me worried. My google toolbar search seems to have stopped working. When I try to search from the toolbar I only see the text _jJ5H-Ky in IE. After a reboot, some odd virus scanner showed up indicating I had viruses and something was trying to send my credit card info over the internet... I did a system restore to about 2 days ago but IE still doesn't seem to work properly. I start it up and my home page never comes up. after killing it a few times it will finally come up. Also, Spybot resident app shows a lot of attempted changes and they keep poping up even though I say to deny the change. I have run the DDS app and pasted the log here, but I was unable to run rootrepeal as it just sits there initializing...

Thanks,

John

DDS Log
DDS (Ver_09-10-13.01) - NTFSx86
Run by John at 16:31:29.64 on Sun 10/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.198 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C... Read more

A:Slow computer, unknown virus scanner popped up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 74.76%

My laptop has been running extremely slow the past few days, and I've using a few scanners (Windows Defender, Windows Malicious Software Removal Tool, Avast and Free Spyware Scanner) and none of them have detected anything. My internet connection is extremely slow and most sites don't even load. In my internet explorer add-ons, there's a .dll that I'm not entirely sure should be there (ssqPijjj.dll)
If I go into my system32 folder, there's a whole ton of various .dll's that have been appearing in the last few days, most of which are various letter combinations like the one in my internet explorer add-ons.
Every once in a while, Windows Defender detects changes in my system, and they are .dll's of various letters as well (kkoqeiet.dll is one of them). These files all claim to be Auto Start agents, and I'm not sure if these should be here either. Although, I assume they shouldn't because they're just random letters.
I've tried to download hijackthis, but I can't connect to any site to download it.

Any help would be appreciated here! Thanks in advance!
 

A:Solved: Slow Computer, Internet Not Connecting, Unknown .dll's

12 more replies
Answer Match 74.76%

Please help. Virtual memory showing low a lot of the time. Computer slow. Also about:blank is default homepage. I run Anti virus, spy kill, spy bot and many others. Spyware blaster will not install. Here is my log. Any help would be great. I'm a gamer and this slow computer is killing me. Thanks Alos showing this virus Virus name: Backdoor.HackDefender

I want only the bare minimum running.

Logfile of HijackThis v1.97.7
Scan saved at 6:00:33 PM, on 5/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP ... Read more

A:Please help. Slow computer and always low on virtual memory for some unknown reason

8 more replies
Answer Match 74.34%

Hey guys,

Title says it all. What to do?

TIA

Logfile of HijackThis v1.99.1
Scan saved at 1:31:09 PM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\1158192675\ee\aolsoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\728... Read more

A:Unknown Processes popped up. HJT attached

I'm not sure I understand what process...

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all applications and browser windows before you click "fix checked".
 

1 more replies
Answer Match 74.34%

Hello! 
First of all I'v got some browser-viruses like yooundoo, g0ogle, uc browser and so on. Tried to solve problem myself. Used Adware Removal Tool by TSA. For a while it looked good, but then I noticed a lot of .exe processes with strange names like "name of the game.exe" or "name of folder with photos.exe" and so on. In addition I began to have problems with page loading in browsers. Often it's like 

This site can’t be reached
"..." server DNS address could not be found.

So, here is my code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by ushug (administrator) on DESKTOP-AS07RBF (21-10-2016 14:33:26)
Running from C:\Users\ushug\Downloads
Loaded Profiles: ushug (Available Profiles: ushug)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.... Read more

A:Infected with a lot of unknown .exe processes with different names

Hi Feuran My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;If you d... Read more

0 more replies
Answer Match 74.34%

Too many unknown processes, too slow start up, too slow shut down, hangs and freezes

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Sempron(tm) Processor 3000+, x86 Family 15 Model 44 Stepping 2
Processor Count: 1
RAM: 1983 Mb
Graphics Card: VIA/S3G UniChrome Pro IGP, 64 Mb
Hard Drives: C: Total - 71523 MB, Free - 40084 MB;
Motherboard: LENOVO, K8M800-M3, ,
Antivirus: None

I have Norton Antivirus installed, which challenged the above TSG SysInfo download, but I downloaded this utility anyway. Also, in addition to the above problems, my Task Manager often shows 100% CPU usage, which causes my computer to freeze and hang often. I have run Windows Malicious Software Removal Tool, ran Window Defender full scans, ran my default Norton Antivirus full scan. My My Computer program shows many red circles with white crosses and yellow triangles with black exclamation points enclosed.

I think my computer is loaded down with a lot of unnecessary junk, infected junk, and I do not know what a lot of that junk is, since the short-hand codes are not very descriptive. I need to know what processes are safe and necessary and what ones I can uninstall without harming other processes.

Thank you for your time and help. I sure do need it. S-Pie
 

A:Too many unknown processes, CPU often at 100%, hangs, freezes often

16 more replies
Answer Match 74.34%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows Vista Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 CPU T6400 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2549 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - 236973 MB, Free - 97225 MB;
Motherboard: TOSHIBA, Satellite P305
Antivirus: Bitdefender Antivirus, Updated and Enabled

It seems like I have too many processes and unknown services running. I have spent days trying to resolve this,
but it is overwhelming and I've come to the point where I don't want to mess something up. My computer is slower
and starting to struggle. I also have been having problems updating. I was able to get a few updates through, but
it's only allowing 1 or 2 at a time. I have about 12 more left, Also, I cannot get my home page to apply. It seems
like I have a browser redirect problem.

Any help you can provide would be much appreciated.

Thank you,
Karen
 

A:Too many processes and unknown programs running.

12 more replies
Answer Match 74.34%

Perhaps theres someone here who can help identify these processes on my system and tell me if theyre supposed to be there or not.

Dpi.exe keeps trying to get to the internet during boot up.
Messenger msmsgs.exe tries to access the internet when Outlook Express is brought up.
Apropos.exe tries to access internet with Google. (I think this one is for Ads.)
Rads01.Quadrogram consistently shows up in Adaware Scan.

This all started about 2 weeks ago with a slew of Ads and the Trojan B virus The virus is gone and all has settled down now, except for these little pests . I thank this forum for their recommendations on using Adaware and SpyBot.

Recently updated my Zone Alarm which is now catching dpi.exe, Messenger and Apropos accesses I reply no to prohibit access, but am concerned that perhaps some other software may need these. The system always shows dpi and apropos as active processes, which makes me think they should be there and perhaps I should reply yes to their request to access the internet.

The only thing that shows up in Adaware are the Quadrogram files and processes

Thanks
Trina

Dell Inspiron 4150 Laptop,
Pentium 4, 1.7Ghz, 512 MB RAM,
Windows XP Pro 2002 SP1,
Zone Alarm Pro 4
 

A:[Solved] Unknown Processes - Harmful?

16 more replies
Answer Match 74.34%

This is a problem I've been having for some time now. I tried to get some help clearing it up a few years ago, but it met with only limited success. Now it's rearing it's ugly head once more, and having found this rather interesting place, I thought maybe I'd try asking again. It's not exactly something I can just look up in an FAQ after all, because it's the sort of thing that's specific from computer to computer (or so it seems).

Anyways, I'm always finding bizarre processes running in the background of my computer when I look in the Task Manager. I can identify some of them as the programs I'm currently using, and a few that I know run in the background like Kaspersky and the Nintendo WiFi Device. However, most of them just don't make any sense and I certainly can't figure out what they are.

Here's a screenshot of my processes as I type this, perhaps someone can help.

img.photobucket.com/albums/v79/HiroshiMishima/Processes.png

*removed the "http" part because of that silly no link/image rule*
 

A:Unknown Processes in the Task Manager

google the unknown processes to find out what they are. Or you can use a tool like glarysoft to find out - and it's free.
 

11 more replies
Answer Match 74.34%

I'm currently trying to resurrect a friend's system that is a 2007 Dell desktop 3rd generation ahnd-me down...bottom-line: who knows where it's been or who's been using it. My friend would like to get it cleaned up and use it for word processing, emails and siple video games. When he first contacted me about cleanin git up...he said it "barely lets him do anything". Once I configued various software packages from auto-updating, it stablized enough for me to install Avast, WinPatrol and SpyBot.

During this time, that's when I noticed a few processes running all the time that seemed suspicious and I've stopped a handful of those until you folks at TSF could see what's really going on.

Symptons include:
- MS IExplorer crashes a lot, doesn't seem to matter what web page.
- Unknown processes (like XDoley...) running.
- very sluggish and excessive drive activity when nothing is running.

Pasted below is the DDS.txt report (ATTACH and ARK files attached):

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Dell at 13:08:24 on 2014-01-11
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1982.1152 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-... Read more

A:Browser Crashing and Unknown Processes

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing any signs of malware in your logs. Let's see if ComboFix finds anything.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

D... Read more

11 more replies
Answer Match 74.34%

My IE is constantly opening itself when i don't even use it. I've used many cleansing programs to no success. Here is my log:

Deckard's System Scanner v20071014.68
Run by Junior on 2008-01-28 02:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-01-28 10:43:12 UTC - RP788 - Deckard's System Scanner Restore Point
95: 2008-01-28 08:09:17 UTC - RP787 - Installed Dell Support Center.
94: 2008-01-28 07:18:47 UTC - RP786 - Made by Registry Mechanic
93: 2008-01-28 07:18:34 UTC - RP785 - Made by Registry Mechanic
92: 2008-01-28 07:01:27 UTC - RP784 - Restore Operation


-- First Restore Point --
1: 2008-01-28 01:21:54 UTC - RP693 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Junior.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:22 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:... Read more

A:Unknown processes, mrofinu572.exe, scanregw.exe, help!!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.ble... Read more

10 more replies
Answer Match 74.34%

tried all of the ark i can get my hands onanyway here there are i found a very suspicoius activity all of the process lister + all of the ARK couldn't see those hidden process  what should i do now ??  here is a log http://pastebin.com/9t8E20Lb i know i'm not spoused to post logs here but take a look anyway ComboFix 13-03-14.02 - home 03/14/2013  12:38:06.7.2 - x64 Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2526 [GMT 2:00] Running from: c:\users\home\Desktop\ComboFix.exe Command switches used :: /uinstall AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((   Files Created from 2013-02-14 to 2013-03-14  ))))))))))))))))))))))))))))))) . . 2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\Public\AppData\Local\temp 2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp 2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\Default\AppData\Local\temp 2013-03... Read more

A:weird stuff and unknown processes

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before you run the following tools remove the Word Wrap on you Notepad.
This will remove all the blank lines in your logs.

Please do not run any other tool or post any other log unless I request it.

I also need to know what is the problem with this computer.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
Save it to your Des... Read more

17 more replies
Answer Match 74.34%

I have an annoying problem with my home pc with XP Sp2, it has got some infection from the web. Every hour on the hour it starts four processes called "fourbodysetup.exe" which are taking about 99% of the computing power. Adaware and F-secure propgrams can't find any viruses or spywares. These processes can be stopped but it's bit frustrating to do that every hour. Any idea what is it about and could be done?

Olli-Pekka
 

A:Four unknown processes starts every hour

Try spysweeper it has free 30 trial that lets you remove spyware in that 30 days
i have found it to be bettere than most other anti spyware programs
 

2 more replies
Answer Match 73.92%

Hi guys, I have my computer here that is constantly getting infected with cookies that requires cleaning every 1-2 days with Spybot otherwise it slows to a crawl. Currently running XP SP3, Chrome 3.0.195.27, and Spybot S&D 1.62. If someone and give my HJT log a quick once over and see if I have any noted infections, that would be great. TIA.===================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:45 PM, on 11/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Symantec AntiVirus\SmcGui.exeC:\Program Files\FileMaker\FileMaker Pro 6\FileMaker Pro.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Documents and Settings\ron\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\ron\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents... Read more

A:Unknown malware: computer running slow and needs cleaning every 2 days.

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following: 1. Click on the My C... Read more

10 more replies
Answer Match 73.92%

dss report:

Deckard's System Scanner v20070711.54
Run by Julie on 2007-07-17 at 17:03:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-17 21:03:37 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Julie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 554 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\m... Read more

A:very slow computer, lots of unknown items in msconfig startup

other items of note:

This is my gf's computer, so I'll probably be having her follow the directions. Speak in small words and use lots of pictures ;)

She has some weather program installed that she seems to like, but that I think is spyware - she may want to keep it. She also has some sort of desktop stuff, a webshots program and some calendar.

I don't notice any popups or virus like behaviors, but it does run pretty slow and when I opened msconfig to see what's starting up, there's a ton of items that I don't recognize in it. She needs help!

17 more replies
Answer Match 73.92%

Computer is giving me a ridiculous amount of hard time. Start up is slow, minimizing one window freezes the entire computer. Takes start menu 20 seconds or more to open and close. All this and I'll only have one program running. Recently upon start up and logging on to internet McAfee disables on its own. It's overly frustrating. I cleared my cache, deleted unnecessary programs in my control panel. Nothings working. *Note* When completing the "Disable your CD Emulation Software". Well it never asked me to restart my computer. So I just went along with step 7.Heres my log.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Administrator at 11:05:23 on 2011-08-21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.146 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour�... Read more

A:Infected with unknown. Computer still massively slow after completing step 2

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415462 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 73.5%

Hi,

My laptop was infected few months ago for which I took assistance from this forum and got it resolved; since then it has been fine, I have also been using MBAM and SUPERAntiSpyware on a regular basis with regularly updating them.

For days probabls I have not been doing it.
I also have COMODO firewall installed.

Since today morning, COMODO has started poping up saying 'userinit.exe is trying to access svchost.exe', which I allowed access,I dont know if I should not have done this. But what made me suspecious was it also tried to execute an application called tsu2.exe. I blocked it.

But I am not sure if this completely solves the problems. I would like to clean up the system thoroughly once again to be comlpetely sure of any infections.

Can you please help me out?

Thanks and have a good day.

Regards,
Shan

A:userinit.exe trying to execute some unknown and existing processes

Did I post my question under wrong topic?

1 more replies
Answer Match 73.5%

using Iolo System Mechanic and looking at "Manage Processes that load at Startup" and came across some strange looking files under BootExecute (8).
I did a print screen and am sending it along if anyone has any ideas what these might be I'd appreciate some insight.
No apparent problems with my computer and after following up with msconfig - startup I couldn't see any processes that shouldn't be there.

Thanks

A:Unknown files when reviewing startup processes

I would not use any System Mechanic software for Win7. You only need to uncheck everything in msconfig>Startup and >Services (after Hiding All MS Services) to get rid of the freeloaders - everything except a free lightweight AV and any sync, gadgets or stickies. Everything else can wait til you start it.

These and other tips are compiled in the perfect Clean Reinstall Windows 7 which has helped over a million consumers get and keep a perfect install without a single complaint or anyone returning here with problems who stuck with the tools and methods given.

Anything else?

1 more replies
Answer Match 73.5%

Hello
Task manager I have several processes listed with nothing showing for them in the des. column. They show nothing under right click properties. I am unable to end the process for them.
I have ran malwarebytes scan with no threat detected.
anything to worry about? If so how should I end them or what should I do with these? They are as follows...
csrss.exe
nvvsvc.exe
nvxdsyn.exe
winlogon.exe

A:task manager unknown processes...trojans?

Those appear to me like normal Windows and NVIDIA processes. But I have the perfect solution for you

Process Explorer + VirusTotal (to check all processes with 50+ AV's)

http://www.sevenforums.com/tutorials...s-50-av-s.html

5 more replies
Answer Match 73.5%

Hello,I've had IE 8 - 32bit slow down and crash moreso recently, and problems with java webpages. I noticed I have multiple iexplore *32 processes running. After the first run and exit of IE, and can never kill the last 2 processes in Task Manager.Since I'm running Win 7 - 64 bit OS, I could not run RootRepeal.Here's the DDS log:DDS (Ver_09-12-01.01) - NTFSX64 Run by Bum at 1:53:43.74 on Tue 02/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3322 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour ... Read more

A:Multiple Internet Explorer unknown processes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 73.08%

Please help me identify what the problem is and how to fix.
Last week I opened an email attachment from USPS; file extension was .doc - immediately Windows Defender launched due to possible malware. I have never had anything happen with this type of attachment. Our IT help mentioned the attachment probably contained macros.
 
Web based email was spoofed, had two additional identities from which email could be sent from. Malwarebytes and  Windows Defender do not show any infections however many processes are running on start up, very slow response, mouse cursor does not want to move, email address was showing GeckoWow64. Primarily use Firefox for email. Now being innundated with virus containing emails (unknown sender and .zip file attachment)
 
Operating system: Windows 8.1, 64 bit, x64 based processor
Processor: AMD A4-5300 APU with Radeon ™ HD Graphics 3.40 Ghz
Installed memory: 6.00 GB (5.45 usable)
 
The FRST log is too long to post, I have attached it instead; system will not cooperate with copy and paste.

A:Unknown virus, hijacked/spoofed email, slow unresponsive computer

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, ... Read more

35 more replies
Answer Match 72.66%

hi, i'm new to this site but i have found your forums very helpful

i'm not a genius when it comes to computers, but i did notice an unfamiliar file in my Processes Section of my Task Manager during and after i removed a ton of spyware/adware both with Spyware Doctor and SUPERAntiSpyware. The File is 106984839.exe and i never noticed it until i had the spyware problem. I tried to do a Search for the file on my computer to find out more about it, and the search came up with no results.

Tell me if I'm just dumb and this is a common file. But apparently the file is located in my Temp folder (according to hijackthis), but i cannot find it there with the Windows Search function.

Here is my Hijackthis Log (feel free to give your opinions on any files i use, whether relevant or irrelevant ):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:02 AM, on 5/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\s... Read more

More replies
Answer Match 72.66%

Ok my title and description make me sound a little dumb, but I know a little about what I'm doing, It's just I think there are many unwanted processes working on my computer.

The most obvious thing is when firefox loads its default homepage and I try to search something, the search automatically redirects to a site called "SEARCH" with the letters using GOOGLE's colors and font. In the adress bar it says the page address is : search.feedandme.com.

Also often when I click anywhere on a webpage two pop-ups are generated, this is not related to the site visited, it happens on every site, usually in the first 5 minutes of a new firefox session. (I've notice this has been going on for the last 3-4 weeks.

There may be other processes/malware at work, if you can help me with cleaning my computer as much as possible it would be appreciated, although I know perfection is not of the computer world hehehe!

Finally you should know I downloaded and ran combofix, but when i heard my computer beep, i panicked and stopped it before it started (the beep was in relation to a message asking me to turn off my anti-virus, but it made me realize combofix was not something I was trained to play around with!) So I'm pretty sure it did not have the time to do much but it did create a folder and an executable file in my C: I do not dare to touch! Just wanted to let you know before we do anything!

Thanks for your help in advance! Here are the repo... Read more

A:Infected with various unknown processes - firefox home redirects + 2 pop-ups

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436138 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

40 more replies
Answer Match 72.66%

everytime my acrobat reader updates i get more than averagely annoyed by the progress bar. it moves from 0 to 100% maybe 30 times, but it is impossible to know how many processes have to be done. so what it is the freaking point of a progress bar then? they could as well show as a dancing clown, i would much rather appreciate that.
 

More replies
Answer Match 72.66%

I've followed the directions from Boopme regarding my post under the Windows Startup Programs Database Forum and have attached the DDS, GMER, and Combofix logs.

Boopme,

I appreciate the help! If you need other infomation, please let me know? Thanks for you help!

A:Suspicious Processes Running - Unknown Malware Type

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

18 more replies
Answer Match 72.66%

The bug runs invisibly and is inaccessible to task manager kills/symantec/malwarebytes. Occasionally popups appear even when internet browser is closed; audio ads play every 30 min or so. Follwed the preparation guide steps, but got stalled during the GMER scan.Is this the fault of the malware or is this just part of the scan? I stopped the scan and restarted.Thank you so much in advance to whomever helps out with this.Here is some additional information on the situtation:I have an MSI Wind netbook, running Windows XP SP3I do not use Internet Explorer, but instead use Firefox or Google Chrome to browse the web.The GMER scan has located a hidden iexplore.exe process, which seems to restart itself every time it is killed. Here are the dds logs. The GMER scan has been restarted. Will post GMER log when completed (if it fininshes)DDS (Ver_10-03-17.01) - NTFSx86 Run by Rick at 12:16:44.50 on Wed 08/04/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.265 [GMT -4:00]============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exe 4svchost.exeC:WINDOWSSystem32svchost.exe -k netsvcssvchost.exesvchost.exesvchost.exe 4C:WINDOWSsystem32spoolsv.exesvchost.exeC:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesJavajre6binjqs.exeC:Program FilesSystem Control ManagerMSIService.exeC:Program FilesG... Read more

A:Invisible ads/hidden iexplore.exe processes - Unknown source

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 72.24%

Avira stopped work during scan too
 
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-07-2016
Executado por DELL (administrador) em DESKTOP-MTOTQPM (16-07-2016 21:50:29)
Executando a partir de C:\Users\DELL\Downloads
Perfis Carregados: DELL (Perfis Disponíveis: DELL)
Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave ... Read more

A:slow pc and impossible to install extensions at chrome

Hello lucasdloss and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Note: Please run these in the order given in the instructions.
===================================================Download and run AdwCleaner
Download AdwCleaner from here and save it to your desktop.
run AdwCleaner by clicking on Scan
when it has finished, leave everything that was found checked, (ticked), then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please att... Read more

29 more replies
Answer Match 72.24%

Avira stopped work during scan.. impossible to install extensions just at google chrome
 
 
 
 
 
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-07-2016
Executado por DELL (administrador) em DESKTOP-MTOTQPM (16-07-2016 21:50:29)
Executando a partir de C:\Users\DELL\Downloads
Perfis Carregados: DELL (Perfis Disponíveis: DELL)
Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashH... Read more

A:slow pc and impossible to install extensions at chrome

Greetings lucasdloss and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter proble... Read more

4 more replies
Answer Match 71.82%

I just ran speccy on my pc to help out with a problem I'm having, and noticed this massive list of running network processes under my network adapter. What are they, and should I be concerned?






Quote:
System Process
Local 192.168.1.2:49859:
TIME-WAIT Remote 173.194.67.147:80 (wi-in-f147.1e100.net) (HTTP)

Local 192.168.1.2:49892:
TIME-WAIT Remote 65.55.58.184:80 (HTTP)

Local 192.168.1.2:49893:
TIME-WAIT Remote 216.155.126.44:80 (juno.olymp.mvps.org) (HTTP)

Local 192.168.1.2:49894:
TIME-WAIT Remote 216.155.126.44:80 (juno.olymp.mvps.org) (HTTP)

Local 192.168.1.2:49928:
TIME-WAIT Remote 63.135.172.229:80 (HTTP)

Local 192.168.1.2:49927:
TIME-WAIT Remote 63.135.172.229:80 (HTTP)

Local 192.168.1.2:49930:
TIME-WAIT Remote 46.137.183.58:80 (ec2-46-137-183-58.eu-west-1.compute.amazonaws.com) (HTTP)

Local 192.168.1.2:49933:
TIME-WAIT Remote 69.58.181.89:80 (www-ilg.verisign.net) (HTTP... Read more

A:Massive list of unknown, network system processes running on my PC?

Hi there Elwood,you obviously have a lot of applications installed and i bet that they all are set to auto-update themselfs.Thats half of them processes running not to mention the os's procedures that are either waiting or listening for doing their assigned work.By only having a browser running,the browser itself,as well as its add-ons are some established processes,your AV has also some waiting,listening or established ones.The point is,do you recognize each and every one and through which ports all this is happening.Try Sysinternals Utilities process explorer and under properties figure out who is who,its really like witch hunting...

3 more replies
Answer Match 71.82%

Hi,

Two days ago, I was reading a forum I go on quite often, so what happened was I was on this forum reading varies different threads, I had opened up. So as I did this, they were taking time to load, so I went away and came back. When I got back, my computer seemed to have restarted, and I was prompted to log in. So as soon as I logged in, there was an alert from 'Windows Security Essentials Alert' so I quickly did a search and found that this was a fake alert/Trojan etc etc. I then found a guide on google I followed which removed this 'fake' Trojan, however after this, I went into my Task Manager to see what was running and I found 2 processors running which I haven't seen before, a quick search I found that it was either spyware or virus related. I then scanned my computer using spyware doctor, AVG anti-virus, RegDefense, CCleaner but none seemed to have removed this. I have followed the guide I was linked to by 'amateur' and here are the following.

P.S. I have a copy of the OS disc which came with the computer when I bought it few years back, however I have tried running the disc but when I tried to boot from the CD after changing the boot sequence from BIOS etc, I got an error saying disc error.



DDS (Ver_10-11-10.01) - NTFSx86
Run by Jack at 0:58:13.18 on 21/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.53 [GMT 0:00]

AV: AVG Internet Security *On-access scan... Read more

A:unknown mshta.exe and FGuard.exe running in task manager processes?

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

4 more replies
Answer Match 71.82%

Hello,
 
My main worry is checking out the multiple conhost/csrss and svchost at startup, after the event detailed below...
 
Recently after installing Teamspeak and not actually getting all addons necessary to join people in an ARMA3 game, I noticed I was having slowdowns.
 
I did a windows recovery to before the install and it seemed to fix the slowdowns but I'm a little paranoid about both the teamspeak download and the ARMA3 addon downloads---Given that I have a few conhost.exe at startup and several svchost. I'm not sure when they started being there. They are not there in safe mode when I scanned.
 
(I have to note that the recovery didn't fully complete because of some form of disc problem, but the installs seemed to be removed form registry and I deleted the Teamspeak files--- Running "sfc /scannow" apparently fixed everything from its perspective)
 
I run Malwarebytes (recently added anti-exploit), and have Kapersky installed from my motherboard software package.
I have run Malwarebytes anti-rootkit.
 
Windows 7 x64 Home Ed.
 
Processes
http://i1028.photobucket.com/albums/y341/ObsidianDisc/Proc1_zpszotos3nd.jpg
All Users Processes 1 and 2
http://i1028.photobucket.com/albums/y341/ObsidianDisc/ProcAll1_zpskoindahf.jpg
http://i1028.photobucket.com/albums/y341/ObsidianDisc/ProcAll2_zpsc1ll8kdt.jpg
 
There are two csrss processes one with 3 conhosts one with only 1 conhost further down
http://i1028.photobucket.com/albums/y341/Obsidi... Read more

A:Slowdown fixed post system recovery, but unknown processes

Although I am not allowed to assist you with malware removal tools, I have however found out that:
AiChargerPlus - has something to do with ASUS. I think you have an ASUS laptop
aaHMSvc - another ASUS thing
 
The conhosts and the csrss processes I think are normal, just right click and click properties to make sure it is signed by Microsoft, and is in C:\Windows\System32

7 more replies
Answer Match 71.82%

Following installation of a the most recent updated version of CA Security Suite ON TWO PC'S (previous version's license expired), I chanced upon 3 processes which had not been there previously (ON BOTH PC'S); all showed the date last modified as being 03/09/2007 within 1 minute of each other. However, they did not show up (or I did not notice them) until 29/09/2007.mdmcls32.execfgmng32.exesvcprs32.exeIf users of CA could check their pc's for these processes and report back as to whether you a) have them and b ) any information you might have on them as searches so far have proved inconclusive (according to some databases mdmcls32.exe and cfgmng32.exe are clean and svcprs32.exe has only been around since 23/09/2007 {Prevx}).Cheers (any further assistance much appreicated)the_binkster

A:Users Of Ca Security Suite (information Required On Unknown Processes)

Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Post back with the results of the file analysis.

6 more replies
Answer Match 71.82%

Hi, Today I occasionally find these weird things in the Process Explorer(PE), and I can tell there must be bad things going on:
 
I have a habit that keeping the Process Explorer since last time I used it the hold the POWELIKS from wreak havoc. And this time I find something on spot.
 
Firstly,I find a weird named process “°ntrusted” and its icon is the same to Sogou(an IME tool) imagein the PE, so I viewed the property with PE, then it shows this process belong to "Aogou.inc"(should be Sougo.inc) and "3/4"..(I suspect that A and 3/4 should be some ASCII code) saying this theme does't have signature(in Chinese)... ... I guess I really need to keep an eye on it, so I monitored it for a while and it does changed to a process named “Mandatory” and stealing chrome's icon, and in the property panel it belongs to "Google.inc"& "Aogou.inc" , without signature either. 
here is the screen-print I got for above process.
 sougo.jpg   172.58KB
  0 downloads
additionally, the path showed in both property panel are the same but the SGTool.exe is in disk Q...rather than as shown in disk "E?"
the parent & user are weird too. 
So I decide to suspend and kill this process, but failed....then google for some advices, but seemed the browser was fail to connect the internet while the internet connection icon is on and indeed connected```then I disconnected the internet in case the bad troja... Read more

A:unknown fake processes pretend to belong to "google.inc" & can't be terminated

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553062 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 71.4%

Hi,
My laptop was recently the victim of some malware/virus and I can't figure out how to fix it. I've tried the suggested steps to clear it from my system, and have tried running a few anti virus programs while in safe mode. The Dr Web scanner indicated that there was some malware in my dell support system files, which I've attempted to delete . In the past few days, I've deleted some files that are supposedly incosequential (ie Dell connect, etc), but now I am wondering if I deleted a file I shouldn't have. I was going via the advice given on some other forums, regards the neccessity of some of these programs.

I have a Dell inspiron e1705 with Windows Vista (32 bit) .

Some of the symptoms of the problem include:
-no wireless intenet availability (says "the adapter is not connected") - never had a problem previously
- very slow with frequent freezes
-I do not see any obvious resource taken up the memory space in the Windows Task Manager log
-Occasionally, some random tmp files have appeared all of a sudden on my desktop.


Here is the HiJack log file:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:37 AM, on 11/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynT... Read more

A:unknown virus - computer now runs slow and wireless internet connection doesnt work

Hello, alexismyname
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

2 more replies
Answer Match 70.98%

Hello...
 
My default browser (Google Chrome), & maybe other apps too, has gotten infected.  I've sought help here in the past(3 times altogether), this will be my 4th time.  I've been very pleased with all the help I've gotten in the past with the removal of all the "crapware" that I've gotten infected with as well as my wife's cousin, Bonnie.
 
Unfortunately, this time my main PC (PIE5, 1 of 4) has gotten infected with some unknown(to me) crap that I can't seem to rid myself of, though I've tried several things that I thought MIGHT work, but didn't.
 
things I've tried:
ADWclean (ran it 2 times, once last week & yesterday was the 2nd time)
JRT.EXE
 
My browser's behavior:
I have 2 different methods of using my browser. One is from a command line from within an AHK (Auto Hot Key) macro/script that I wrote to automate my online Email.  This method works normally and doesn't seem to be infected in any way.  My other method, which is probably the most common method, is starting it from an icon on my desktop.  When starting it this way, I get 7 tabs! If need be, I can list them.
 
Incidentally, this all started when I clicked on an option to use an online editor on a, what I thought was, "trusted" site, avery.com.  I was needing to create CD/DVD labels since Nero's cover designer (That I've been using for years) inexplicably quit working.
 

A:Unknown Chrome infection <???>

You may have accidentally set multiple pages to open when launching Chrome.. You can try going to the Google Chrome settings and seeing if there are multiple tabs opening there:

20 more replies
Answer Match 69.72%

Win xppro, sp3. ie8

I REALLY WILL STOP SURFING PORN NOW

pops up new ie windows (not tabs) that link to random sites, often unknown search engines showing results for last string searched on google, often for other random things (news 6 live, adfat, sals barbershop). seemingly benign.

After some time of this, more serious infections occur, including antivirus soft, many others.

Malabytes will knock out what it brings in, but not kill the initial infection.

have run malabytes in safe mode, safe mode + neworking, and mutiple times after knocking out later more malicious infections in both safe mode and regular. Sometimes picks up a few stragglres, sometimes not. But in all cases I still have the original thing which pops up a new ie window to some odd thing and presumably opens the door for the rest.

Any help greatly appreciated, and, really, despite any other sex life to speak of, sad though that may be, I will leave the porn sites alone after this.

A:unknown infection, seemingly benign popups to unknown sites, followed by more extensive problems

Ok let's do this and see some logs please.*************************************>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new ... Read more

15 more replies
Answer Match 69.72%

I've been trolling the forums here for a while. Lots of great info but now I actually have an issue where I need some assistance.

When I was booting one day last week I got a nasty BSOD when Windows was trying to load. Then on the next reboot Windows 7 said it couldn't load and needed to do the recovery OS option from the Windows 7 repair on the CD. Well, before trying that I did a cold reboot and it got back into the OS fine so I didn't think much of it. Now, I noticed Ghost shows the C: drive status as "Unavailable" and it can't back it up anymore. It does give me an option to restore from one of my old backups. I'm thinking the MBR got hosed up somehow or something like that. But I'm skeptical to run an MBR repair since I have that 100MB partition on my SSD where my OS resides.

Ghost Shot>

This was about a week ago my Windows 7 started acting up right before the big patch Tuesday. I've been running it for over a year now and it's been solid. When I first set it up I installed it on my SSD (Intel 510 120GB) drive. One of the qualms I had with the install is Windows created a separate boot sector on the disk drive where it stored my boot files. This is known the the "system reserved" operating system files 100MB partition. Apparently the way to avoid this is to use a third party partition tool before doing the windows install. That way it will keep the Boot sector files on the same partition which is how I would of liked it for doing resto... Read more

A:Windows Recovery disk shows operating system: Unknown on (Unknown)

Note, I just went into my Disk 3 where my SSD resides in DISKPART and did some commands if this helps. It shows both the 100MB and 111GB Partitions on the Intel SSD as "Active".


Code:
DISKPART> list partition

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

DISKPART> detail partition

Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 System Rese NTFS Partition 100 MB Healthy System

DISKPART> select partition 2

Partition 2 is now the selected partition.

DISKPART> detail partition

Partition 2
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 105906176

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 111 GB Healthy Boot
Thx again for any/all help!

5 more replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

I'm not sure if this forum supports Windows installed on a MacBook,
but I'd appreciate any help provided.

Regarding my laptop, it's a MacBook Pro bought around 2011,
witn Windows 7 x64 installed from my friend's disc.
(Sorry I cannot remember exactly what it was)
"Barely alive" condition.
Works fine, but suddenly shuts down at times, alert shows battery not inserted (UNDETACHABLE on this MacBook model), won't run without power adapter connected, immediately shuts down when inserting USB cable into 1 of the 2 USB ports, won't detect internet connection, and so on and so on......

That aside, it worked fine until last week.

I was running Windows Update when I accidentally insert USB cable into the wrong port and "forced shut down" the laptop.

When rebooted, I get a flash of BSOD and auto-restart, which leads to startup repair.

From there, I ran startup repair a few times, each time I get the successful result yet Windows still won't start.

Then I switched to Mac OS to use it for some urgent stuff.
While in Mac OS I did went around and did "repair disk" and stuff to the bootcamp.

Next I tried searching for solutions through my phone and did this and that on command prompt.
chkdsk bootrec etc etc tried all posted solutions to something similar to my case.

The next thing I realized was that I now cannot even choose "Windows" on boot and I got stuck.

Then I asked my neighbor and fortunately could borrow Window... Read more

More replies
Answer Match 69.72%

Please help me folks, I'm on borrowed time today.

I had to reformat my computer thanks to a handful of Trojans and of course, I am missing the Ethernet driver to connect. In the past, I had a friend set me up, but he never told me how to do it and he's gone in basic training so I can't ask for his help today.

I have a custom-built Compaq HP
I will have Windows XP HOME installed when I get the cash.

What I need is help figuring out where to look to find the model number to install the correct driver. I have tried the HP website and it does not work; My driver is built into the motherboard.

I currently have Windows XP Professional for English Students, it's my father's OS
 

A:Unknown Ethernet Driver - Compaq HP (model unknown) Windows XP

"I have a custom-built Compaq HP"...

Custom built by HP or a friend? See if you can tell us the model of the motherboard. Give us any name or numbers you find
 

9 more replies
Answer Match 69.72%

I loaded up explorer and opened up my C:/ drive to start a game in my program files, accidentally pressing "Downloads" finding this file there, my operating system is Swedish so the folder should be named "Hämtningar" (Swedish for downloads). The file is 93 kb in size and was created on the 27th january, there is also an account named "Unknown account(S-1-5-21-a bunch of numbers)" with total control, I also have no ability to remove it. I would like some help with this, malwarebytes also doesn't react on it. I've also noticed I'm unable to visit Bing (not like I use it, but still weird) with the access denied error.

A:I found an unknown files called myfile.exe, origin unknown.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

23 more replies
Answer Match 69.72%

I got this laptop from someone else so who knows how they've been using it. It seemed to work fine... until this morning. I open up Chrome and it's completely blank. I can't access anything not even "Settings". Very weird!
 
I was getting a popup that Adblock Plus has crashed so I thought there might be a connection. But I don't think that's the case. I've uninstalled and reinstalled Chrome twice. Adding the Adblock Plus extension one time and one time without. Each time it works fine for the first run but any attempts thereafter brings up a gray blank screen like this: http://imgur.com/RUfEtu4 I've never had this happen to me before while using Chrome so I'm suspecting malware.
 
By the way, I did a Malwarebytes scan back in September that brought up WeCare and FCTPlugin(?). I used MB to remove them but that only goes so far and I was too lazy to do a proper cleaning so it's quite possible there are still traces of these on here.
 
I appreciate any help or advice that you can provide!
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.21.2
Run by Minette at 15:52:03 on 2013-10-13
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3578.1713 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/... Read more

A:Unknown Chrome Hijack, Possible WeCare/FCTPlugin

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===It looks like AVG was present on this computer and removed.If this is the case please run their uninstaller to remove the remnant items.Please download the AVG Remover tools and Save it to your Desktop.Select the tool that meets your operating system ( 32 or 64 bit) and the version of your AVG version installed.Close all programs and double-click AVG removal tool then click RunIn Vista/Win7, right-click and choose 'Run as administrator'.Follow the on-screen instructions.Restart your computer if asked.Then delete AVG Removal tool from your desktop.===Do you know what you need this proxy setting?uProxyServer = 127.0.0.1:8118It's related to Privoxy "privacy enhancing proxy", filtering Web pages and removing advertisements.This may be the culprit that interfers with AdBlock.To remove the proxy settings.In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5577 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".===If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.===--RogueKiller--Download & SA... Read more

6 more replies
Answer Match 69.72%

Hi everyone,

Hope someone can help me. When downloading files using chrome I keep getting "unknown network error" before the download is complete. Why is this happening and what can I do about it? I am using vista on an acer aspire 5535 laptop. I tried using internet explorer a few times instead but it has also happened there. I would be very grateful if someone has any ideas.

Thanks very much.
 

A:Chrome unknown network error when downloading

Please show the following for before starting a download and then again when you get the error.

Open a (black) Command Prompt window:
Hold the Windows logo key and press r; in the Run box type cmd and click on OK.

Type the following command:

IPCONFIG /ALL

[Note that there is no space between the slash and ALL.]

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If necessary use a text file and removable media to copy the results to a computer with internet access.
 

1 more replies
Answer Match 69.72%

Hi, I'm new here, and afraid to take any serious action without some expert guidance (I don't have a good record when it comes to dealing with system files. R.I.P. My Aunt's Win98 1998-2007)I am using Vista Home Premium x86 Service Pack 2 on a Toshiba Satellite L305 with a Pentium Dual Core CPU, and 3 GB of RAM.Recently, I've been having many load errors on the net, namely Error 105, with an Error 101 here and there, and ironically enough, Google often can't find Google. I notice that a lot of memory is being used on unusual programs I'm not familiar with, so just to be safe, I downloaded GMER and ran it. Here's what it came up with the attached Notepad file, which unfortunately was so big, it had to be compressed into a .zip file... sheesh!Honestly, I stopped it after about 3 straight hours of nothing new added to this list... Is something seriously wrong with my laptop? I've been working on this for at least 4 and a half hours, and can't figure it out.(Irrelevant anecdote)Funny thing; what actually led me down the garden path was my Nintendo DS emulator. I couldn't for the life of me get the Action Replay codes to save! So that led me to it being a read-only folder, which led me to special permissions, and then to system settings, and the whole thing just snowballed out of control. Kinda blows my mind...

More replies
Answer Match 69.72%

So very recently (ie in the past 24 hours), I've gotten a BSOD 3 times. I've never had a BSOD previously, and I'm not sure of exactly what to do. I have not installed any recent hardware, but I am trying to gradually upgrade my PC (hence why I have an Nvidia 960 with such a bottlenecked system), and my most recent addition was my Nvidia 960 that I received on 12/25/15, and I've had no errors until just yesterday (3/20/16).

This kind of thing worries me greatly, as I am a college student and my computer frying doesn't quite sound like a good time to me.

Here's the only things I think I know about the BSOD:
-It seems to only happen when I have Google Chrome open.

-After the second time crashing, an error popped up when my computer started (the error was with the file nvspcap.dll), and I traced the error to an Nvidia audio driver, which I uninstalled, and it seemed to fix the error message.

-The first two times it happened, I was in the middle of a Youtube video. The video gets somewhat choppy and strange sounding shortly before my computer implodes. The third time it happened, I wasn't on a video, but on some other site that I can't remember.

-The first time it happened, I ran a virus scan and went about my business leaving my computer idle for about 10 hours. There didn't seem to be any issue, and the scan completed. I went to Youtube on Google Chrome and shortly afterwords, I experienced the second BSOD.

Heres all the things I've done on my PC that may be noteworthy in ... Read more

More replies
Answer Match 69.72%

I have a strange Startup entry that CCleaner picks up that I can find no information about.

I wondered if anyone could shed any light on it:

HKCU:Run 4CC718B76FDA31A781EEE64B20CC9F318F05D00D._service_run
Google Inc.
"C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

Do I need this service and is it legit...

Thanks in advance (and yes I have Googled it and no info can be found regarding this Chrome service)

A:Unknown Google Chrome Service on Startup

Do you have Google cloud Print enabled under chrome settings ??? it looks like you have it enabled..

Disable it if you dont want it to be re enabled in the startup again and again.

2 more replies
Answer Match 69.72%

I often see that downloads in Chrome are getting stalled showing unknown network error. I see this problem happening with medium to large size files, any file over 10MB is resulting in network error.I see the files downloading til near the end an than it's stall's.
 

More replies