Tech Problem Aggregator

Infected PC with some Removal Completed

Q: Infected PC with some Removal Completed

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: ZeroBar: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - LocalServer32 - <no file>
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: ZeroBar: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{95982F00-2AE3-4DE4-8E32-3CFDCE2B0237} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CB2CBEA7-C16E-4269-949A-F5A5EF1F13EC} : DHCPNameServer = 192.168.0.1 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= karna.dat
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-9 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-9 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-9 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-9 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-9 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-9 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-8 46808]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2013-3-22 9216]
S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\ZTEusbnmeaext2.sys [2013-3-22 107520]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-22 134144]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
.
=============== Created Last 30 ================
.
2013-08-12 14:36:54 -------- d-----w- c:\windows\system32\MRT
2013-08-09 04:06:20 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-09 04:06:19 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-09 04:06:17 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-09 04:06:10 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-09 03:59:32 41664 ----a-w- c:\windows\avastSS.scr
2013-08-09 03:50:46 -------- d-----w- c:\program files\AVAST Software
2013-08-09 03:42:19 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-08-09 03:22:02 -------- d-----w- c:\program files\ESET
2013-08-08 03:39:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2013-08-08 03:38:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-08 03:38:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-08 03:01:18 -------- d-----w- c:\documents and settings\hp_administrator\application data\MSNInstaller
2013-08-08 02:40:01 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-08 02:34:04 -------- d-----w- c:\program files\CleanUp!
2013-08-08 02:33:09 -------- d-----w- c:\program files\CCleaner
2013-08-08 02:29:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2013-08-08 02:29:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-08 02:29:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-08 02:29:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-08 02:06:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-08 01:02:08 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-08-08 01:02:08 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-08-08 01:01:11 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-08-08 01:01:11 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
.
==================== Find3M  ====================
.
2013-08-08 02:04:37 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-08 02:04:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-08 01:46:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-08 01:46:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
2013-05-19 14:29:32 0 ----a-w- c:\windows\system32\drivers\SETB0A.tmp
2009-10-23 15:26:46 570024 ----a-w- c:\program files\ChromeSetup.exe
.
============= FINISH: 12:34:50.98 ===============
 
 
 
See attached as well ...
 
 
Thanks,
Briani

A: Infected PC with some Removal Completed

Attached file ...

3 more replies
Answer Match 56.7%

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

A:Antispyware Soft Infection: Removal steps completed but still having issues....

Hello, KarenReyWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

13 more replies
Answer Match 54.6%

I am running windows vista and a couple months back I got the Antivirus Action and used the guides here to rid the problem successfully. Twice. Thanks for the guides.

I got Antivirus Scan now and I went through the steps in the guide for this issue. Unfortunately I am still infected. I have tried the process again, however RKill and MBAM find nothing. I am able to run in Safe Mode (which I am doing now). When I first start safe mode Firefox does not attempt to use the proxy (and does not need the setting changed) IE does still require the proxy fix.

I'm hoping to avoid completely restoring the system...any advice? Thank you.

More replies
Answer Match 54.18%

Windows XP Home SP3
added some RAM so that it would run a little faster while I'm doing diagnostics

Have done a number of scans, using tools such as MBAM, SuperAntiSpyware, and AVAST

Have done these scans at safe mode, and at boot time (for AVAST)

Several dozen infections and problems removed, including Vundo, several trojans, downloaders, and malware.

Have disabled suspect entries in msconfig.

This system has AT&T Internet Security Suite, which seems to include some McAfee components.

msconfig / startup shows the following (some are not included in my list that I think are not suspect):
Titanshield Antispyware
AT&T Internet Security (3 entries)
McAfee (3 entries)
AOL (5 entries)
GWMDMMSG
GWMDMpi
SK9910DM

I disabled these in msconfig, and still got the 2 popups / problems noted below. After that I re-enabled all of these.

The HD works hard, spins a lot, and does lots of accesses for several minutes on boot.

The system is running a lot better and faster since I've started working on it a few days ago, but . . . .

A number of symptoms have been rectified, but . . . . .

Here are the latest symptoms:

On boot, there have been 2 popups / messages / problems.

Here are the 2 popups / problems I have been getting:

1.
McAfee VirusScan
McAfee ActiveShield has found a suspect file in your computer. McAfee strongly recommends that you scan your computer now.

2.
AT&T Internet Security Suite
The proxy component failed to initiali... Read more

A:Lots of cleanup completed, still infected [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Answer Match 53.34%

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Home at 17:20:04 on 2014-03-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7928.5523 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer... Read more

A:Windows 7 completed infected with malware/trojans/virus

Hello and welcome to Bleeping Computer,please run the following:Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

21 more replies
Answer Match 53.34%

Mark -

Thanks for picking this up.

I successfully ran the DD-scr. Output files are attached.

The RootRepeal, though, had some problems running. Each time I tried to run it, after a couple of minutes ('Initializing, please wait'), I'd get a dialogue box that says: Windows - Virtual Memory Minimum Too Low. Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help. OK.

The first time this happened, I waited about 10 minutes. I could not get a task bar, could not open up additional Windows Explorer or My Computer windows, and things froze up. There were partial windows left on the screen. After about 10 minutes I tried a clena shutdown and it stalled with 'An unexpected error has occurred that this application cannot recover from. It will now close. Exception code 3221225477. Exception address 00403E45."

Still wouldn't shutdown. I had to hold power button down to force shutdown.

Restarted, reset the Windows - performance -virtual memory settings to 'Let System Manage the size' (original settings were 'custom size, initial size 384 MB; maximum size 768 MB')

This system currently has 512 MB of RAM.

Rebooted, ran RootRepeal, and got the same msg about Virtual Ram is too low after it ran (Initializing, please wait) for a couple of minutes.

Thanks again for looking at this.

Sorry if I posted in the wrong place initiall... Read more

A:Lots of cleanup completed, still infected [Split topic]

Please close this request for assistance.

Thanks.

d.b

2 more replies
Answer Match 53.34%

***EDIT**** Could someone please look at the info below and let me know if I should be worried about passwords being compromised? I have reformatted the drive, so I don't need help with removal, but I want to make sure I'm not in trouble some other way. ThanksHey guys, I'm hoping you can help me out. I've gone through the prep, however I was not able to activate the windows Firewall. I have unplugged the PC from the internet and I'm using a flash drive to move files and logs back and fourth to another PC to post on here.Initially I was infected with Digital protection and Internet Security XP. I used malwarebytes to remove both of those, but I'm still infected. Sites are re-directing and I received a warning from ATT today that my pc is being used to send spam. I would just reformat my PC but it's about 5 years old Compaq Presario and I've lost the recovery disk, so I don't have an OS. I'm including the DDS log belowCODEDDS (Ver_10-03-17.01) - NTFSx86  Run by Compaq_Owner at 11:31:18.56 on Thu 04/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.499 [GMT -5:00]AV: Digital Protection *On-access scanning enabled* (Outdated)   {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchs... Read more

A:Infected with unknown Rootkit malware, Prep completed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 47.04%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

A:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Answer Match 39.48%

So, first I guess, I should explain. I thought I was a fairly smart Computer User, anyway I went to download a Mod for Minecraft located here: hxxp://www.minecraftforum.net/topic/576847-minecraft-call-of-duty-metal-gear-solid-mod-pack/page__st__20 and downloaded it. I stupidly ran the EXE inside thinking it would install the mod. MalwareBytes, immediately popped up and recognized it as a Trojan. But, I stupidly just hit ignore. Anyway, I read further into the thread and saw that someone had de-compiled the exe and identified it as this. So, I immediately had MalwareBytes run a quick scan and had it remove what it found. Unsurprisingly, after a re-boot it was back. So, help?I do still have the zip with the EXE, as well as logs from DDS, GMER, and MalwareBytes. Those are available if needed.Thanks,EGJason*Apparently, not so savvy Computer User*

A:Infected with Something - Need help with removal

*Bump*

So, I think I removed it. But, how do I go about restoring access to my C Drive. Everytime I try to access it, it tells me it's restricted by the Admin.

EGJason

3 more replies
Answer Match 39.06%

Hello people, the wifes XP box was infected, all the usual problems NOD32 disabled etc.

Spybot found and removed 5 infections and trend House call found 3 rootkit entries, which it removed, but the box is still making the "clicking noises that raised my suspicions in the first place. (the "click" sound windows uses as an audio feedback when you click on something).

I am reasonably good at keeping my own PC clean, but I dont read Chinese and she is almost computer illiterate, so I worry about making any changes or removing programs when only Chinese descriptions are available.

Any help received with gratitude.

Hijsckthis log follows; I hope someone knows which of these Chinese programs are legitimate.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:25, on 2011-9-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\360\360safe\safemon\360Tray.exe
C:\Program Files\Hp\HP Software U... Read more

A:Still Infected after Rootkit removal??

Ok, I got gored waiting and managed to get Malwarebytes to install and ran a scan in safe mode; it came up with lots of stuff, including 2 Chinese language programs that it said were infected..
I deleted the files that had a named trojan, rather than just a "generic" title, which made little difference; I still couldnt uninstall NOD or update any av programs.

I finally, ran all the nod32 files through the Spybot shredder in safe mode, which stopped that in it's tracks; and managed to remove the 2 Chinese programs (labelled 360); this then allowed me to install and update Avast! without the PC locking up.

I still have one file in the NOD32 folder I cannot remove, even in safe mode, and an "ADS" (?) stream coming from the "E" drive which I suspect shouldnt be there that I detected with the scanner in Hijackthis.

Any words of wisdom?? I would have thought any legitimate data stream would becoming from the "C" drive and the rootkit I discovered first was located on the "D" drive.

I will post a fresh HJT log tomorrow, it is 1am here, and I want to go to bed!!

3 more replies
Answer Match 39.06%

I think this PC is infected with a fair bit of malware as MBAM came back with over 300 infected results which i deleted (Successfully i think) here is a HijackThis log if it helps. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:39:15, on 19/09/2003Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files... Read more

A:Infected PC, help needed for removal

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

2 more replies
Answer Match 39.06%

Hi Good Helpers:

Ms Removal Tools has infected my PC. I tried with different spywares & malwares killers but still have the problem.

Here I post the data following instructions from the forum

Thanks in advance

Chakabike

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Computer at 22:46:43 on 2011-05-24
Microsoft Windows XP Professional 5.1.2600.2.1252.595.3082.18.3034.1476 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Ojezye.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Ozavuf.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Archivos de programa\Nero\Nero8\InCD\InCDsrv.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Spyware Terminator\SpywareTerminatorShield.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Computer\Datos de programa\bot.e... Read more

A:Keep infected with MS Removal Tools

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

2 more replies
Answer Match 39.06%

Logfile of HijackThis v1.98.2
Scan saved at 12:08:08, on 15.12.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\WINNT\System32\svchost.exe
C:\Oracle\Ora81\BIN\OWASTSVR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
T:\todo\todo.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSNBC\Alert\NEWSALRT.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Sun\studio5_se\bin\runide.exe
C:\Sun\studio5_se\bin\runide.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Documents and Settings\taskin\Desktop\HIJACKTHIS\hijackthis-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ht... Read more

More replies
Answer Match 39.06%

Hi,

I am hoping you can help, as I can't seem to shake this virus on my own. My laptop recently became infected with the MS Removal Tool virus. I was able to "remove" it with MalwareBytes and Super Anti Spyware (AVG didn't even see it), but I have a feeling it isn't all the way gone as the proxy settings on both IE and Firefox keep getting set to 127.0.0.1 port 57677 every time I restart the browser. I also have a sneaking suspicion that it may be on one of my external HD's so any help in locating it on that would be appreciated as well.

One other thing. I live in Hawaii and work away from home during normal business hours M-F so my responses may be somewhat delayed.

Hope you can help.

----------------------------
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Matt at 17:04:29 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.913 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServic... Read more

A:Infected with MS Removal Tool (?)

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Answer Match 39.06%

I got infected recently. Been reading about these different removal options and this website seems like the best. I appreciate the help.

Spybot S&D detected Smitfraud-C.gp, Virtumonde, virtumonde.prx, virtumonde.sdn.

These seem to be causing pop ups and a slow computer.
I followed the instructions for this forum and here is what I got from the DDS scan.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Derek at 12:26:11.73 on Wed 03/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.198 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\... Read more

A:Infected- Smitfraud-C.gp, etc..... Help with removal

Hello.There's a lot of vundos on your machine.You have 2 Anti-virus Programs installed. This is not recommeneded as it can cause system failure and crashes but also fasle-positives between them. I suggest you remove either AVG or Avast from add/remove.Make sure you disable Spybot's Tea-Timer and any other real-time protection (your AV) you have enabled before running the tool below.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consol... Read more

3 more replies
Answer Match 39.06%

Hi everyone. My computer has been apparently infected with a trojan. I'm not very computer savvy, but I can at least follow directions pretty well. Anyway, back to the trojan. Occasionally, a Windows Defender message will pop up. Forgive me for not knowing exactly what it says, but the message essentially says that Backdoor:Win32/Cycbot.B was found on my computer and that it needs to be removed. When I click the option to remove/quarantine, my internet does not work until a reboot. When the system is rebooted, everything works and I tend to get the message again from Windows Defender. If I do nothing, then my internet works. If I attempt to remove the virus using Windows Defender, it doesn't go away. Instead, I simply lose connection until the next reboot. I have been noticing that, while using Google Chrome, trusted websites (such as Yahoo.com) cannot be accessed without reading an enormous "This Website may be hosting Malware!" warning. After agreeing that Yahoo might be hosting malware, I can then access the site. I have read a lot about this trojan and it is apparently pretty serious. I'm not sure exactly what information someone would need to help me, but I'm running a 64-bit version of Windows Vista and began noticing these strange symptoms about a week ago. I would appreciate anyone who could aid me in getting rid of this trojan. :]

A:Infected with Trojan and need removal.

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

3 more replies
Answer Match 39.06%

.DDS (Ver_11-03-05.01) - NTFSx86 Run by 100403428 at 0:51:27.47 on Mon 04/11/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3066.2335 [GMT -4:00].AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRest... Read more

A:infected with ms removal tool

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 39.06%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by 100403428 at 0:51:27.47 on Mon 04/11/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3066.2335 [GMT -4:00]
.
AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe... Read more

A:INFECTED WITH MS removal tool

and no boot cd available or any other system cd

3 more replies
Answer Match 39.06%

Hello my name is Sarah and I am looking for some help.  My computer (Dell with Windows 7) is infected with Cryptowall 3.0 and it has taken my files hostage.  The main files that I noticed that we infected were pictures.
I have installed and run both Spyhunter 4 and McAfee but each time my computer restarts and the programs run again it still shows that the virus is still a threat.  I attempted to download ListCwall to remove the files but it will not download past 68% for some reason.
 I am hoping to remove the malware and hopefully restore my photos through a shadow program.
Can anyone help me with this?   Thank you.

A:Infected with Crypotwall 3.0 Please Help with removal

Hello Sarah, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
Ensure you are following this topic. Click  at the top of the page. 
============================================... Read more

89 more replies
Answer Match 39.06%

Last week I removed a MoneyPAK infection. I thought it was sucessful....but, not I'm dealing with infected services.exe as reported by Symantec Endpoint Protection.

Any and all help with removal will be greatly appreciated!

Thanks
Todd
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by dwestegaard at 10:17:55 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3241.1749 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\W... Read more

A:services.exe infected. Need removal help

Issue resolved. Please disregard.

2 more replies
Answer Match 39.06%

Hello,
 
This morning I very, very stupidly allowed something called privitize vpn to install on my computer.  I realized as soon as it started installing that it was a bad idea, but I was duped by a site I had used before and trusted.  Anyways, I already uninstalled the program and ran malwarebytes, which found some issues in the registry and removed them.  However, I know that the malware is lurking on my computer.  Firefox redirects to www.google.com/webhp when I open it (Chrome seems to be OK though), and I believe that this nasty virus has modified by task manager somehow as I can only see open programs and can't see any other tabs (processes, etc.) when I run it.  I assume that I have a rootkit issue.
 
Here is my DDS report and my dds attach.txt is attached below:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.7.2
Run by Ryan and Ash at 9:30:23 on 2013-02-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8188.5699 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Wi... Read more

A:Infected by Privitize VPN - Need Removal Help

Hello RDoringo and Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back a... Read more

20 more replies
Answer Match 39.06%

 Attach.txt   12.61KB
  0 downloadsHad windows defender malware.  Used rkill and malwarebytes to remove it.  My computer is mostly working except for downloading files from the internet.  Internet explorer says the file has a virus and has been deleted.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Josh at 8:28:25 on 2013-11-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8190.5558 [GMT -6:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\APC\APC Pow... Read more

A:Infected with zeroroot? Need removal Help

Hello jlp16au I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

31 more replies
Answer Match 39.06%

Good day this system has been infected with "MS Removal Tool". It also shows the following message shortly after booting :

"Appliation canoot be exectued the file tfswcrtl.exe is infected"

I was only able to run the prescribed utilities and get log outputs after using "Rkill" (The rkill log is also attached for review)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aaron Stein at 9:28:32.39 on Wed 05/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1333 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

As of 5/11 19:50 ET I deleted the file and folder identified in the "Rkill" log..the system seems quite but not sure if it's free of pests..Please inspect to see if I need more help..Thanks
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intern... Read more

A:Infected with MS Removal Tool

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

5 more replies
Answer Match 39.06%

I'm having trouble removing bip.exe
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:52 AM, on 4/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\vVX6000.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\WRInstall.exe
C:\Users\Jesse\AppData\Local\bip.exe
C:\Program Files\Trend Micro\HiJackThis\HiJack... Read more

A:I'm infected with bip.exe & malware removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 39.06%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

A:Infected with MS removal virus

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

2 more replies
Answer Match 39.06%

My mother recently downloaded and installed Bandoo and iLivid. When she installed them, searchqu was installed along with them.

She has now noticed that sites get hijacked by searchqu and it has made itself her home page (we can't change it).

I have uninstalled Bandoo and iLivid. I have disabled searchqu from IE's "Manage Add-Ons". It is still there.

She is worried about it now because she has had a problem with it when trying to use her online banking.

I have instructed her not to use the computer until we can get this resolved.

I have ran the following programs: Spyware Doctor with Antivirus, Malwarebytes Antimalware, SuperAntispyware, Spybot, and Hitman Pro.

All of them found some issues and fixed them; however, searchqu is still there.

I have ran DDS and GMER.

Below is the DDS log. I have also attached a ZIP file that contains the attach.txt from DDS and the ark.txt file from GMER.

I had to ZIP the files because the file from GMER was 1 meg large. Should it have been that large?

Any help would be greatly appreciated.

Please let me know if anything else is needed.

Thank you.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Paul at 19:56:20 on 2011-07-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1123 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861... Read more

A:IE8 infected with searchqu -- removal possible?

Hi sykomac,Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. My name is sundavis, I will be helping you to deal with your Malware problems today.I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In your case, you have both Spyware Doctor with AntiVirus and Microsoft Security Essentials .The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Please remove one of them via Add/Remove Programs and proceed the following afterwards.Step1Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default ac... Read more

12 more replies
Answer Match 39.06%

Just today I had a "MS removal tool" pop up on my screen that automatically made it look like a program was scanning my computer. Then at the bottom might it would pop up with a red x that AVG might be out of date.

I just would like to know what the next steps are. My computer has been running AWEFULLY slow for some time now, and I figured something was going on, but today finally this crap showed up!

Thanks so much in advance!

A:Am I infected? MS removal tool/AVG pop ups

Help?

6 more replies
Answer Match 39.06%

I am trying to fix my laptop PC running windows vista that seems to be infected. I originally tried to install Microsoft Security Essentials, but during the installation when the program tried to update virus definitiions, it wouldnt be able to and the program was no able to be used. I then tried installing my subscription to Norton 360, however, the computer is blocking it from running. Then I tried to install Malewarebytes, but the prgram would just disappear when I tried to run it (same thing with Superantispyware). Lastly, I tried to run the portable version of superantispyware from a USB drive. The scan would work for about 3 minutes before the program disappeared completely. In those 3 minutes, it showed 2 infections under the name "trojan.dropper/SVCHost-Fake"

Below are the DDS and Attach files. I tried to run GMER, but after clicking scan, the program just disappeared.
DDS (Ver_10-12-12.02) - NTFSx86
Run by esther at 22:42:05.92 on Thu 03/03/2011
Internet Explorer: 8.0.6001.19019

============== Running Processes ===============
============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\a... Read more

A:Infected PC, Cant run Maleware removal

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

5 more replies
Answer Match 38.64%

Hi,
I downloaded a game and somehow it managed to install spyware ludashi.
I managed to remove some of the ad installers but but when I run the ads cleaner it crashed during the process & I don't have a choice but to force start the laptop as it crashes every time.
Any help would be much appreciated

More replies
Answer Match 38.64%

Hi all,

Please help - my laptop has been rendered useless due to a sudden bout of viruses and malware. Virus scanners have picked up viruses (Trojan.Wimad, Trojan.192A, BearShare, Downloader, InfoStealer.Gampass and more) and keep claiming to have removed and solved the problem. But my computer is still extremely slow and attempting to access websites in IE is impossible as the URLS are all redirected. I can't get on any websites but Google's front page. This happens in Firefox but not as badly.

Please help - I've been tried to sort this for 2 days now!

This is my HiJack log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:48, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulea... Read more

A:Severly infected, tried removal but still having issues

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

==========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the too... Read more

3 more replies
Answer Match 38.64%

I have contracted what I believe is a virus known as Jokebluescreen.c My computer/diagnostic skills are extremely limited and I turn to you for help with removal. This virus appeared to load itself, have blocked removal and restorations functions found in Task Manager and System Restore. I have attempted to delete the file itself, but removal is blocked. Continual pop-ups from them regarding found viruses and adware become present. My McAfee Security System identifies its presence in their own pop-up screen, but requesting file removal through McAfee seems to be blocked by them (Jokebluecreen.c) when removal is selected/run. I have contacted McAfee and they recommended deletion of all temp files, cookies; this has resulted in no/zero success. My now reddened stomach lining and usually calm, but currently disrupted disposition, is in your hands. Thanks for your helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:11:50 AM, on 7/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDO... Read more

A:Infected With Jokebluescreen.c/removal Help Needed

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.Please let your firewall allow the scanning/downloading process.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you are using Vista, you need to right-click at dss.exe icon and choose Run as AdministratorRegardsfenzodahl512

2 more replies
Answer Match 38.64%

I believe that my PC has been infected with a rootkit. I was not aware of this forum until now so I decided to take matters into my own hands. Eset nod and Malware bytes were of no use because any attempt to revert the rootkit would fail. Whenever I started mbam, an error would pop up that it couldnt load the anti rootkit countermeasures. Eset nod couldnt pick up on anything but a few suspicious cookies whenever I scanned. I then decided to go on my other computer and download Kaspersky rescue disk into a usb which I booted the infected computer from. The scan literally took 3 days and didn't go past 33%. Even after the 3 days it didnt pick up anything yet aside from 4 adwares. I stopped the scan and decided to manually delete files that I crosschecked on the internet which is how i came across this forum. I have to attempted to follow the steps of similar cases to no avail. My current issues are: I cannot run exe files such as rkiller or TDSSKiller. Combo fix freezes up at around 90% and ive left it for more than 6 hours at one point. I did however get SuperAntiSpyware to work and it has cleaned up alot of cookies. Google chrome isn't working so I've been forced to use mozilla. USB flashdrives will not work even in safe mode. Ive tried running as administrator but it doesn't work. I am positive that the registries have been tampered with. Any assistance is immensly appreciated and I'm willing to cooperate with just about anything at this point. Thank you in advance.

A:My PC is infected with a rootkit and I need assistance with removal.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/617177 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

0 more replies
Answer Match 38.64%

So....I've been infected with Backdoor.tdss.565 and I've read all the gloomy news about polymorphic trojans and how it is categorically impossible to remove them completely.I use my computer for online banking so a complete reformat seems the only option for me. (unless these really can be completely removed)I've read these reccomendations about backing up my files before i do:From geekstogo.com - i thinkThis infection can and will infect all the machine's executable files, document files, and media files. Malware experts say that only a complete reformat and reinstall is the only way to clean the infection. DO NOT back up ANY files containing these extentions: .exe, .bat, .scr, .rar, .zip, .htm, .html, .mp3, .wma, .ogg, .mp4, .jpg, .gif, .doc, .xls, .ppt. Anything that is an executable, document, or media file can and probably is infected.//Doesn't leave much does it??In addition:Close all your bank accounts and open new ones and alert your bank that you may be a victim of identity theftChange all your passwords on every website you use from another computerPerform a factory reset on your router [if you have one]Check all networked computers for infection, if infection is found, reformat them using the guidelines above.So two questions:-Really? ALL my documents and music are infected?? I can't back up anything?? This sounds too extreme to me. i can believe executable files and some documents but everything?-I have an HP Pavilion with a recovery partit... Read more

A:Infected with Backdoor.Tdss.565 - How far is too far in removal?

Hello, Most dovs, photos and music are OK. As long as they weren't dpwnloaded off a file sharer. I use this reformat advice.In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you. Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.Use the free version of [email protected] KillDisk.Or Darik's Boot And NukeThe best sources of Information on this areReformatting Windows XPMichael Stevens Tech Windows XP: Clean Install==============================2 guidelines/rules when backing up1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...2) Do not b... Read more

1 more replies
Answer Match 38.64%

I can't seem to remove the damn easylifeapp malware that redirects traffic from both chrome and firefox.
 
For some reason, IE is fine and doesn't seem to open up the easylife but both chrome and firefox does.
There is no sign of the malware that I can uninstall from the system.
I ran malwarebytes anti-malware (in quick mode) and it couldn't find anything.
 
Yes yes, I know I shouldn't click willy nilly on suspicious stuff, but please help.
 
Here is the log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by Lim at 16:17:17 on 2013-03-29
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3327.2200 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceSer... Read more

A:Infected with the Easylifeapp redirect. Need help in removal please.

Hello TheSecondIdiot I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

15 more replies
Answer Match 38.64%

To Whom It May Concern,

My friends computer is infected with a Trojan virus. According to Avira, WINDOWS/system32/eventlog.dll is infected with the virus. This virus is being such a pain. It is not allowing other programs to run like Malwarebytes, SpyBot, Avira, and my friend's Internet is running slow and sluggish. Your help will be greatly appreciated.

A:Removal Assistance of Infected File...

To be honest...I haven't the slightest clue why you posted that data here.

I've never heard of the win32kdiag.exe and since it appears to have nothing to do with XP issues, I suggest that you remove it by editing your original post. If someone at the malware forum wants any logs, they will tell you...it's not wise to anticipate.

I will now suggest that your thread be moved to a more appropriate malware forum. I suggest you read/follow all administrative guidance at that forum.

Louis

3 more replies
Answer Match 38.64%

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jim at 20:55:39 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.999.442 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\W... Read more

A:Infected with ms removal tool malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Answer Match 38.64%

Please help!
My brother's computer has been infected with the Advanced Virus Removal fake application among other things.
I got Malwarebytes to do a quick scan once under a new account and by renaming mbam.exe.
That app no longer responds but it did find over 80 bad objects on that one quick scan.
Ad-aware runs ok and removed 1200+ bad objects on first run.
Each time after that, it finds a trojan win????.tdss but it does not seem to successfully remove it.
I get the blue screen of death if I try to log in in safe mode (of and flavor).
The only symptom I see now is a redirect of all links following a google search.
Believe me, it was a lot worse 24 hours ago. I could not even run cmd before I started.
Here is my DDS. I hope you can help! Thanks

DDS (Ver_09-07-30.01) - NTFSx86
Run by john at 13:27:23.04 on Sun 08/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.69 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1&... Read more

A:Advanced Virus Removal etc Infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 38.64%

I am infected with the MS Removal Tool. When I boot up in regular mode, the program is open, and appears to be running. it has changed my background, and it will not allow me to open any applications.
I followed the directions on the following link, and everything appeaed to be successful, but when I rebooted the virus was still there.
http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Now I am trying to follow these instructions, but I am stuck at the point where I get the GMER scan. I downloaded the pogram and opened it successfully. Then it starts to scan. Then i get the blue screen that says something bad has happened and windows is shutting down my computer to protect it. I tried to scan 2 more times, both ending the same way, so i am unable to complete the GMER scan.

Below is my DDS report.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Rae at 9:06:47.64 on Mon 04/11/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3573.2699 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32... Read more

A:Infected with MS Removal Tool Virus

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 38.64%

Hi, I'm using Norton 360 on Windows 8 and it says I need manual removal of the virus. What do I do?

A:infected w/ W32.Mezit!inf and need manual removal...

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.The current wait time is 1 - 5 days and ALL logs are answered.If HelpBot replies to y... Read more

1 more replies
Answer Match 38.64%

Hello all!I'm new to the forums, and I've came here because I am infected with the lovely rond.starsdoor.com pop up. I know a few people have had it but I heard that every spyware depends on the system too so here I am posting for help along with my HiJackThis log. It is extremely annoying and I've used my virus scanner (Avast) to try and get rid of it, along with several spyware programs (spy sweeper, spyware doctor, ad-aware.) with no success. Any help is greatly appriciated. Also for some reason whenever I am using my browser the active page acts as if i click on something other than the current browser (isn't highlighted anymore) so that say like now when I'm typing this, my words stop typing because this page becomes unselected. Very annoying.******************************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:59:44 PM, on 2/10/2008Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\... Read more

A:Infected With ( Rond.starsdoor.com ) Pop Up. Help With Removal Please.

Hello rfS and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

13 more replies
Answer Match 38.64%

I have a Dell running XP. I reinstalled XP when my father gave me the computer infected. Well I have done the same. My computer runs very slow. The windows I open do slow motion when I close them. I have recently got A LOT more knowledgeable in protecting my PC after infecting the lap top I am typing this on. This site helped me a ton. But any how I am wanting to get my desk top to working order and secure. I have recently insatlled : HijackThis, SilentRunners, Dr.Web, And SuperAntiSpyware in prep for removing my nastys. I also have a sub to Stopzilla anti spyware. It scanned and said 1143 threats wich is more like 56 with subs. But I have noticed after scanning and removing that if I un-plug my net all seems to be well for the most part. I have'nt gotten any errors. My computer is just very slow and pretty much useless unless I have a ton of time to wait for opening and closing windows. I have nothing of importance on this computer at the moment because it's on my Mac laptop and my PC laptop, so I was thinking maybe it would be easier to do a XP re-install again and then I can secure it from there. That might be less of a fight ? Please throw me a line I would like to get this dealt with. Thanks
 

A:Infected Computer Removal Needed

16 more replies
Answer Match 38.64%

Hello. I have windows 7 and I noticed norton picked up on a few things. I didn't see the first one but a message just popped up now saying there was an attempt blocked called HTTP Nukesploit request. I did a little research online and found that it's malware. I know nothing about viruses and how to get rid of them besides downloading antispyware or programs such as that and running them and seeing what is found. Norton found that nukesploit and read about other people who have this problem have malware. While I was looking at that message, I decided to check my norton history and see what other things are detected as I leave my computer on sometimes while watching tv and don't notice the messages. There was one attempt blocked a few days ago saying HTTP Fake av redirect. I researched that a little bit and people have said that there's a fake av program installed on their computers but I only have norton on mine.

Also, my internet explorer has been crashing a bit more often. With the error message saying "internet explorer has stopped working" and you click ok and it restarts the browser with the tab you have it on. I haven't been doing anything weird I'll just be trying to watch a streaming video or something and it gives me that error message. It usually happens with streaming video sites or on sites I always frequent like a few video game websites and streaming sites and such but it's never off a new page i'm going to. It happens m... Read more

A:Infected with malware and something else possibly - help on removal

bump. any help?

1 more replies
Answer Match 38.64%

Hi
Just found this website, hopefully i'm in the right forum and I thank you guys for helping people with their computer problems. I recently noticed that my internet home page redirects to Yahoo. I scanned with Malwarebytes Anti-Rootkit BETA V1.07.0.1005. The results were C:\Windows\Installer\{25143fb4-71a8-8726-3250-f1f7e4e3e5e7}\@-->[Backdoor.0Access]
 
It says it cleans up and creates a restore point but it doesn't and the malware shows up again on re-scan. 
 
Again, thanks for your time
 
 

A:Infected Backdoor.0access help with removal

Welcome aboard  ZeroAccess rootkit infection requires elevated help. Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 38.64%

My computer recognized my PDA and sync was ok. Then had Avast antivirus installed. Computer now does not recognize my PDA and no sych activity. Avast rep looked in my computer and found one of trojans which infected the PDA software/file. How do I first find which trojan(s) then remove them? Please help. Thank you.

A:PDA file infected- removal trojan. how?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 38.64%

Hello
 
I got infected by a fake installation application which apparantly downloaded and installed several PUP's and other junk on my computer.
 
I can still find traces of it after removal and that worries me.
 
Most obvious sign of traces: "thirteen degrees 1.0.1" Firefox extension still exists but have the status "Has been removed" restart now. But a restart does not take care of the job.
 
Some of the scanning logs also still find traces which you guys probably understand more of than I do, so please take a look and advice for further cleanup.
 
 
Thanks!
 
PS: I have attached the first logs from the first runs and the new runs after removal.

A:Got infected by several PUP's, still find traces after removal.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Extension: thirteen degrees 1.0.1 - C:\Users\kennef\AppData\Roaming\Mozilla\Firefox\Profiles\igt3st8z.default\Extensions\{27068654-e34a-40b5-9675-2488d66fe512}.xpi [2015-08-13]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9
C:\Users\kennef\AppData\Roaming\Mozilla\Firefox\Profiles\igt3st8z.default\Extensions\{27068654-e34a-40b5-9675-2488d66fe512}.xpi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the t... Read more

2 more replies
Answer Match 38.64%

Hi. My PC is infected with VirusBurst, and i did the automated removal as shown in one of the forums here. This is from the RougueScanFix.Task:
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
WHAT SHOULD I DO NEXT? PLZ HELP!

A:I Am Still Infected, Virusburst(after The Automated Removal)

Did you follow the directions in the link below?http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/

3 more replies
Answer Match 38.64%

Hello and thanks in advance to anyone who can help with this bad boy.
Did have the rogue software Windows XP Restore which I thought was gone, either it has not or else something else lurks.

Problems I am seeing are:
No internet although Malwarebytes can download updates, cannot access Windows Updates.
Internet Explorer/Firefox will not load.
Blue screen when going into Windows XP Safe Mode.

Tools I have used:
RKill
Malwarebytes
Unhide

DDS log:-

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Run by paul thompson at 10:55:12 on 2011-06-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.421 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.e... Read more

A:Still infected after Windows XP Restore removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 38.64%

I started getting messages last night that some temporary file could not be saved because my hard drive was failing. Afterwards, I started getting popups for MS Removal Tool (fake antivirus). I got on the bleeping computer page and followed all the directions to remove this specific malware. After following all the directions and rebooting I still have major issues. Only a couple of my programs are showing from the Start Menu. I don't know where they all went. Mozilla Firefox is also completely gone from my computer. I am still getting the bubble popup message in the bottom right that says some temporary files is having a "write" issue.. (i forget what it says exactly).Here is a copy of my most recent HiJack this log. Please help! Thanks in advance.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:51:48 PM, on 5/13/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless... Read more

A:Infected w/ MS Tool Removal Virus & Others

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

84 more replies
Answer Match 38.22%

Hi there,

I was running Firefox the other day and for some reason, my Windows 7 Professional laptop got infected with the MS Removal Tool malware. I am prevented from opening any programs, including my browsers. The MS Removal Tool then launches and scans my PC, tells me that I am infected with 38 forms of malware, and then proceeds to fish for my credit card info.

Could you help me please?

Regards,
Nick

A:Windows 7 Laptop Infected: MS Removal Tool

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

9 more replies
Answer Match 38.22%

Hello all,I got this nasty infection on my PC and I want to get rid of. Windows Defender will detect it everything and remove it but it will reappear the next restart.I have post some logs and let me know if it is enough. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:17:39 AM, on 8/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exeC:�... Read more

A:Infected with Backdoor:WinNT/Rustock.AN, I need help with removal

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 38.22%

Hi,My Laptop computer has been infected with vista antispyware removal 2010. Running windows malicious software removal stops the program from running and the pop-ups from appearing. But does not seem to remove the rootkit. and after awhile the vista antispyware removal 2010 re-installs itself. It is preventing user access to most programs, and terminates any software that tries to detect it. I can run a program the first time, than after that the permission is denied. I could not create a gmer log. The instructions from this website were followed correctly yet gmer would terminate once it got to scanning the user directory.I tried running "malwarebytes anti malware" applying the registry edit "fix exe" before hand, it was terminated immediately. kaspkersky and winpatrol won't run either.DDS (Ver_09-12-01.01) - NTFSx86 Run by Isabelle at 12:00:32.01 on Fri 02/12/2010Internet Explorer: 7.0.6002.18005SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.google.ca/uInternet Settings,ProxyOverride = *.localuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs... Read more

A:Infected with vista antispyware removal 2010

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malwa... Read more

7 more replies
Answer Match 38.22%

Hello.

I'll start from the beginning to give you a complete picture of the last 24hrs... what happened, and what I've done to date.

Last night, while NO applications were running, my computer start playing a sound of people cheering and clapping, followed by this I heard a Travelocity ad. I immediately checked my system processes for perhaps a stuck browser session that was perhaps playing a website ad video or something. As soon as the task manager started, and error message poped up saying LPVIDEO.DLL has crashed. Fearing the worse I immediately ran Malware Byte which I use frequently. For what its worth, my last full scan using MBAM was less than a week ago and the scan was clean. MBAM found several infections, I have attached a screenshot of this. MBAM stated that a reboot was now needed so I initiated a shutdown. The shutdown process seemed to go as usual except that instead of shutting down, I get a BSOD stating: Internal Power Error. I NEVER get BSODs while shutting down/rebooting. SO I hit the reset button and rebooted normally.

I then started another scan using MBAM. This time the scan was clean and I was hopeful that this mess was over. I opened IE8 to browse the web. Everytime I clicked a Googel search result, the link got redirected several times and I ended up at the URL of theclickcheck.com. Ok, so now I'm thinking this is NOT over so I then downloaded Ad-aware and SuperAntiSpyware. Neither program found anything new.

I started researching thecli... Read more

A:Vista PC infected, all attemps at removal have failed

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTDownload GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

2 more replies
Answer Match 38.22%

Everytime I open IE I get various pop-ups, most commonly "WinAntiVirus, Drive Cleaner and Error Safe." I also continue to get the boxes that ask to install the software. I have tried numerous spy ware removal tools as well as Norton Anti Virus but cannot get rid of the virus. Thanks for the help!Logfile of HijackThis v1.99.1Scan saved at 5:31:38 PM, on 5/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\QuickTime\qtta... Read more

A:Infected With Winantivirus, Drivecleaner And Errorsafe Removal

Welcome to the BleepingComputer HijackThis Logs and Analysis forum premierwindow Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Please post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.***********************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log.

7 more replies
Answer Match 38.22%

MS Removal Tool, saying I have infections and virus'. CLicked to see the problem and 'scans' my computer saying I have 38 infections. I click remove, comes up with a payment option asking for Credit Card details.

Have tried going through steps 6 and 7. Download links to desktop, try to open them. Warning sign from MS Removal Tool : 'Warning Application can not be excicuted. The file dds.scr is infected. Please activate your antivirus software'.
Not sure what to do now because steps 6 and 7 are the ones that are most imporant.

Other message bubbles keep appearing.
'Warning windows had dected spyware infection! Click this message to update'
'Intercepting programmes that may comprimise your privacy and harm your system have been detected on your PC. Click here to remove them imediatley with MS Removal Tool'

A:infected with MS Removal Tool (antivirus software)

Hey - it's your bro!The program MS Removal Tool is what's known as a rogue Anti-Virus. It installs on your PC and will identify problems which may not exist but ask you to pay to remove them. More details can be found here.Please download OTH.scr to your desktop.Now download OTL to your desktop.Double click the OTH file and select Kill All Processes, your desktop will go blank

Then select Start OTL, - OTL will now run:Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedCasey

12 more replies
Answer Match 38.22%

Hello all,I was infected with WinAntivirus (supposedly legitimate program that keeps re-installing itself and throwing popus at me relentlessly while slowing down my computer dramatically). I Ran spybot search & destroy, lavasoft ad aware, computer associates pest patrol, trendmicro's housecall etc. Some of them detect the spyware and clean it from memory, but none of them stop it from re-spawning again. I used a program called "Computer Inspector" to disable many of the "Startup" processes that re-spawn it. Here is a summary of the startup processes. Please note - all are disabled:Startup Report Generated by : Computer InspectorVersion : 6.3Date : 8/28/2006 9:08:23 PMWindows Version : Microsoft Windows XPWindows Build : 5.1.2600Windows Service Pack : Service Pack 2 Internet Explorer : 6.0.2900.2180Startup Item : AltnetPointsManagerEnabled : NoStartup Item : iuofEnabled : NoLocation : Command : C:\Program Files\Common Files\iuof\iuofm.exeStartup Item : KernelFaultCheckEnabled : NoLocation : Command : %systemroot%\system32\dumprep 0 -kStartup Item : NvCplDaemonEnabled : NoLocation : Command : RUNDLL32.EXE C:\WINDOWS\system... Read more

A:Infected With Winantivirus - Posting Log For Suggested Removal

I'm still getting random popups etc. can anyone please help?

3 more replies
Answer Match 38.22%

I believe I got Vosteran when I was downloading FireFox.  Guess I didn't use the correct download version.  I want to remove Vosteran and add a virus/malware protection.
 
Thanks for your help.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Denna (administrator) on DENNA-PC on 28-01-2015 22:07:02
Running from C:\Users\Denna\Desktop
Loaded Profiles: Denna (Available profiles: Denna)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
() C:\Program Files (x86)\ace race\bin\utilacerace.exe
() C:\Program Files (x86)\ace race\updateacerace.exe
() C:\Program Files (x86)\ace race\bin\acerace.expext.exe
() C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe
() C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter.... Read more

A:Infected with Vosteran hijacker - need removal instructions

Hi there,
my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.
 
 
We need to remove some programs with Revo Uninstaller Free:Note: Revo Uninstaller is more thorough in deleting programs on ... Read more

6 more replies
Answer Match 38.22%

This computer has/had a nasty virus. I have already ran Spybot S&D and removed alot of crap. I also did a scan with MSE and it found several virus' and removed them, but links on sites (google searches mainly) are still getting hijacked. Any help is extremely appreciated as this is a free site.

*****DDS Log*****

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 10:08:04.67 on Fri 09/24/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2251 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\Program F... Read more

A:Infected Computer/Tried the usual removal techniques

Hi

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

4 more replies
Answer Match 38.22%

Recently about 2-3 days ago, everytime I would reboot my computer, Malwarebytes would notify me that Trojan.Agent.cn svchost.exe was quarantined.  It is never removed.  I am worried.
 
DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.13.2
Run by Wei Wei at 23:45:28 on 2013-02-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.5233 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI... Read more

A:Infected with Trojan.Agent.cn svchost.exe Removal Help Please

Hello nowhey These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller--Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

18 more replies
Answer Match 38.22%

Hello, I am having trouble detecting what malware is causing my computer to have pop-ups and redirections in my web browser. I used a tutorial that used rkill and malwarebytes anti-malware to remove MalwareDefense. Upon reboot, Malware.Trace popped up. I thought I had removed it, but am still getting the pop-ups and redirections. Nothing is showing up on my MBAM scans now, and Avast doesn't seem to be removing or quarantining any of the infections either.DDS (Ver_10-03-17.01) - NTFSx86 Run by USER at 13:23:30.82 on Wed 04/07/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1314 [GMT -4:00]AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! antivirus 4.8.1368 [VPS 100407-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files&... Read more

A:Still infected with pop-ups, even after removal of MalwareDefense and Malware.Trace

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

7 more replies
Answer Match 38.22%

Hello. A friend's laptop (Dell Vostro 1500, Win XP Home SP3) became infected with IS 2010, so I followed removal instructions from this page:http://www.bleepingcomputer.com/forums/t/286684/is-2010-removal-crisis/All seemed ok- MBAM ran (after rkill) and seemed to remove the malware. THen about a day afterl I returned his machine to him and he went back online, signs of infection showed up in his wife's User Account, now he's having all kinds of odd behavior (browser redirects using FireFox), very slow startup and shutdown, several program errors and programs not ending at shutdown, and IE will not start at all. I'm worried that the machine is either still infected w. IS 2010 or something else. What can I do? Is there a good tool to determine whether something is still infecting this machine?

A:Internet Security 2010- still infected after removal?

Sorry, misprint.

2 more replies
Answer Match 38.22%

have used spybot, adware, and hijackthis on three serparate
computers...

All three got infected with exact same pop-ups.

heres the info:

spybot I got from safernetworking.org
adware from lavasoft.com
hijackthis from spywareinfo.com* I am most suspicious about this site
Please folks can I have some your input on this topic...spyware is hard enough to get rid of but spyware removal tools that are infected themselves is not on.
 

A:*WARNING* spyware removal tools infected themselves

8 more replies
Answer Match 38.22%

Windows Vista 64 bit OS

I ran Malwarebytes on the hard drive first, by slaving it to another PC, removed 4 objects
ReRan Malwarebytes on laptop with hard drive installed, found 0
Ran TDSSKILLER, found 0 rootkits
Ran unhide.exe from the forums
Ran RKill

The actual rouge antivirus doesn't pop up, but the desktops are both black, and there are quite a bit of files not showing up, and IE doesn't load any websites, says there is an error with the site and to try in compatibility mode, which still fails to work. I am fixing it for a friend, but this one has me stumped, any recommendations? I have hidden files and folders showing and still do not see the files...

Thanks

A:System Restore-Still infected after removal tutorial

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

1 more replies
Answer Match 38.22%

yesterday my friend got some malware from a url while browsing the net on my desktop. Now I'm stuck with it, pop ups keep coming up every 10 or so minutes, asking me to buy some sh1t. here is the log from hijack this.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:03:26 PM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Hletub.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Everything\Everything.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
D:\Program Files\Cyberlink\Shared files\brs.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Replay Media Catcher\FLVSrvc.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPage... Read more

A:HTML/Infected.WebPage.Gen - Need some help for removal, log inside

6 more replies
Answer Match 38.22%

Hi everyone,

I'm running Windows XP Version on a HP pc.

I started to suspect something was wrong when I tried to open Malwarebytes Anti-Malware for a routine check, but couldn't. So here's the summary of my symptoms. I can't access my Symantec Antivirus Corporate Edition 9. Norton's autoprotect is still enabled, but it will not open, so I can't run a full scan.

Since Symantec won't open and won't uninstall, I installed AGV 8.5, ran a scan then uninstalled it. Since I still can't open Symantec or windows defender, I still think I have a problem.

When I attempt to open Symantec, I get the following error:
C:\Program Files\Symantec AntiVirus\VPC32.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Can't run MBAM, HijackThis, Symantec Antivirus, Spybot Search & Destroy, or Ad-Aware. With MBAM and HJT, I can rename a copy the executable and it'll open, but it shuts down if I try to run a scan; and if I try to open, move, or rename that copy of the program subsequently, the operation will fail with the error, "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the file."

However, Process Explorer works and superantispyware, which I ran a full scan, but issues are still here. Also tried running RootRepeal, and it says "initializing, please wait" and never ... Read more

A:Infected, and can't run hijackthis, Mbam and other removal programs

See if this tutorial is any helpPost back if you need helphttp://www.bleepingcomputer.com/virus-remo...dows-police-pro

4 more replies
Answer Match 38.22%

My PC is infected. A program "MS Removal Tool" pops up when I boot and scans my computer and then asks if I want to remove the threats. It has blocked my viris software from running. I followed the Bleepingcomputer Forum preparation guide and ran DDS.txt and have attched attach.txx and ark.txt Logs to this topic. I am posting them here. Please help.Thank you.DDS.DDS (Ver_11-03-05.01) - NTFSx86 Run by Robert at 18:02:41.05 on Sun 04/24/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3574.2324 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Netw... Read more

A:Infected with "MS Removal Tool" Popup "scans PC"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

16 more replies
Answer Match 38.22%

I was infected with Spyware Removal 2009 Malware. so I had the Spyware Removal 2009 malware somehow got installed on my computer. As some forums said I installed malwarebytes to remove it. I think I got most of it out but I thought I had it all removed before and it came back. So here is my hijackthis file to see if everything is off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:33 PM, on 3/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS... Read more

A:Infected with Spyware Removal 2009 Malware.

Hello pdeals917,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

4 more replies
Answer Match 38.22%

Hello all. Yesterday, Avira Personal edition found the following program/virus/thing while I was opening Windows LIVE messenger:HTML/Infected.WebPage.GenThey were found here:'C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EFHK6W4\pid=Messenger_IMSCB2_234x60_MMN[1].htm.'C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\553S9XHB\pid=Messenger_IMSCB2_234x60_MMN[1].htm.Avira popped up 4 times with this instantly as I opened the program. Live messenger was minimized but running in the system tray. I moved the infected files to the quarantine. I scanned my PC with Avira in safe mode, as well as Spybot and Malwarebytes (only Windows and Users folder with Mbam). It came out clean. I then ran crap cleaner with its registry cleaner. I figured it was done. Today, I was using live messenger. It worked fine, until again, I got the same same thing. Aviria popped up. Exact same location. It popped up 4 times (just like last time). I moved them to the quarantine once again.So I am wondering if this is a false alarm for Avira? Or if not, how can I remove this virus? Did some of the ads in Windows live messenger get hijacked? I use this program daily (a leave it running all day), so I would like to remove the virus if there is one.I am running the Eset online scanner right this minute to see if it finds anythin... Read more

More replies
Answer Match 38.22%

My computer has been infected with Smart HDD. I'm in the process of removing it, but even in safe mode with networking it still wont let me access Malwarebytes Anti-Malware pogram to scan and remove the virus. DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16Run by Melissa at 17:46:28 on 2012-11-04Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1013.378 [GMT -7:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\s... Read more

A:Infected with Smart HDD and still cant run Malware Removal Programs

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

17 more replies
Answer Match 38.22%

My computer has been infected with a virus and porn ads are popping up every few seconds.
I've been to a few different websites that give step by step instructions for removing this malware but as soon as I download a removal program it is blocked from running.

This includes SAS, MG Tools, etc.

Being unable to run these programs I am completely unsure what to do.
Any suggestions will be greatly appreciated

A:My Computer is infected and I am unable to run removal programs

Hello and welcome .. Please give this a go.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the... Read more

1 more replies
Answer Match 38.22%

Hi, I'm new here, so please tell me if I'm not in the right section.

I've been infected by Renos.JM and most of the programs I install crash on startup (message saying the path is wrong or that I don't have the rights even though I run it as admin) or just don't detect the threat.

List of programs I've tried :

-Spy hunter
-Malawarebytes'
-Others I don't remember of.

Running Vista X86 SP1 (32bits) with MCAFEE.

Any help would be appreciated.

Thanks

A:Infected by Renos.JM and no removal program will work.

Hello and welcome.Please post your last Malwarebytes logThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Now run part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

9 more replies
Answer Match 38.22%

Hi,
 
I have been trying to download Google Chrome to my laptop but with no success. I tried the "Alternate (offline) installer" as well but that didn't work. I looked online for solutions and one of them said I might have an virus. I tried to download some rootkit software but I can't do that either. I get as far as downloading the setup file but the set up won't complete. 
 
I recently installed Windows 10 and have had no problems with it. Also, I did have a virus recently but my anti-virus software (Norton and MBAM) appeared to have dealt with it.
 
Any ideas?
 
 

More replies
Answer Match 38.22%

Yesterday, I picked up a virus that kept telling me that my system was having serious, critical issues. I figured it was some kind of attack, so I ran Malwarebytes right away. Of course it found several objects, and I deleted them. I ran it again, and it found more objects, and I deleted them (sorry, I didn't save any logs). After that, I recieved no more messages. I restarted my computer. Everything was gone! I have no icons on the desktop, and no files in explorer. Somehow, I found my way to my drive properties, and noticed that the drive space had not changed, so I figured out that all the files had just been hidden. So, that's when I really began doing some research about what had gone wrong with my computer. I tried using system restore twice, and each time, I ran out of hard drive space (not sure if this was part of the virus). So I stopped trying that.I then decided to try Rkill. I first ran my old version that was installed. It opened three windows stating "Installation Failed", then proceeded to run, but ultimately came back with "Access Denied". Now it seems, that I also was infected with the MS Removal Tool malware. I understand how to fix that from the BleepinComputer forums, but I cannot run Rkill. I am on a Vista 64 bit machine. Here are my logs:---Rkill---This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Antho... Read more

A:Infected with MS Removal Tool, AND other that hides all files

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

8 more replies
Answer Match 38.22%

Hi My Windows 7 PC 64bit is infected with Virus / Malware. Whenever I try to use Internet Explorer it guides me to different websites each time. Is there a good Antivirus / Malware which can help clean up the infection. I do not want to reinstall Windows. I will appreciate if you can share some of your experience with me. Thanks!!!EDIT: Moved from Win 7 to Am I Infected forum ~ Hamluis.

A:Virus / Malware Removal for infected Windows 7 PC

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

1 more replies
Answer Match 38.22%

How can I removed Advance Virus Removal - it's playing havoc on my computer.

DDS (Ver_09-10-26.01) - FAT32x86
Run by rs at 20:34:47.81 on Fri 11/20/2009
============= Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C: ... Read more

A:infected with Advanced Virus Removal - how to remove?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 38.22%

Hello - My pc has been taken over by some kind of software-removal-tool.com virus.

It started by throwing a bunch of false errors saying my hd was failing, system was corrupt, etc.

Then it displayed and advertisement for some bogus software to remove all the problems.

I obviously didnt click or buy that software.

Now I managed to get rid of the popups, warnings, and all that using Malwares, Ad-aware, superAntiSpyware, SpybotSearch and Destroy.

As for Antivirus software - I have run MSE and AVG.

AVG didn't pick up a thing - and MSE picked up a trojan:JS/Hiloti.F. - andI quarantined and removed it.

I also managed to get the files unhidden.

Now the problems that remain are a bunch of system folders are getting a 'System Denied' error when I try to open them, the desktop theme is pure black, and when I try to open Firefox.exe I get a popup that it is already running and it closes.

I tried uninstalling and reinstalling firefox - but still get the same issue.

If you could point me in a direction of how to resolve this, I would deeply appreciate it.

Thanks.

A:Win 7 64 Bit - infected by Software-Removal-Tool.com virus?

Lets make sure if the system is clean before solving other issuesDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

20 more replies
Answer Match 38.22%

Recently, my computer began to behave strangely and I got a number of false alerts attempting to get me to buy a virus removing malware program. I downloaded Malwarebytes to try to fix it and ran that scan, as well as McAfee and Windows Defender scans. Malwarebytes told me that I had a Trojan virus and I chose the delete on reboot option, however, after multiple attempts to remove it, the Trojan is still interfering with my computer. I think it may involve the system32 folder, and it's causing me a lot of grief. When I attempt to log on, I can only see my desktop background with not start menu or icons. When I use the internet (I use Firefox), my browser is often redirected and link sometimes open new tabs with the same page I had been on before. I have Killbox, Malwarebytes, Ccleaner, McAfee, Windows Defender, and Integrity Client on my computer. I'm helpless when it comes to viruses as I've never dealt with one before. Thanks in advance for all help. :]

A:Infected with a Trojan virus that resists removal

hi caitlyn3591,

your log is several days old. If you still need help simply reply to my post and give me a update on your malware situation.

1 more replies
Answer Match 38.22%

I've removed some infected files called PUP.Blabbers after finding them out through MalwareBytes-AntiMalware and Comodo Firewall scans. Some of it came through TheBFlix. However, to my knowledge I never got this app (if it is an app).

I want to remove the BFlix thing from my laptop and followed the steps I found in one of your threads by going to Control Panel>Programs & Features, but when I got there I couldn't find it on the list. It must be hiding behind something else to which it came attached. It is possible I have removed it at some time but I don't remember doing so, and even if I did, then it left this rubbish behind

What do I do to get rid of the thing for good?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 1642 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 286247 MB, Free - 240556 MB; D: Total - 14732 MB, Free - 1639 MB; E: Total - 4055 MB, Free - 5 MB;
Motherboard: Hewlett-Packard, 3577
Antivirus: avast! Antivirus, Updated and Enabled
 

More replies
Answer Match 38.22%

I'm infected by trojan bookmarker and I have tried to get rid of it by deleting registry key values and subkeys,though it's not been a success... My home page in Internet explorer is still not what I want it to be. And Norton still says:"Trojan.Bookmarker threat deleted" when I log in to Windows XP.....If you need more information, please direct me what programs I need to use to suffice your demands...Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Infected by Trojan Bookmarker, no successful removal yet..

I'm infected by trojan bookmarker and I have tried to get rid of it by deleting registry key values and subkeys,though it's not been a success... My home page in Internet explorer is still not what I want it to be. And Norton still says:"Trojan.Bookmarker threat deleted" when I log in to Windows XP.....If you need more information, please direct me what programs I need to use to suffice your demands...Edit: Moved topic from XP to the more appropriate forum. ~ AnimalEDIT: I formatted the HDD and I reinstalled windows, so you can close this topic.I also figured it takes kinda long for any response or is this normal??

1 more replies
Answer Match 38.22%

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run... Read more

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer"... Read more

19 more replies
Answer Match 38.22%

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Completed five steps...here is the log.

Bump!

3 more replies
Answer Match 38.22%

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies
Answer Match 38.22%

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

please help!!!!!!!!!!!!!
 

A:Installation not completed

6 more replies
Answer Match 38.22%

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

then un plug your system

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

then try your system

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies
Answer Match 38.22%

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:


Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs


When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.
 

7 more replies
Answer Match 38.22%

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John
 

A:Synchronization Cannot be Completed..

6 more replies
Answer Match 38.22%

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?
 

A:Just completed an upgrade

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.
 

5 more replies
Answer Match 38.22%

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Micros... Read more

More replies
Answer Match 38.22%

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.
 

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------
 

3 more replies
Answer Match 38.22%

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Softw... Read more

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/QUOTE]

19 more replies
Answer Match 38.22%

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies
Answer Match 38.22%

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:


Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies