Tech Problem Aggregator

lsprst7.dll, some malware related to this archive and others infected my computer

Q: lsprst7.dll, some malware related to this archive and others infected my computer

Hi there, i?m new here, i?m from spain so maybe i cant explain very exactly in english so, i?m sorry!I?ve found this site in google and i think maybe you can help me, before posting in this forum i?ve read your: "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"I?m not able by the moment of making a backup of my data, i dont have now a external hd. is it sure to make this copy if my computer is probably already infected by a malware or something like this?I am using a hp pavilion dv7 lap top with 64 bits windows vista home premiumI am not very good with computers but i?ll try to explain my problemI was working with "adobe premiere" editing some videos, it began to give problem and finally this premiere archive i was working with stopped working at alleach time i try to run this archive it creates this files in the same directory i was saving it, they are:- lsprst7.dll- lsprst7.tgz- sysprs7.dll- sysprs7.tgz- tmpPrst.tgzI?ve looked in google and i think it has something to be with some kind of malware. You help some people with similar problem with "combofix" but i?m afraid it would not work with my windows.I?m not using a lot the computer now because i imagine the malware will go infecting other applications as i go using them, i?m a bit scared about it...i?ve also disabled my cd simulation softwarenext i?ve installed "dds" and this is the log:DDS (Ver_09-12-01.01) - NTFSX64 Run by Juan at 17:29:49,57 on 22/02/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.34.3082.18.4092.1875 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7af0d372\STacSV64.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Windows\system32\Dwm.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exeC:\Windows\system32\taskeng.exeC:\PROGRA~2\WinTV\EPG Services\System\EPGService.exeC:\Windows\SysWOW64\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\SMINST\BLService.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exeC:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Internet Explorer\ieuser.exeC:\Windows\explorer.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exeC:\Windows\SysWOW64\conime.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\Juan\Desktop\dds.scrC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.es/uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=91&bd=Pavilion&pf=cnnbmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=91&bd=Pavilion&pf=cnnbmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=91&bd=Pavilion&pf=cnnbuInternet Settings,ProxyServer = proxy01:8080mWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office12\GRA8E1~1.DLLBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dlluRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exemRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exemRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [EPGServiceTool] c:\progra~2\wintv\epg services\system\EPGClient.exemRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files (x86)\wintv\Ir.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xportar a Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~2\office12\GR99D3~1.DLLNotify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office12\GRA8E1~1.DLLSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLLmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exemRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exemRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide============= SERVICES / DRIVERS ===============R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-6-4 54480]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-17 89680]R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/03 04:00:44];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_7af0d372\AESTSr64.exe [2009-4-3 89088]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-17 22096]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-17 64592]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-17 138680]R2 EPGService;EPGService;c:\progra~2\wintv\epg services\system\EPGService.exe [2009-11-22 437248]R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 27648]R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-2-25 365952]R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-17 352920]R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000]R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-3 26168]S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-1-5 9968]S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-1-5 74480]S2 gupdate1c9e2ddb2e8542;Servicio Google Update (gupdate1c9e2ddb2e8542);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-6-1 133104]S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-17 254040]S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-3 93184]S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-25 222512]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-6-4 1038088]S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~2\wintv\HCWTVS~1.EXE [2009-11-22 823296]S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2009-11-22 919552]S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2009-11-22 47232]S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-5 131424]S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-21 3154432]S3 PerfHost;DLL de host del Contador de rendimiento;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]=============== Created Last 30 ================2010-02-22 16:28:38 0 ----a-w- c:\users\juan\defogger_reenable2010-02-14 22:50:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com2010-02-14 22:49:32 0 d-----w- c:\program files (x86)\SUPERAntiSpyware2010-02-14 22:49:31 0 d-----w- c:\users\juan\appdata\roaming\SUPERAntiSpyware.com2010-02-14 22:48:14 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard2010-02-14 21:30:37 87 ----a-w- c:\windows\syswow64\ssprs.tgz2010-02-14 21:30:37 73 ----a-w- c:\windows\syswow64\ssprs.dll2010-02-14 21:30:37 219 ----a-w- c:\windows\syswow64\lsprst7.tgz2010-02-14 21:30:37 21 ----a-w- c:\windows\SurCode.INI2010-02-14 21:30:37 205 ----a-w- c:\windows\syswow64\lsprst7.dll2010-02-14 21:30:37 2048 ----a-w- c:\windows\syswow64\sysprs7.tgz2010-02-14 21:30:37 2048 ----a-w- c:\windows\syswow64\sysprs7.dll2010-02-14 21:30:37 1025 ----a-w- c:\windows\syswow64\clauth2.dll2010-02-14 21:30:37 1025 ----a-w- c:\windows\syswow64\clauth1.dll2010-02-14 21:25:50 0 d-----w- c:\windows\pss2010-02-12 09:33:36 1418840 ----a-w- c:\windows\system32\drivers\tcpip.sys2010-02-12 09:33:17 4678232 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-12 09:32:57 134656 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-12 09:32:56 273408 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2010-02-11 21:05:32 464384 ----a-w- c:\windows\system32\drivers\srv.sys2010-02-11 21:05:32 141824 ----a-w- c:\windows\system32\drivers\srvnet.sys2010-02-06 12:03:27 189440 ----a-w- c:\windows\system32\t2embed.dll2010-02-06 12:03:27 156672 ----a-w- c:\windows\syswow64\t2embed.dll2010-02-06 12:03:26 96256 ----a-w- c:\windows\system32\fontsub.dll2010-02-06 12:03:26 72704 ----a-w- c:\windows\syswow64\fontsub.dll2010-02-05 20:05:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf==================== Find3M ====================2012-12-18 15:17:58 6864 ----a-w- c:\windows\fonts\Hardware.ttf2010-02-14 22:18:53 667382 ----a-w- c:\windows\system32\perfh00A.dat2010-02-14 22:18:53 129912 ----a-w- c:\windows\system32\perfc00A.dat2010-01-14 10:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe2009-12-28 12:45:26 13824 ----a-w- c:\windows\system32\tsbyuv.dll2009-12-28 12:44:32 1570816 ----a-w- c:\windows\system32\quartz.dll2009-12-28 12:42:34 25600 ----a-w- c:\windows\system32\msyuv.dll2009-12-28 12:42:32 38400 ----a-w- c:\windows\system32\msvidc32.dll2009-12-28 12:42:32 143360 ----a-w- c:\windows\system32\msvfw32.dll2009-12-28 12:42:28 15872 ----a-w- c:\windows\system32\msrle32.dll2009-12-28 12:41:43 93184 ----a-w- c:\windows\system32\mciavi32.dll2009-12-28 12:41:22 54272 ----a-w- c:\windows\system32\iyuv_32.dll2009-12-28 12:39:08 76800 ----a-w- c:\windows\system32\avicap32.dll2009-12-28 12:39:08 108544 ----a-w- c:\windows\system32\avifil32.dll2009-12-28 12:35:50 11776 ----a-w- c:\windows\syswow64\tsbyuv.dll2009-12-28 12:35:00 1314816 ----a-w- c:\windows\syswow64\quartz.dll2009-12-28 12:32:34 22528 ----a-w- c:\windows\syswow64\msyuv.dll2009-12-28 12:32:32 31744 ----a-w- c:\windows\syswow64\msvidc32.dll2009-12-28 12:32:32 123904 ----a-w- c:\windows\syswow64\msvfw32.dll2009-12-28 12:32:25 13312 ----a-w- c:\windows\syswow64\msrle32.dll2009-12-28 12:31:22 82944 ----a-w- c:\windows\syswow64\mciavi32.dll2009-12-28 12:31:01 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll2009-12-28 12:28:43 91136 ----a-w- c:\windows\syswow64\avifil32.dll2009-12-28 12:28:43 65024 ----a-w- c:\windows\syswow64\avicap32.dll2009-12-18 13:12:34 1032704 ----a-w- c:\windows\system32\wininet.dll2009-12-18 13:08:01 86528 ----a-w- c:\windows\system32\ieencode.dll2009-12-18 13:05:50 833024 ----a-w- c:\windows\syswow64\wininet.dll2009-12-18 13:05:36 1174528 ----a-w- c:\windows\syswow64\urlmon.dll2009-12-18 13:04:20 146432 ----a-w- c:\windows\syswow64\occache.dll2009-12-18 13:03:13 671232 ----a-w- c:\windows\syswow64\mstime.dll2009-12-18 13:02:57 3585024 ----a-w- c:\windows\syswow64\mshtml.dll2009-12-18 13:02:56 458240 ----a-w- c:\windows\syswow64\msfeeds.dll2009-12-18 13:02:11 28160 ----a-w- c:\windows\syswow64\jsproxy.dll2009-12-18 13:01:57 6069248 ----a-w- c:\windows\syswow64\ieframe.dll2009-12-18 13:01:57 270848 ----a-w- c:\windows\syswow64\iertutil.dll2009-12-18 13:01:57 193024 ----a-w- c:\windows\syswow64\iepeers.dll2009-12-18 13:01:56 78336 ----a-w- c:\windows\syswow64\ieencode.dll2009-12-18 13:01:56 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll2009-12-18 13:01:56 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll2009-12-18 13:01:56 230400 ----a-w- c:\windows\syswow64\ieaksie.dll2009-12-18 10:35:23 32768 ----a-w- c:\windows\system32\ieUnatt.exe2009-12-18 10:14:30 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe2009-11-22 19:33:32 86016 ----a-w- c:\windows\inf\infstrng.dat2009-11-22 19:33:32 51200 ----a-w- c:\windows\inf\infpub.dat2009-11-22 19:32:34 86016 ----a-w- c:\windows\inf\infstor.dat2009-04-03 01:52:57 665600 ----a-w- c:\windows\inf\drvindex.dat2009-02-25 13:42:53 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat2009-02-25 13:42:53 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat2009-02-25 13:42:53 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat2009-02-25 13:42:53 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-02-25 14:16:36 8192 --sha-w- c:\windows\users\default\NTUSER.DAT============= FINISH: 17:30:14,26 ===============Next i?ve used gmer tool, but in the main gmer window i had no option to check:systemdevices modulesprocessesthreadslibrariesand my gmer scan says finally that has not found any modification in the system, not sure if this scan is well done, i save it and it gives to me an empty text (0 bytes)hope you have enough information to begin an hope you can help methank you anywayJuan

A: lsprst7.dll, some malware related to this archive and others infected my computer

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

3 more replies
Answer Match 69.72%

Firstly, many thanks in advance for any help you can provide, I have spent quite some time today touring this site and reading up, realising you offer your help voluntarily. I am amazed! I have Windows 7 64bit PC here, and I regularly see files such as lsprst7.dll appearing in various directories - typically data directories where I store files created by Apps. The machine is used for Video editing, and I have CS4 Master Collection installed, Office 2007, Nero Burning ROM & a handful of other realted smaller apps. I notice, for example, when I open an adobe CS4 premiere pro project file, during Premiere's loading routine (it lists at some pace various files it is loading as it launches), I see the files lsprst7.dll lsprst7.tgz sysprs7.dll sysprs7.tgz and tmpPrst7.tgz all appear in the directory where the premiere pro project file is stored.Being 64bit I cant run GMER. I include DDS reports below. I have also run an OTL QuickScan for all users and included 64bit scans.One other note, whilst I will certainly be able to respond to email quickly, the machine potentially infected is in an office I am not in every day so if there is a short delay replying to any requested actions, it will be because I cant get back to the machine in question. Once again, many thanks in advance for your help,timbald.DDS, then OTL then Extras scan logs included below.DDS (Ver_10-03-17.01) - NTFSX64 Run by Tim at 15:49:00.59 on 24/09/2010Internet Explorer: 8.0.7600.16385Microsoft Windows ... Read more

A:lsprst7.dll & associated files malware problem

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

10 more replies
Answer Match 57.96%

To whom it may concern,

I don't exactly know how to explain my issue, only that my computer is skipping. It usually happens when I am playing a game and it affects my computer for a good length of time making the audio, video and mouse pointer skip from one point to the next. This issue only started happening yesterday and I thought nothing of it thinking a simple restart would help, but now after the third time it has happened today I am looking for a very effective permanent solution if one is available.

I did a google search on my issue and found a related thread here which was solved, I can only hope that you can help me as well.

- Xirion
 

A:Computer Skipping - Possible Malware Related.

Here is the HJT log of my computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:33 PM, on 21/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\Google Talk\googletalk.... Read more

1 more replies
Answer Match 57.54%

Hey Guys,I'm New Here, And I've Been Looking For Someone Who May Be Able To Help With Me A Few Potential Problems. First Off, I've Found That When I've Booted My Computer (I'm Running XP Professional) As Soon As The Welcome Screen Dissappears (No Password Login, Just One Account) My Screen Goes Fuzzy For A Few Moments But Then Returns Normal With The Proper Desktop Picture Up. I've Tried Reinstalling My Driver Hardware For My Monitor As I Presumed It May Be That, But To No Avail, I've Tried A Restore To A Date Before The Problem Occured, But Once Again To No Avail. Another Problem I'm Finding I'm Having Is That My Mozilla Firefox Seems To Almost Reinstall Itself After A While, As My Settings For My Addons Are Reset And It Opens As If Mozilla Has Just Been Installed Onto My System. Also I'm Finding That Sometimes When My Computer Seems To Be Affected By Too Much Usage Of Memory By Processes, Upon Trying To Bring Up The Task Manager, My Computer Sometimes Does Not Respond To The Keystroke, And I'm Left To Use "Process Explorer" To Check What Is Running Upon My System.I'm Not Sure If Any Of The Problems And Issues Are Malware/Virus Related Or Maybe Hardware Related, But I'm Hoping That I Will Be Able To Find A Possible Solution As I'm Not Welcoming To The Fact Of Having To Reformat If It Can Be Avoided, Any Help In Advance Guys Would Be Fantastic, Here Is My Log In The Following..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:36 PM, on 19/09/2008Platform: ... Read more

A:Not Sure If It's Malware Related, But My Computer Is Unwell In Several Ways, Can Anyone Please Take A Look At My Log?

Hello prottura,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

1 more replies
Answer Match 57.54%

I originally posted this in the XP forum, but was told to try this one instead. Here is a link to the original thread, where I explain what problems I am experiencing:problem explanationBelow you will find my DDS log. I have attached the other required DDS log as well.DDS (Ver_10-03-17.01) - NTFSx86 Run by Bob Vernon at 18:19:12.98 on Sun 08/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.99 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\Apntex.exeC:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Bob Vernon\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Bob Vernon\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&... Read more

A:terrible, periodic computer lag. Might be malware related

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

12 more replies
Answer Match 57.54%

Hello,

I've recently been having issues where my computer will stop responding at random times. I haven't yet noticed a pattern, but the most recent issue happened when I opened Facebook. If I'm playing music when the freeze happens, it starts sounding creepy and machine-like, with high-pitched noises and other strange sounds. Other windows stop responding and I can't use my computer for about 30 seconds. I'm not sure if this is Malware related or not. I haven't been to any malicious websites or downloaded anything, but I don't know what else the problem could be.

Also, I'm running Windows 7 on an HP dm4x series laptop. I believe drivers are up to date and updates are installed to Windows.

Thanks!

Below are HJT and DDS logs. I will upload a GMER log when I can, but the scan was taking a long time.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:41:58 PM, on 2/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\H... Read more

A:Computer freezing constantly: Malware related?

Here is the GMER log:

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-01 11:30:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0003 698.64GB
Running: GMER.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kwldqpow.sys
---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]... Read more

3 more replies
Answer Match 56.7%

Hi, Sometime between June 15th and 18th, System Restore had stopped functioning properly. When perform a system restore, I receive the following message at the end of the restoration process: "X Restoration IncompleteYour computer cannot be restore to [insert any date here]" On June 18th, my computer experienced a BSOD. I created a topic in the Windows XP Home and Professional forum. A BC Advisor instructed me to perform a memory test and so I did - it passed. In his next reply, he asked me "What is new or different since the last time everything worked properly?" My reply included a list of software that had been installed and removed within three days of the BSOD. Additionally, my reply mentioned that I had help cleaning my computer from June 12th-15th at GeeksToGo. The BC Advisor recommended I check with the "malware folks" to make sure my computer is indeed clean so here I am. Mod Edit: XP Forum Topic Issues:- Faulty System Restore- Blue Screen of Death- When Windows starts, the computer will idle on the desktop background before loading the taskbar and desktop icons. When the computer starts loading the taskbar and desktop icons, the computer's performance seems normal (I'm not sure if this is related but I figured I'd mention it anyway). I'm unsure whether or not this is necessary but I figured it couldn't hurt. The following is a list of all tools used during the cleaning process of my computer: - OTL - Malwarebytes&#... Read more

A:Is my computer clean? Is the BSOD a malware-related issue?

On June 18th, my computer experienced a BSODJust once?I see, you ran BSV and it reports only one BSOD.

more replies
Answer Match 56.28%

Hello, okay so last night i was surfing on the web, and i must have accidently clicked this site and all of a sudden all these windows start popping up saying i have very negative scorings of viruses, and right away i try denying them because im expierianced enough with computers, i knew right away it was a scam. But! It wouldn't let me get out of it, so now its stuck on my computer, my icons flash and reload every 10 seconds, i try to get on the internet and it just smashes it away real fast, then there is this warning that comes up and it says "how many" viruses i have and if you accept it, it wants you to pay. Of course I dont pay cuz i know better, but then it just removes all yoru stuff off yoru screen but your background, and it takes off everything. I have tried Norton; Spyware Doctor; and malwarebytes. Malwarebytes seemed to work at first it said it got rid of the rogue roaming infections but it wants me to restart it, so i restart it then again its on my desktop. Fast Antivirus 2009, thats what it is called. So basically, i've tried everything. Ive ran very many scans to fix it, and my computer used to run PERFECT before this. Ive gotten a lot viruses off of it with norton and all that. But it dosent make a difference. I tried everything to get rid of the program and it says its gone but it still runs the same way. then if i restart it, it comes back!! pleeeeeease, i ask you. Please give me some help, this is my work this computer. Please as fas... Read more

A:My computer is infected with Fast Antivirus, and rogue related.

Hi offspringaddict,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

9 more replies
Answer Match 56.28%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue is very similar to this one here http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt i had them all removed. Any help is greatly appreciated.

Here's my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:05, on 2.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 56.28%

Few days ago my computer started randomly rebooting or locking up with no prior warning. I realize this could be a hardware issue, but the symptoms started right after I ran into some malware infections. This issue and symptoms are very similar to this one here hxxp://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/132058-computer-randomly-rebooting.html. I made a new thread concerning this problem because on a reply it was stated that the fix was computer specific. I removed some of the spyware with help of ad-aware and avg antivirus, but I doubt I had them all removed.

ZoneAlarm firewall and AVG Anti-Virus are on constantly and I try to keep my Windows update up to date all the time.

Following is a list of the programs I deleted. I got suspicious when ZoneAlarm warned me that they are trying to access internet (it was the first time they asked for rights), so I googled for them and removed them:

w.exe C:\Windows\system32\w.exe

first179.exe C:\Documents and Settings\username\Local Settings\Temp\first179.exe (removed by AVG Anti-Virus after a full system scan)

frmwrk32.exe C:\Windows\system32\frmwrk32.exe

One symptom of infection was that at first my desktop icon titles lost their transparency/drop shadow and were replaced by a "blue box" behind them. Later on, my whole desktop background became blue. I managed to "fix" this, so unfortunately I don't have a screenshot of it.

Here's dds l... Read more

A:Computer randomly freezing or crashing - spyware/malware related?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.


Quote:




C: is FIXED (NTFS) - 29 GiB total, 0,384 GiB free.




I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they... Read more

19 more replies
Answer Match 53.34%

Hi!
I have some problems (OS Windows 7 x 64), recently i found two files (lsprst7.dll and lsprst7.tgz) in folder with my files. After that i delete it manually and reboot computer. After that each folder on my computer contain those files. I check file with online webservice virustotal.com and it's clean 0/42. I use both antivirus systems Microsoft Security essentials and Trend Micro Internet security.
 
How to remove it?
Who knows what it is and why it's spread on each folder?

A:lsprst7.dll spread

Please see this bleeping computer thread.

4 more replies
Answer Match 52.5%

My computer stop working after an hour (or sometimes when i open a lot of software). internet connection fails (cable and wireless) and i can't even restart the computer (i must turn it off).This files keeps regeneratingC:\WINDOWS\system32\lsprst7.dllC:\WINDOWS\system32\lsprst7.tgzC:\WINDOWS\system32\sysprs7.dllC:\WINDOWS\system32\sysprs7.tgzC:\WINDOWS\system32\servdat.slmC:\WINDOWS\system32\log.txtI also remove this registry entries but it regenerates too.HKLM\SOFTWARE\Rainbow TechnologiesHKLM\SOFTWARE\ntpadHKLM\CLSSYSTEMPlease, i have 4 laptops (from work) infected with this virus (if it is a virus). I think some flash drive or an external HD is the source, i need to clean it too.DDS (Ver_10-03-17.01) - NTFSx86 Run by benzaquj at 0:15:09.57 on Tue 08/24/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2288 [GMT -5:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============c:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC... Read more

A:lsprst7.dll recurring infection

If this is a business computer, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)? I ask this for several reasons: There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. Any infection could jump terminals in a computer network. There may also be legal issues regarding any loss of business data that I do not wish to deal with. Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers. There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits. Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall. The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-m... Read more

12 more replies
Answer Match 52.5%

hi
im having problems when using internet explore. when i do a scan using antivir.xp it say infected files in archives cannot be deleted. does anyone know how i canremove or repair the infected files?

A:infected files in archive

Where exactly is it saying its finding the files?

1 more replies
Answer Match 52.5%

hi
ive been having problems with pop ups and error reports when i use internet explorer. when i scan using antivir.xp it says "infected files in archives. cannot delete or repair" does anyone know what to do about these files?

A:infected files in archive

ok, this may be a slight bit slow if you are on a dial up, but this is my best advice.

go to www.trendmicro.com and run their free online scanner.

let us know what it finds.

5 more replies
Answer Match 52.08%

Please help. My Hotmail account has many years of emails from family and friends, with an enormous emotional value for me, but now this account is threatened.
Last week junk mail was sent from that hotmail account to all my contacts. But my PC was turned off on the day. So I think the problem was either a password breach (I changed it immediately); Or some malware at Hotmail, right? In some of my folders there? If so, what should I do? I can’t loose my email archive.
If I ask for help from Hotmail I am afraid they can simply wipe out all my folders just to delete a possible malware in one of them.
I need to download my emails into my computer (with Outlook Express?), to back them up. But wouldn’t I risk downloading the malware? Is there a safe way to backup all my email folders?
Please help,
Thanks,

Mark
 

A:How to backup an infected Hotmail archive?

Any malware or viruses that you may have in any mail on the server are completely harmless and not capable of doing anything at all. Malware can't do anything unless some code is executed, and that would not be done on the server. They would not open your mail and attachments and execute any code.

Malware is just a group of numbers. It is not like living germs that need to be contained to be harmless.

Any mail sent needs to have come from somewhere else. Maybe someone is just spoofing your email address in false email headers. If so, they will move on to others soon.

It's also possible that someone accessed the account and sent mail, too.
 

3 more replies
Answer Match 52.08%

Each time I start windows (XP SP2), TREND MICRO Officescan shows me 1 or two lines saying: Infected archive : C:\.....\ t3st.bmp. Name of the virus : TROJ_Generic. Result: Can not clean the infected archive. Archive has been put in quarenteen. (Hope my translation from spanish language is correct...).Tried Ad-Adware / Search & Destroy / Trend / McAfee AVERT... and some more, but nothing to do!! HELP ...please.Have a nice weekend.Logfile of HijackThis v1.99.1Scan saved at 16:07:47, on 02/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Symantec\pcAnywhere\awhost32.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exeC:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exeC:\Archivos de programa\UPHClean\uphclean.exeC:\Archivos de programa\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.... Read more

A:Troj_generic And T3st.bmp Infected Archive

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Regards,

Rosty.

2 more replies
Answer Match 51.66%

A Dutch company known as the Frame4 Group has created what's almost the computing equivalent of a Center for Disease Control lab. The Malware Distribution Project is, according to its own site, the "world's biggest private malware archive."
Don't jump to the conclusion that the project's run by a bunch of supervillains; the malware samples are supposed to be "offered for the purposes of analysis, testing and malware research."



Link -
Enormous Malware Archive Creates Stir

More replies
Answer Match 51.24%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob



DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

A:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Answer Match 51.24%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

A:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Answer Match 51.24%

Hey,
 
First off thanks so much in advance for looking at this. I extracted what I think was an infected rar file. It wasn't supposed to contain an executable but it did (setup.exe) I SHIFT deleted the executable but it was from an unkown source. Here is the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.25.2
Run by Andy at 19:56:52 on 2013-11-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4084.1586 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Outdated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\... Read more

A:Possible Malware/Trojan infection (executable hidding in rar archive)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513971 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

5 more replies
Answer Match 50.82%

When I start my computer, I receive notice that my windows firewall is off. When I click on the icon, it tells me my firewall is on. I have pieces of icons (font.exe) on my desktop, which will not move into my recycle bin. An hourglass remains on my desktop whether I am on the internet or working offline (and the computer is slow; for example, when I type in a password, the letters do not appear on the screen right away). NOD 32 virus scan detects the trojan and quarantines it, but if I run a malwarebytes', super antispyware, or lavasoft scan, the worm and trojan are detected. Scans indicate I must restart my computer to completely remove traces of these malicious objects, which I do. When restarting my computer, a windows boot cleaner appears on a blue screen with a list of deleted internet explorer files. Then the whole process starts again, with NOD detecting an Internet Explorer Trojan agent and downloader. How can I get rid
of this trojan and worm once and for all? Any help is much appreciated.

A:Infected with Win32 Trojan Delf & Worm Archive

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 50.82%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

More replies
Answer Match 49.56%

Hello,Yesterday, I foolishly ran an auto HiJackThis analysis and deleted everything that was either "potentially nasty" or "able to be deleted because unnecessary." I also had this strange thing in my HJT log, something like aolsomething.exe, which I learned was a worm. From that, I found an article telling me to go into my REGEDIT and remove many things.Where I am now: my computer has been infected with several spyware/malware bugs. When I turn my computer on, it says that my computer is infected and that, at worst, my passwords can all be stolen. I have tried to open up Windows Security Alerts, but it won't open and says, "Application cannot be executed. The file is infected. Please activate your antivirus software."I also keep getting a popup that says, "Warning: Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. o get rid of unwanted spyware and keep youor computer safe you need to update your current security sofotware. Click OK to download official intrusion detection system (*IDS software)." ** I think this is bogus, right?***When I try to close that popup, I get a new popup that says, "Windows can't play the following media formats: AVI; WMV; FLV; MKV; MOV; 3GP; MP4; MPEG; MP3; AAC; WAV; WMA; CDA; FLAC; M4A; MID. Update your video and sound codec to resolve this issue."I also get a real Win... Read more

A:AHH!!!! Spyware, malware all over my computer now - my computer is VERY infected... (TrojanSPM/LX?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

2 more replies
Answer Match 48.72%

Between MalwareBytes and others these file regenerate:

C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\tmpPrst.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\lsprst7.tgz
C:\WINDOWS\system32\CF26752.exe

Google searches refer to numerous names of trojans
DDS (Ver_09-03-16.01) - NTFSx86
Run by tnoftsger at 15:19:37.48 on 2009-03-27
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1506 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\sys... Read more

A:Persistent Infection reoccuring files C:\WINDOWS\system32\lsprst7.dll,nsprs.dll,tmpPrst.dll,serauth*.dll

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

28 more replies
Answer Match 48.72%

Yesterday after I restarted my computer, it started acting very weird. Everything was fine before.

First of, several of the background programs that start with windows did not start, such as avg free, skype, etc...

second, firefox would not let me visit antivirus sites such as symantec. it just shows blank pages.

third, when i go "run - cmd", explorer crashes and reloads; when i go "run - regedit", i get an error.

fourth, avg free crashes

here is what I did:

1. run spybot S&D - found malware, deleted 60%, the rest undeletable.
2. run windows patch addressing conflicker
3. downloaded from another computer on a flash drive the conflicker removal tool from symantec - no conflicker found

avg free still crashes, i still can't get into cmd or regedit, but computer seems to be running more stable now and i can get to symantec.com etc.

please help.

A:malware infected computer - help

update - i ran spybot again and now am able to remove all malware found.

4 more replies
Answer Match 48.72%

Hi,
It appears as if malware has infected my computer. I use AVG and one night it popped up saying it has found numerous infected files. Within 5 seconds my computer went into a bluescreen and I shut it off manually. I am running Vista. Upon restarting, I went into Safemode and deleted the files that AVG found infected [they were located in a TEMP folder in what I believe was a Common Files directory]. I removed those files as well as everything else that I could in the TEMP folder.

I was able to boot up my computer fine and have been using my computer for several days, but I do get pop-ups and, every hour or so a window pops up asking me to close something crucial. It seems like a Windows error. I copied it's log one time:

Problem signature:
Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47918b89
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c000071b
Exception Offset: 00088ed9
OS Version: 6.0.6001.2.1.0.256.6
Locale ID: 4105

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

When I click "close" it slows down my computer and it changes my start bar from the more modern Vista style into a Windows 2000 traditional grey bar [it may even be more Windows 98-esque but who knows]. I normally restart after this happens, just because I am not sure whether my computer is stable or not.

Any... Read more

A:Malware has infected my computer

16 more replies
Answer Match 48.72%

My computer has been running slower than usual, I have Win 7 operating system.

I found these files in the sys config startup menu:
RZDVL2F27W & QNB2EB90WX

Thanks for help!

A:Malware infected computer

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some tim... Read more

9 more replies
Answer Match 48.72%

Deckard's System Scanner v20071014.68
Run by way on 2008-03-10 07:02:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-10 11:02:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 2.45 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-10 07:14:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
... Read more

More replies
Answer Match 48.72%

My computer started getting pop ups from malware doctor which eventually shut the computer down, my computer even made a strange noise went to a blue screen. I have tried safe mode, I have tried malware bites, tried spy-bot but computer would not connect to the internet. Contacted manufacturer who told me to do an out of box system recovery which also did not work. I have a black screen and my computer does nothing.

P.S was also told that I needed a disc which the computer did not come with.

Pleas Help

A:Computer infected with malware

It sounds like more than just malware. It sounds like you had a hardware malfunction. Does it power up? Does the power supply fan spin? What about fans inside the case and the CPU fan?

Mike

5 more replies
Answer Match 48.72%

My computer has been infected with the the isamintr and pmsnrr virus. I am running windows XP home edition. I am running spyware doctor, norton AV, Xoftspy, AVG Antispyware, regcure, spybot, and adaware antispyware pckages. I also keep coming up with Errorfix as a virus. I keeps giving me popups for fake spyware packages.I am including the hijackthis registry. can you help me?Logfile of HijackThis v1.99.1Scan saved at 10:02:54 PM, on 03/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard... Read more

A:My Computer Is Infected With Malware

Welcome to BleepingComputer bikashc My name is Richie and I'll be helping you to remove the malware from your system.Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.*************************Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go bl... Read more

11 more replies
Answer Match 48.72%

HI, here are my netbook's specifications just in case:Manufacturer: AsusModel: Eee PcProcessor: Intel ® Atom ™ CPU N450 @1.66GHz 1.67 GHz1 GB RAM I am already pretty much sure that my computer (Windows 7) is infected. Windows Defender detected 4 times that there was a trojan file, which I removed each time with it. The file name ended in something like ruy.UH . As I researched I found that by using TCPview one could see what processes were running in my computer and so locate a suspicious one. In that way I found tons of processes called : "setup.exe" which were located in: C:\Windows\Temp\pvmo\setup.exe and came from the remote port: ext.211.ru . The state said: SYNCI used an IP tracer and found that this port belongs to the ip 193.238.131.200 , who is located in Russia. Therefore, i am pretty sure that this guy hacked me. I ended the processes and therefore was able to erase the temp file from which the process originated. I do not know whether or not the problem has ended. I am now running a security scan using windows Defender and will inform later what happens. Also, these past few days my computer screen has turned blue and it has been turning off, once it restarts I get a pop up that Windows has recovered from an unexpected shutdown and asking whether or not I want to send a problem report to Microsoft/check for solutions. My computer has Windows Defender and Trend Micro Security but it does not open. I am currently running W... Read more

A:HELP! infected computer, malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

4 more replies
Answer Match 48.72%

I am suffering from the same problems. 
 
 I have to right click to start or open items.  Getting the same code 0x80040154 class not registered while trying to re install software.  I have followed the same instructions you requested on that thread.  I have finished almost all.  FSS, Minin Toolbox, but the Maleware Bytes Anti Maleware did not load.  I received a boat load of those 0x80040154 error messages.  I am running the aswMBR right now and waiting for results.  Whatever info you want, just let me know.  I can post all the results I saved so far.
 
 
I will appreciate whatever help you can offer.  I'll make a donation too.  It will be a lot cheaper than the local computer shops around here.
 
Thanks
 
Moderator Edit: Split into separate topic
Roger

A:Computer Infected With Malware?

Hello, appears you got split but they forgot the old link. So please post all the logs.
 
Tell me your operating system and browser.

24 more replies
Answer Match 48.72%

Hi,This is my first time posting so greetings to all. You have a very helpful website.My problem started a few days ago when I rebooted my computer. When Googling using Internet Explorer I get redirected to all kinds of websites unrelated to what I was trying to look up. Also this started happening at the same time. When I reboot and open up Internet Explorer, I will get a dozen to 2 dozen svchost.exe error message's. I keep clicking on them and they eventually quit. I have tried downloading Spybot and MalwareBytes and saving them to my desktop, but when I hit run it fails to load. I use CA antivirus, firewall, and antiSpyware and I can no longer get updates. Any help would be greatly appreciated. I'm attaching a DDS.txt log, Attach.txt log and a startup log from HijackThis.Thanks in advance,Butch HowardDDS (Ver_09-02-01.01) - NTFSx86 Run by Butch at 15:13:47.53 on Sat 03/14/2009Internet Explorer: 7.0.5730.13UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-02-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 11/2/2008 3:14:04 PMSystem Uptime: 3/14/2009 1:23:51 PM (2 hours ago)Motherboard: Hewlett-Packard | | HP WMTA System BoardProcessor: Intel® Pentium® 4 CPU 1300MHz | Processor 1 | 1296/mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 149 GiB total, 130.428 GiB free.D: is CDROM ()E: is CDROM ()F: is FIXED (FAT32)... Read more

A:Computer infected with Malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 48.72%

Problems started when computer first got infected with the Security Protection virus. I tried to delete the file and it seemed to be gone. However it messed up the AVG as well as the Malwarebytes Anti-malware and were both blocked when I tried to scan. The message “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item” would appear when trying to open Malwarebytes. AVG just says that it does not have any working components and it cannot scan.
It seems that I also got the TDSS trojan/rootkit. The TDSSKiller would not work except in Safe Mode where it found the virus and got rid of it. Google was still redirecting however. I also ran Malwarebytes in Safe Mode in which it worked but did not find anything. After rebooting AVG worked in the beginning and found several infected files with the Katusha virus, but it shut off after a few minutes. Malwarebytes also worked but was blocked as it was trying to scan. The computer is also slower and blocks nearly all programs and have to unblock before opening. Not sure what else to do and would appreciate your help.

A:Computer may be infected with several malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

23 more replies
Answer Match 48.72%

Hello,
I am having a problem with my aunts laptop it is running really slow I think it is infected with malware. what are the first steps I should take to get a cure?
Thank You
J.T.

A:computer infected with malware

Hello please run this MBAM scan.What is the operating system,XP,Vista??What antivirus and spyware tools are installed?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start S... Read more

9 more replies
Answer Match 48.72%

Hello.

I recently had a trojan and malware virus and removed it using antivirus and antimalware software.

However all of my browsers keep redirecting me to other sites such as StopZilla when I click on search results. I even get redirected to the Microsoft MSDN page warning me that my computer is infected. And the Windows Security Center service keeps disabling whenever I try to start it manually.

Have run additional scans with Malwarebytes and Spybot S&D as well as Malicious Software Removal tool and the file system says clean. I am usually computer literate but have run out of solutions.

Thank you in advance to anyone that can help.
HERE IS MY DDS LOG


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by house at 9:19:46 on 2011-08-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2724 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -... Read more

A:Think computer is infected with malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412347 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

5 more replies
Answer Match 48.72%

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Lim Shu Teng at 11:59:09.28 on Sun 01/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.1956.732 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\... Read more

A:Computer infected with malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

2 more replies
Answer Match 48.72%

I have some type of virus or malware on my computer. Basically i get popups over and over telling me I have a virus called spyware cyberlog. xand I need to download software to fix it. i was sent here by hijack this...here is my log...Thanks for any help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:02 PM, on 12/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE... Read more

More replies
Answer Match 48.72%

I have some malware on my PC that becomes 'visible' when I log into my bank. If I go to my bank's website, I can put in any entry for my userid and password -- the system then brings up a screen asking me for every piece of personal information -- credit card numbers, date of birth, SS#, etc. As soon as I saw this page, I knew I was infected. I 'right clicked' to see the source and saw that it picked up the userid / pw from the previous page as well as all the sensitive information (which I never provided). Also saw a IP address in the source -- I'm assuming that is where all this info would be sent. I configured my firewall to block any outbound traffic to that IP address.I've tried Malwarebytes, McAfee, Spybot, SpySweeper, etc., booting up in Safe Mode and cleaning, pretty much everything. The symptoms disappear for a while, but come back even without rebooting the machine. I followed the instructions on this site and am posting the DDS file. I tried to run the GMER application on several occassions, but got the 'blue screen' every time.Would greatly appreciate any help in solving this issue. Thank you in advance!!Here's the DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by TJ at 22:24:56.35 on Mon 03/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.611 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FA... Read more

A:Computer infected with Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

17 more replies
Answer Match 48.72%

i have a computer running windows xp and i am sure that i am infected with some kind of virus but i dont know how to go about removing it. Whenever i open up a web browser in either firefox or IE and i do a search in a search engine like google, the correct search results are returned but when i click on one of the links, my browser gets redirected to some other phony websites that have nothing to do with the search result. Does anyone know of this ever happening, any kind of help please!

A:Computer infected with malware?

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Clic... Read more

4 more replies
Answer Match 48.72%

Hi, my computer has become infected with malware (win7 64bit home premium,12gb ram, i7 processor)I am running zone alarm extreme pro anti-virus & firewall. When I hit search in google I sometimes get redirected to random sites. I ran rkill to try and stop the process as my anti-virus never picked up on the malware neither did antimalwarebytres or spybot S&D. rkill finds 2 running processes (listed in the log below)and then I get a "Windows has encountered a critical error and will shut down in 1 minute" which I tried to counter with shutdown -a but without luck. I have also ran DDS for your info and posted the log as well. Any help would be greatly appreciated. Apologies if I have done anything wrong in my post I am pretty new to posting on forums.

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/18/2012 04:58:57 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\system32\services.exe (PID: 616) [WD-HEUR]
* C:\Windows\system32\nlsInterface.exe (PID: 2348) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, &am... Read more

A:Computer infected with malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Answer Match 48.72%

Referred from here: http://www.bleepingcomputer.com/forums/t/302228/my-computor-has-been-hijacked-please-help/ ~ OBOk, about a month ago I turned on my computer and this fake Virus Protector popped up and took over my computer saying that it was scanning my computer and I needed to pay $40 for there Virus Protector soft wear to remove the malware. After a couple of days the ad disappeared but left my computer messed up. Now when I boot up my computer all I get is my desk top picture, I have no task bar, icons or start button. I am able to get around some through my Task Manager pushing Ctrl-Alt-Delete. I cant get to my Restore and some other programs and files. I was able to run MalwareBytes and I was able to confine 2 problems. So now I need some help. Thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by C W at 17:38:31.23 on Mon 03/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.165 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exeC:\Program Files\Common Files\App... Read more

A:Computer been infected by Malware "HELP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

14 more replies
Answer Match 48.72%

As requested here http://www.bleepingcomputer.com/forums/topic468897.html by boopme.

I am almost 100% sure I have viruses on my computer I have run TDSSkiller,aswMBR,ESET online scanner,malwarebytes-anti-malware, mini toolbox, FSS, adware cleaner, Windows repair tool, rkill. They all seemed to help; I feel I have backed this virus into a corner but without someone to go over the logs I can't know for sure and as I said my windows defender won't update error code 0x80240022 and now my windows update gives error code 80246008. I haven't been able to update to SP2 for vista for over a year it always said I don't have permission but I am the only person who uses this laptop, I am set in administrator... Help would be greatly appreciated!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.7.2
Run by Quackas at 9:14:04 on 2012-09-21
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files (x86)\Sony\... Read more

A:DDS log of malware infected computer

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

26 more replies
Answer Match 48.72%

My computer is brand new.  I have avast antivirus.  Lately when I'm browsing the internet the pop-ups wont stop and I constantly get alerts about malware detected.  I have run malwarebytes antimalware and it has found numerous pieces of malware.  I clear everything out and then the next time I'm on the internet the same thing happens again.  I'm really looking for help trying to save my brand new computer.  Thank you in advance for your help.
 
My computer is:
 
HP ENVY x360

A:Malware has infected my computer

RBYRNES86:
to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.
I am sorry to hear of the issues you are having with your computer. Adware can be quite annoying. You state that you "constantly get alerts about malware detected." What application is giving you those "alerts"?
You state that you are using Malwarebytes to scan your computer. Are you using the Free or Premium version? The difference is that the latter (Premium) has active malware detection to prevent infection, whereas the Free version just detects malware when a scan is manually initiated. Personally I use the Premium version. Much easier to block an infection than to clean up afterwards. There are other good anti-malware products out there as well, such as Emsisoft.
Let's run a few scans and see what is going on with your computer.
 

ESET Online Scanner using Internet Explorer:Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the button.
* When prompted allow the Add-On/Activ... Read more

5 more replies
Answer Match 48.72%

I believe I am infected with some Malware/Adware. Two Iexplorer.exe processes pop back up despite ending the process in Task Manager. Also, my browsers (Firefox and Explorer) redirect me to bogus search pages after clicking on search links.

I am running windows Vista on an HP Pavilion.

I have scanned (in Safe Mode) for viruses and malware with Housecall.Trendmicro.com as well as Malwarebytes.

This was the only file Malwarebytes found infected:
C:\System Volume Information\SystemRestore\FRStaging\Users\a\AppData\Local\Temp\~os5A92.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> No action taken.

Any help would be greatly appreciated! Thanks.
Here is my Highjack This scan information. (Scan run in safe mode)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:34 PM, on 3/21/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Users\a\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Softwa... Read more

A:Computer infected with Malware. What to do?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

5 more replies
Answer Match 48.72%

Sorry for the lack of response at the last post. I was outstation and didn't bring the infected laptop out. The original post is here: Computer infected with malware

I have scanned with combofix and here's the log:
ComboFix 11-05-05.04 - Lim Shu Teng 06/05/2011 23:43:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.1956.573 [GMT 8:00]
Running from: c:\users\Lim Shu Teng\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 15:50 . 2011-05-06 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 15:48 . 2011-05-06 15:48 -------- d-----w- c:\windows\system32\SPReview
2011-05-04 13:59 . 2011-05-04 13:59 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 05:21 . 2011-05-04 05:45 -------- d-----w- C:\Fraps
2011-05-01 14:42 . 2011-05-01 15:43 -------- d-----w- c:\programdata\Tunngle
2011-05-01 14:42 . 2009-09-15 23:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-05-01 14:42 . 2011-05-01 14:42 -------- d-----w- c:\program files (x86)... Read more

A:Computer infected with malware v2

Bump please!

7 more replies
Answer Match 48.72%

Over the past two day my Norton Antivirus has detected the follow viruses:

Trojan.Malscript
Trojan Horse
W32.Koobtace.a
Trojan.Fakeavalert
Packed.Generic

Now my computer is running super slow and my internet constantly redirects me to other pages. Below I have listed my HijackersLog. Please help and thank so much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:03 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\windows\ld12.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\braviax.exe
C:\windows\mstre19.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.... Read more

A:Computer Infected with Malware - Red X

I am confused why I haven't heard from anyone yet? Did I not post something right or is my computer that bad? Please Help
 

1 more replies
Answer Match 48.72%

My computer has slowed down tremendously over the past week or so during booting time and my Internet Explorer Settings are constantly being changed. I used Adware and Spybot and while it deleted many of the malware, some of them keep coming back. I also used XoftSpy and it found some files that the others didn't find, including a cws.mrhop. I hope someone more knowledgeable can lead me through this. I also wanted to eliminate all the running processes that are unnecesarily taking up system resources, if possible. I appreciate everything you do in advance!Here's the HijackThis logfile:Logfile of HijackThis v1.99.1Scan saved at 11:49:46 AM, on 11/12/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeD:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\System32\Ati2evxx.exeD:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\Ex... Read more

A:My Computer Is Infected With Malware...

Hi and Welcome to techguy.com! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was It may look like a lot below - follow the instructions as carefully as possible and everything should be kool!________________________________________________Download CWShredder Here to its own folder.Update CWShredderOpen CWShredder and click I AGREEClick Check For UpdateClose CWShredderClick here to download AboutBuster created by Rubber DuckyUnzip AboutBuster to the desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit".Click here to download cwsserviceremove.zip : http://castlecops.com/zx/flrman1/cwsserviceremove.zipUnzip it to your desktop and have it ready to run later.Download CleanUp! A window will open and choose SAVE, then DESKTOP as the destination. On your Desktop, click on Cleanup40.exe icon. Then, click RUN and place a checkmark beside "I Agree" Then click NEXT followed by START and OK. A window will appear with many choices, keep all the... Read more

9 more replies
Answer Match 48.72%

Hello Guys,
Originally in the Windows XP Support section and was advised here to confirm if my pc is really infected with malware( hxxp://www.techsupportforum.com/forums/f10/slow-startups-100-cpu-usage-at-task-manager-and-occasional-freezing-at-startup-550010.html)
NOTE: i was worried because of that I used combofix unkowingly it could lead to dangerous effects if used improperly... i hope it didnt damage my pc too much(if possible no harm at all) <-- I keep it in my external hard drive G:\ and, secondly, i dont have any access to a Windows Install Disc.. well i have a disc (dont know if its windows.. but it has AsusEeePC(my laptop version) in it so i assume it is) but i dont know if this laptop does even have a cd-rom drive, my fathers laptop by the way...
anyway here's the DDS log
----------------------------------------------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 21:38:15.12 on Wed 03/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.482 [GMT -8:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\McAfee\Common Framewor... Read more

A:Is my Computer Infected with Malware?

BUMP.

3 more replies
Answer Match 48.72%

Hello,I hope you can help. I've been pulling my hair on this matter.Yesterday something happened to my computer. It has been running fine forever. Not really sure what, or how, this happened.Here are the symptoms: can no longer load malware programs, mouse (when double clicked) will no longer open programs and I have been getting some funny windows popping up as follows-Run time error '372' failed to load 'web browser' from frame leframe.dll Your version of leframe.dll may be outdated.Also,Cocreateinstance failed class. Code 0x80040154 class not registered.Hope you can help. Please let me know what I should do next. Not sure what happened but I suspect rough malware.Thanks.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Computer Infected With Malware??

Welcome aboard You can't open ANY programs?Same in safe mode?

8 more replies
Answer Match 48.72%

Hello, I've written an article in which I explain How to Fix a Malware Infected Computer. It's meant to show people how to fix any type of damage which could have been caused by malware.

Please let me know what you think.

Thanks.
 

A:How To Fix a Malware Infected Computer

Hi Chiron,

This is an informative guide as usual. Well done! Here are a few suggestions:

Under Step 6, you should add forums that consist of malware experts: http://www.selectrealsecurity.com/malware-removal-guide/#forums

Under 3B, you should add my guide on to how fix the Internet connection: http://www.selectrealsecurity.com/fix-internet-connection/

That guide has helped a lot of people. You may also want to mention that some malware hides the user's file.
 

6 more replies
Answer Match 48.72%

Hello Guys/Girls, today I have stumbled upon these forums looking for help about malware infections, and whether I have one or not as I am quite curious. I have both Malwarebytes and avast free trails on my computer. The problem is that every single time I scan with Malwarebytes it detects the same PUP threat in the same location, I delete the Item but just after scanning again it endlessy reappears. I recently re installed Windows 7 on a new hard drive with my old Hard Drives still in my PC, so is it possible that this is a virus that Is impossible to get rid of? I'm not sure, that's why I came here. Also, while browsing some of my program files I noticed in Computer > Local Disk (C:) > Windows there seems to be a strange file names Twunk_32.exe and another one names twunk_16.exe. What are those, and are they a virus? I haven't really attempted to get rid of them yet in fear that they will corrupt something, It's strange because I NEVER remember installing this program so how the hell did it make it to my brand new hard drive? Hmm, there also seems to be called a folder called LiveKernelReports, and inside a folder named WATCHDOG. I dont know, all these folders seem akward but maybe they just come pre-installed with windows? Anyway, I would like to know your guys opinions on this please.

A:Is my computer infected with malware?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

19 more replies
Answer Match 48.72%

Hi I'm running windows XP.Problem: I ran Nortan AV and found a few trojans - trojan.win32 etc. It cleaned it out.Ran adaware - it removed a few cookies that had spyware.I'm still getting 2-3 IEXPLORE.EXE in my task manager, even tho IE is offRandom IE popups appear every 20 mins, and I can hear advertisement soundsAlso the volume "wave" bar will drop to 0 unexpectedly and I have to reclick it to have it going again.my CPU usage history keeps spiking from time-to-time.Please help, this is getting really frustrating.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:53:48 AM, on 7/21/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Prog... Read more

A:Malware - infected computer

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 48.72%

New member, came across this site when looking up solutions to this fix. Laptop of mine is infected with the Java aaa virus and possibly more. When trying to load websites I can go to most things but access to sites such as google.com and youtube.com it will just load for about 4-5minutes and then time out or tell me that I am not connected to the internet. The rest of the computer though runs smooth as can be. Nothing seems to be slowed down at all... so far.

So far I have ran Malware Bytes and cleaned up 17 infected areas
Ran Avast and have not found anything
And also for some reason this laptop had 2 anti virus protections on it. mcafee and avast, I took off mcafee though

Stumped on where to go from here. Please help and thank you very much!

A:Computer infected with Malware and more.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 48.72%

On edit: I do not have the name(s) of the different Trojans/malware I found on the computer discussed below as I left the paper I wrote the names on at the young lady's house.My boss works helping a young adult woman who is mentally challenged. She helps her balance her check book and works with her on trying to make good decisions about life in general. My boss said the lady's computer was full of all kinds of malware and that she had tried running some tools like MBAM and tried to get a Hijackthis log but the computer wouldn't allow her to run any of the programs.I decided to see if I could help (bummer). The computer is running Windows XP with SP3. I reboot the computer (it takes 10 minutes because she has a whole lot of crap starting plus infection) and finally gets to the desktop, the desktop is showing Active Desktop Recovery. There is a button on the desktop that says Restore my Active Desktop but when I click the button everything just hangs and I had to hold the power button down until it shut off. I reboot and go into safe mode. I try to install Hijackthis but it won't even start. I tried to install MBAM but it wouldn't let it start either. I also had the free Kaspersky antivirus tool but, of course, it wouldn't let me install it. I tried this after several reboots, hangs, reboots and was still unsuccessful.I finally rebooted to safe mode and went to device manager and did show hidden devices and the TDSSserv.sys was there. I disabled it, rebooted into safe mode and... Read more

A:Computer Infected with Malware

Never mind. I decided to restore the system to factory defaults and update from there.

3 more replies
Answer Match 48.72%

My computer is new but work very slow and very often shows error signs and pop ups with "yout computer is infected". I clicked on those windows as I was scared but never bought anything.
I would like to clean my computer. Please, help.

A:my computer is infected with malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 48.72%

Hello,
My computer is surely infected, I believe with malware or adware. When I open my internet browser, three tabs open with fake search engines, my computer is very slow, programs close randomly for no reason. The list goes on.
 
Here is my DDS log:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.60.2
Run by OWNER at 21:10:09 on 2015-01-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2318 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServic... Read more

A:Computer is very infected. Malware?

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

7 more replies
Answer Match 48.72%

Hi, i am realy in need of some expert advice on what to do to get read off the crap infected on my computer. I have a HijackThis log and would realy be glad of some advice.

Logfile of HijackThis v1.99.1
Scan saved at 14:33:25, on 04/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS... Read more

A:Malware infected on my computer

7 more replies
Answer Match 48.72%

Hey everyone. I think my computer is infected with malware. When I am browsing the internet and typing something, it often opens up the thing to find a word. I am using Mozilla Firefox. Anyway, this morning Facebook told me it looks like my computer has a malware infection. It had logged me out, then let me download something to run a scan, it didn't find anything, and then it logged me back on. Now when I share things it has me select pictures with certain items in them as a security check. I ran a scan with Malware Bytes last night and didn't find anything. I am now running a scan with Super AntiSpyware and I haven't found anything but cookies so far but the scan isn't finished. I would appreciate further help in getting rid of the infection.
 

More replies
Answer Match 48.72%

As said above my computer is obviously infected with some kind of malware. This is the first time I've encountered something I haven't been able to take care of on my own. I'm getting pop ups for windows defener, forless.com, sometimes even a pop up with the google home page. When I boot the computer I get two .dll errors and I've tried running and reinstalling malwarebytes and once it's installed it can't find the .exe file. I've run a combo fix and the pop ups went away for a day or two but now they're back. Also the RootRepeal hits an error and closes itself. Thanks ahead!DDS (Ver_09-12-01.01) - NTFSx86 Run by Myles at 7:41:32.56 on Thu 01/28/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.527 [GMT -6:00]AV: avast! antivirus 4.8.1368 [VPS 100128-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\Wireles... Read more

A:Computer Infected with Malware

Anyone.... Anyone....Bueller.... Am I missing something that doesn't warrant a response?EDIT: Ugh I fail at reading. The pop ups seem very intermittent although the browser is still very slow and never finishes loading a page. I got RootRepeal to finish so I attached that to my first post.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In eith... Read more

3 more replies
Answer Match 48.72%

Hello,

i did a scan with spybot search and destroy. it basically told me that my windows security center is disabled.
so i followed ur advice and used kaspersky, dss and hijack this to run scans.
attached are results of these three scans.
pls advise me as to how to forever rid myself of this evil thing.

thanks,
yelena

A:Malware Infected Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

Your log is clean. Spybot does not indicate that as an infection present, but rather a source of info. It just means that instead of Windows utilizing it's own security center, your computer is using the one supplied by Symantec.

Nothing to worry about.

3 more replies
Answer Match 48.72%

Last week, I couldn't use any applications. I would just get popups that my computer is infected with viruses, malware, etc. and click here to run a scan. I shut down the computer and ran it in safe mode. Then scanned it with Malwarebytes Anti-Malware. It found about 7 items and removed them (I still have logs if needed). Computer worked after that.
Started getting a couple of popups today and scanned again with Malwarebytes which indicated it found 4 malicious items. Also twice the computer shut down unexpectedly (blue screen) - when I was running Malwarebytes and then when I was running GMER.

Since the computer shut down when I ran GMER, I ran it in safe mode. In safe mode, I still had a problem running it with most of the boxes checked, so I ended up running it with only Sections and C drive boxes checked.

Also DDS only opened one log which is posted below.

I do not know whether I have access to a windows install disc. I found a windows XP disc which is for one of my computers but the infected computer runs Windows Vista and I can't find an install disc at the moment although I can't imagine that I would have gotten rid of it.

Finally - I'm not sure the ARK files contains anything. I did type in ARK.txt and it saved as a text file but I didn't see any text in it. So let me know if I need to re-submit (I will rescan in case) and let me know how to get the 2nd log from DDS.

Here is the DDS.txt log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeff Rosn... Read more

A:Computer is infected with malware

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Thanks,
K27.

19 more replies
Answer Match 48.72%

My computer is infected when i search on google in firefox 3 it directs me to sites such as priceshopper.com and others suspicious sites





DDS (Version 1.1.0) - NTFSx86
Run by geoff at 12:07:18.92 on Wed 12/31/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.291 [GMT -5:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\prog... Read more

A:Malware Help!! Infected Computer

Hello and welcome to TSF.

If you haven't received help elsewhere and still require assistance, please post a fresh DDS.txt as it has been a while since you posted.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

5 more replies
Answer Match 48.3%

My sons computer is infected with unwanted popups, please help me clean the system. Messages come up saying your computer is infected and offers to sell you a product to clean it. Dos window pops up with a game, looks like a ball bouncing around the screen. I included the dds logs and attached the requested zip files. Thanks.

DDS logs

DDS (Ver_09-03-16.01) - NTFSx86
Run by Darcy at 18:15:10.37 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.893 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\C... Read more

A:Malware infected computer, popups.

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Mark

15 more replies
Answer Match 48.3%

Hello, I was directed to this site from trend after doing a google search on the problem I have on my desktop. I am ok following directions to a point. Old guy, and don't know much about how computers do what they do. Here is what I am seeing:My screen saver was removed and replaced with:Warning!Spyware detected on your computer!Install an antivirus or spyware to clean your computer(Above was on an orange background)(below was on a white background)Warning! WIN32/Adware.virtumonde Danger!(in red) WIN32/PrivacyRemover.M64 detected on your computer Danger!(in red)Please activate your antivirus software to clean your computer(with a box around it)All of the above was in a windows type box with a dark green outline around the lower half and light green outline around the upper half)I am missing the Desktop Background and Choose a Screensaver options from apperance and themes.If I let the screen saver pop up, it is a blue background with white text:A problem has been detected...Bad...pool...then the bottom of the screen goes restarting...At that point I hit the escape key to go back to the desktop.I have run hijackthis, and here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:56:29 PM, on 8/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC... Read more

A:Unknown Malware Has Infected My Computer

Please delete original post.
Thank you
Patrick

2 more replies
Answer Match 48.3%

This thread continues from general security thread regarding sony vaio following advice from GLASWEGIAN. Computer browsers redirect and popups imitating virus scans make system hard to use. My kid uses for on-line gaming

Below is DDS and attached are the ark and attach files.

tony_g


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ryan Janelli at 16:49:02.42 on Fri 08/21/2009
Internet Explorer: 6.0.2600.0000 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.525 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msa.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WIN... Read more

A:malware infected computer: tony_g

Hello again, tony_g.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------... Read more

19 more replies
Answer Match 48.3%

I have been having problems with malware that has been controlling my computer randomly for the past week, it controls my computer without internet I believe but I am not so sure on that one but it seems like a person is controlling it since it makes spelling mistakes and such. It happens at the random time of the day and types and clicks on my screen
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by steve at 21:43:16 on 2014-10-07
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.16329.13277 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\W... Read more

A:I might be infected with malware that controls my computer

Hi, welcome to Bleeping Computer, sorry about the delay but we get quite busy around here.  DDS is a bit outdated and not being updated, lets run these scans instead so we can see whats going on
 
 
Please download aswMBR to your desktop.
 
Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
============================================================================
 
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Press Scan button.
It will produc... Read more

2 more replies
Answer Match 48.3%

I discovered my computer to be infected last week, and my office computer department provided me with a disc to assist me in removing the virus. I used malware bytes, super anti-spyware, ATF cleaner and spyware blaster. The virus is disabling my windows firewall, and when i run super anti-spyware, it cleans out some of it, but the virus keeps coming back. It reads:

Globalroot/systemroot/system32/hjk............. is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." Once I click ok on the error window it disappears and the program I was attempting to access will open. This occures every time I try to select a program.

After i ran Super Anit-Spyware and reboot in normal mode, a black screen comes up for about 15 min, with the mouse only showing, and then when my regular screen appears, it doesnt allow me to click on anything, i tried to run symantec but couldn't so i shut it off and ran super anti-spyware and it finds a little bit more sometimes, and it stops popping up for a couple of hours but then reappears. I dont know whatelse to do, please help.

A:I think my computer is infected with Malware/Spyware

So i am not sure,can you run programs now/If so run ROOTREPEALNext Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Go HERE, and download RootRepeal.zip to your Desktop. Tutorial with images ,if needed >> [email protected]@K.Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner. Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.DriversFilesProcessesSSDTStealth ObjectsHidden ServicesNow you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there). Please copy and paste that into your next reply. If you cannot use the Internet,you will need access to another computer that has a connection.From there save the applicationto a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

12 more replies
Answer Match 48.3%

I need help! I have run avast and malware and found several of them. but when ever i try to remove them the computer get crazy.
 

A:My computer is infected with malware and rootkits

15 more replies
Answer Match 48.3%

My computer is infected. I'd appreciate an expert opinion on how I should get can get rid of the malware. Attached are some logs that could help.

Thanks for any help.

A:Help Request- Malware Infected Computer

Logfile of HijackThis v1.99.1Scan saved at 2:18:28 PM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\WINDOWS\Dit.exeC:\Program Files\Creative\Shared Files\CTSched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Google\Gmail Notifier\gnotify.exec:\progra~1\mcafee.com\vso ... Read more

2 more replies
Answer Match 48.3%

Please help! Computer has been infected with spyware/malware. I've been trying to clean it, but seems as though there are a few things lingering ...
Logfile of HijackThis v1.99.1
Scan saved at 11:41:44 PM, on 9/3/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
C:\Users\mollymathew\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Te... Read more

A:Computer infected spyware/malware

Hiya

Download Security Check from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.


Download and scan with SUPERAntiSpyware Free Edition for Home Users
Double-click SUPERAntiSpyware.exe and use ... Read more

1 more replies
Answer Match 48.3%

My computer is running slower then usual, gets ad when browsing/ facebook. Also get alot of pop-ups. Thanks



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by mike at 11:18:49 on 2012-08-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2251 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Window... Read more

A:Malware/ trojans infected computer

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Answer Match 48.3%

My sister&#8217;s computer is infected with malware, which she has been unable to resolve. Therefore, I would appreciate any help in order to resolve the problem. Thanks in advance for your help.

PS - I will run HJT and post the log once it is complete. Updated: HJT posted below.

Symptoms:

Popup messages &#8211; virus warning messages (which prompt you to purchase virus software).

Speakers &#8211; randomly turn on and play unknown internet radio(?) station for several minutes.

Computer - runs slow and CPU usage goes to 100%

Action Taken:
Ad-Aware (free) found the following two malware objects, which continue to appear after being quarantined.

Win32.Rootkit.Agent
Win32.Trojan.Tdss

System Notes:

Microsoft Windows XP (Home Edition 2002) SP3

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:52 PM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTra... Read more

A:Infected Computer: Malware Help Needed

follow advice here and post the logs those programs make in your next reply to this topic
 

1 more replies
Answer Match 48.3%

A few months ago my PC was hit with WinAntiVirusPro. I thought I was rid of it for a while, as I was not having problems, but recently the problems started up again. Specifically, performance on my PC is very slow, when I'm online I frequently get Internet Explorer pop ups, and I have just recently been getting a Windows error message that Windows Explorer must shut down to protect my PC, at which point Explorer (not Internet Explorer) shuts down. I generally use Firefox for web browsing, but the pop ups are always in IE. I have followed all the steps in the Preparation Guide (running Spybot, AdAware, etc). Below is the log from Hijack This. Any help would be appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:02:48 PM, on 11/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\W... Read more

A:Computer Infected With Malware, Winantiviruspro

Hi Patrickjc!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped withthe amout of logs.

Before we can start, please post a fresh hijackthis log back here.

15 more replies
Answer Match 48.3%

having problems with my computer. noticed random pop ups were coming up about 1 1/2 weeks ago, i tried to run malewarebytes and it couldn't locate the file anymore, so apparently whatever i have changed the location and deleted the .exe file. have since installed malewarebytes on a different computer and transferred the .exe to this computer. i've run it countless times and something always comes up. it says it deletes the file after a reboot, but it still runs. i've also done eset online scan with the same thing. recenlty these files have always been infected with malewarebyleRegistry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rutiritob (Trojan.Vundo.H) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Also, I've tried to restore to about 2 weeks ago, and all the days I choose won't restore. All help would be greately appreciated!!!Here is my hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:20 PM, on 12/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\servic... Read more

A:infected computer...malware/trojan?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Answer Match 48.3%

About a month ago my computer got infected with some vundo/malware. Occasionally, pop-ups will show up out of nowhere and it also seems to have attached itself to some of my programs. Like when SKYPE will open, it will appear as two separate operating programs with the same name on my Windows Task Manager. This has made my computer extremely slow and vulnerable. What should I do? I have no experiences with something like this.
My HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:59 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\awmnwdam.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Prog... Read more

More replies
Answer Match 48.3%

I am experiencing the same problems as the girl in the previous topicHere is my logSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/30/2008 at 04:36 PMApplication Version : 4.23.1006Core Rules Database Version : 3677Trace Rules Database Version: 1641Scan type : Complete ScanTotal Scan Time : 00:35:00Memory items scanned : 376Memory threats detected : 0Registry items scanned : 5036Registry threats detected : 10File items scanned : 22616File threats detected : 3Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\QOMDBBCB.DLL HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}Trojan.Smitfraud Variant-Gen/Bensorty HKLM\Software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32 HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM32\TYSHB36RFJDF.DLLAdware.Tracking Cookie C:\Documents and Settings\Ch... Read more

A:Computer Infected with Virtumonde and other malware

Hello chukaluk and welcome to BC

Can you please describe the problems you are having? Topics do not stay in the same order even if a topic is not moved into a different forum as this one was; each time someone posts to a topic, it shifts up in the forum.

Also, please let us know what your operating system is - Windows XP, Vista, etc. - and what security programs besides SuperAntiSpyware that you have installed.

Orange Blossom

17 more replies
Answer Match 48.3%

Hi there,

First of all, this is the best website I know. Member "Neonfix" provided a tremendous service by fixing a serious malware issue on my computer, so when my parents ran into malware-related problems, this is the first place I thought I should go for help.

My parents have a Dell Inspiron 5100 with Windows XP Home Edition installed. This computer got infected with malware and since I wasn't around, I have no idea what triggered it. They say the last thing they used was Skype before the system froze. When I first saw the computer (after the attack), the system was in bad shape. The system would not get past the initial Windows Xp load screen (black background) before rebooting in an endless cycle (none of the other alternate boot modes like Safe Mode worked).

To get to the desktop, I ran the XP installation disk to repair the installation and get me to the desktop. One of the consequences of doing this is that now my computer was returned to Service Pack 1, and due to errors (probably resulting from malware), I cannot run Windows update to install the other Service packs or updates.

When I now startup the computer, I notice that it takes a long time to get past the "Windows is starting up" screen that appears right before the "Welcome" screen. Anyway, after running a full scan with Malwarebytes and Avast Antivirus (which did find some viruses), I rebooted and looked at the event viewer - there are numerous errors. I've attache... Read more

A:Parents' computer infected by malware

7 more replies
Answer Match 48.3%

My laptop was recently attacked by some sort of malware. I cannot provide details of the exact problem, as it happened while my girlfriend was using the computer at work. She had to turn off the firewall to get the network connection to work and within a couple of hours she received a pop-up warning her that the computer was infected and whether she wanted it resolved. She unsuspectingly clicked yes and this was followed by a deluge of pop up windows for porn sites, viagra etc.

Steps to correct problem

1. I ran malwarebytes in safe mode and did not come up with any infected items.
2. I ran Super Antispyware professional in safe mode and it detected 31 trojans which I then removed.
3. I then restarted the laptop and ran Kaspersky Anti-Virus and it came up with nothing except for a vulnerabilities detected in MS-Office.
4. I ran Malwarebytes one more time and it did not detect anything.

At this poinit, I just want peace of mind that I do not have any residual spyware/malware on my laptop as I use it for paying bills. I would greatly appreciate it if you could recommend steps I can take to ensure my laptop is clean.

Thanks in advance

A:Computer attacked by malware- Still infected?

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again.Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.TFC will clear out all temp folders for... Read more

1 more replies
Answer Match 48.3%

I joined this forum a couple minutes ago because I have a serious problem with my computer. And please, if you want to explain how to fix this problem do it so that I can understand . I am not very experienced with computers. All I know is some basic stuff like how to run games, installing stuff, uninstalling stuff, and stuff like that.

Anyway, I have been getting this error for a couple days now. Here is what the error looks like: http://img62.imageshack.us/img62/8035/46618280.png

Sorry about how the image looks, my image taking device is pretty bad. Anyway, in the top corner, it says something about Maplestory.exe, but the error just comes up whenever I open or close ANY program.

I tried system restoring my computer to a day before, but that didn't do anything either. All I remember about how I got the virus is that I was on google images looking for pictures of Puyol (the Spanish football player) then suddenly a Java screen opens up and Avira detects a virus called JAVA/Clagent.H

The file was located in C:\Users\Navid Farhadi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\776587d7-4267876b

I also scanned my computer with Malwarebytes, Registry Booster, Security 360, and Systemcare Free so that didn't do anything either. Also, the system restore didn't change anything.

Could anyone walk me through how I can fix the problem in a nice and easy way? Thank you guys very much for your time

/Navid

A:Is my computer infected with Malware? Or is this just an error?

That's an application error, not a virus notification.

For issues running that executable, try the support website for it: MapleStory - A Free Massively Multiplayer Online Role-playing Game

9 more replies
Answer Match 48.3%

Problems with my computer started a few days ago when I noticed a few suspicious processes running which I ended. I ran several scans using AVG, Ad-Aware, Avira, Spybot Search and Destroy and found and 'removed' them.

"C:\WINDOWS\system32\svchost.exe (2400)";"Trojan horse Generic13.ATPH";""
"C:\WINDOWS\system32\svchost.exe (1604)";"Trojan horse Generic13.ATPH";""
"C:\WINDOWS\system32\svchost.exe (1076)";"Trojan horse Generic13.ATPH";""
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"

However after I restarted my computer, it got as far as the "Windows Is Starting Up" screen before it just showed a blank black screen. I decided to try to run it on Safe Mode but got the same result. I then restarted it a few times before it finally started up and I ran a few more virus scans. They didn't show anything up so I tried to download and run Malwarebytes because several othe... Read more

A:Computer Infected with Trojan / Other Malware

I managed to get on safemode and renamed the Malwarebytes program
I found uacinit.dll and MSIVXcount in my system32 folders.
Right now I'm on a different computer posting this just in case.
However I wasn't able to remove them and the program said it would 'delete on boot' but when I restarted and went back on safemode to rescan
It came back up with 3 items. The 2 previously mentioned ones and a registry file.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Every time I restart and rescan, I get the same 3 items.

18 more replies
Answer Match 48.3%

Hey there. I'm worried I may be infected with some kind of malware or virus. First off, very consistently, my internet explorer stops working. The overall performance of the computer is slower, and I think I have that AntiVirus 7 as well. I feel like things are a deep mess. I logged onto my gmail, and it said that my account was open an another location! Am I infected and infiltrated? If so, can you help me rid of this? My Trend Micro picks up nothing. Neither does my Malware Bites. I wanna run a HiJackThis, but the last time I did that, one of your reps said that it was becoming less effective. I definitely think my computer is not right, and I'm here for assistancew. Thank you!Here is my Hijack This logfile. Thank you again!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:38 AM, on 3/22/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital... Read more

A:Fear my computer is infected with malware.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

38 more replies
Answer Match 48.3%

My kid went to somet website to create something for his minecraft. Now his computer will not work. It takes a long time to boot.I was able to logon but computer screen is blank after that. Cannot do anything further. Started the computer in safe mode., Ran Malwarebytes. Found more than 400 malware threats. For each malware threat, vendor is pup.optional.mysearchdial.a, pup.optional.dealply, pup.optional.conduit.a   etc and so many different pup.optional.
 
I want to use Malwarebytes to rmeove malware but i am not sure that it will remove all the malwares from the computer. It looks like conduit and other malwares has infected the chrome and other browser on thecomputer . I see that malware has installed bunch of other programs like weather alerts, newplayer, anyprotect etc.
 
 
 

A:Computer infected by pup.optional malware!! Please help!!

Hello sirefef I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

3 more replies
Answer Match 48.3%

Hi, I have an infection with which I need your help. Each time I open a browser, I get a series of adware/malware pop-ups from the following sites/programs:

Offers by Boost, Web Bar, sbakyl.com, and getupdatesnow.com

I have read and followed your instructions for posting the preliminary scans. Unfortunately, I cannot get DDS to run. When I try to run, I get the following message:

"DDS is not meant to run in compatability mode. The program shall now exit".

I was able to run GMER. The ark.txt zip file is attached. Please review and advise next steps to remove this infection. Thanks in advance for your help.

A:Computer infected with adware/malware

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

16 more replies
Answer Match 48.3%

Ok, so after a week struggling away by myself, I have decided that advice from others is the only way forward. Around last week I contracted a, what I believe to be, 'virus'. It doesn't affect anything on my computer except Chrome. I have searched Google with both Safari and Internet explorer and each time I seem to be able to get patched through to the correct links. This 'virus' does not allow me to get through to the correct links first time when I click them in the results of my Google search. I will have to press 'back' and then try again. It doesn't happen with every link however I see no pattern with the redirecting of search results, it doesn't seem to be traffic orientated. I did run a log on Malwarebytes which resulted in showing me I wasn't infected, but I still have the problem:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6833

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/06/2011 12:51:40
mbam-log-2011-06-11 (12-51-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 412320
Time elapsed: 29 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)
... Read more

More replies
Answer Match 48.3%

Hi, my computer is infected with adware/malware and/or viruses. If you review my account, you will see a thread that I opened a couple weeks ago with an identical situation.

Earlier this week, we had completed cleaning the computer and all was running well. Suddenly, a couple of days ago, I started experiencing the same problems. I have not downloaded any new programs from the internet since the last cleaning, but I am getting the exact same pop-ups as before.

I tried running DDS and GMER as requested to start a new thread, but I cannot get either program to run the scans properly.

Please review the previous thread for any more information needed and advise the next steps to start the cleaning process for this same problem.

I appreciate your help very much. Thank you.

A:Computer re-infected with adware/malware

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

10 more replies
Answer Match 48.3%

While working on a HTML project for school in late September, I began searching around the web for some images online. Soon enough, I landed on Mininova and found the following torrents, which I started in my bittorrent client: link removed
{Directory of actual .jpg images with a link to some unsavory site. I remember making sure the link was excluded from download.}
--> link removed <--
{RAR file. The description listed this as example (although I never went to it to check): link removed

  • While attempting to navigate to above torrent page (1313017), the following pop-up appeared although I have pop-ups blocked (likely irrelevant, but wanted to include anyway):

    link removed
  • Well. Immediately as the RARed torrent #1313017 finished downloading, Comodo firewall began sending a barrage of messages regarding a "~.exe" that was attempting to access the internet and install components. I blocked all, of course. Then it alerted something similar about "3DE.tmp" attempting to install some components. I continued to hit "Block", all the while FURIOUS that Avast!Home had provided NO protection although it was on, enabled, and fully updated.

    Then, all of sudden, all my open programs began to close out one by one, and the system restarted on its own. I immediately began hitting F5 to activate the SAFE MODE selection window, and selected SAFE MODE.

    I ran Avast! Home's scanner ... Read more

    A:Malware infected and restarted computer - Help!

    Run this application first and then Update mbam and run a FULL scanPlease post the resultsPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Any time the computer restarts you will need to run the application again================================We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
    Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
    Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to r... Read more

    1 more replies
    Answer Match 48.3%

    The following is my hijackthis log. Any help would be appreciated. Thank you.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:35:40 AM, on 7/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\... Read more

    More replies
    Answer Match 48.3%

    Somehow my computer was infected with the windows defender virus and I seem to have gotten rid of a majority of it by running malwarebytes and some other anti software programs in safe mode. I also deleted a file that seemed to be causing my google search results to re direct. There is still something lurking around and I have no idea how to get rid of it. None of my internet browsers will function properly and I get the following errors everytime I start one of them up.IE - A program on your computer has corrupted your defualt search provider settings for Internet Explorer. IE has reset this setting to your original search provider, LiveSearch (Seach.live.com)Firefox - (Entry point not found) The procedure entry point IsThreadDesktopComposited could not be located in the dynamic link library USER32.dllChrome - Chrome just crashes everytime I try to install itThanks in advance for your help...Here is my DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by gives at 8:18:28.44 on Thu 05/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1500 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) / Copyright 8============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\... Read more

    A:Malware removed but computer still infected

    Hello, GFI3Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do ... Read more

    18 more replies
    Answer Match 48.3%

    I'm not sure what it is, but i was told i would get great help from here. I have random pop-ups even when i'm off line. There's a program thats on my computer now called Personal Guard 2009 ( which appears to be da virus) i've tried deleting the program but it just installs itself back. And i've also had a few browser issues.
    I have Trend Micro Antivirus/Antispyware but it just shows the following:
    infected files :
    winsc.exe - has a virus
    uninstalls.exe (for personal guard) - has a virus
    personalguard.exe - has a virus
    iehelper.exe -has a virus
    and torjans are deleted every 5 seconds when i run a scan.
    I've tried deleting some but it want let me. It seems to be getting worst. Help anyone???

    A:My Computer Seems To Be Infected With A Virus/Malware. HELP!!

    As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

    3 more replies
    Answer Match 48.3%

    I am having issues with my computer.. I have Zonealarm firewall and Avast Antivirus. Avast has not alerted me to anything unusual, however over the past few weeks, Zonealarm says computer IP 192.168.1.3 is trying to connect to my computer.. This happens anywhere between 7 to 12 times a day. The attempts are blocked through zonealarm but I want to get rid of the cause. Also, Zonealarm notified me that something called RAZERTA was trying to send data from my computer. I'm not sure what that is?

    Please forgive me, I know very little about computers, so I may sound like a complete idiot.. My computer isn't doing anything weird, other than running a little slow, so I didn't do anything about the zonealarm alerts. However, I maintain a few websites, and recently somehow they were hacked into and malicious scripts were added into the headers of the index pages of all three of the sites I work on. I removed the script and reloaded the index pages, and the sites stay clean for a day and then have the same issue the next day.

    Please help me.. I'm assuming my computer has something funky on it. I had downloaded some webcam programs like skype and oozoo and msn messager over the past few weeks, but when I started having computer issues I deleted all three programs.

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Charity at 15:00:08.43 on Tue 10/27/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.349 [GMT -7:00]

    AV: avast... Read more

    A:Infected computer, not sure what kind of malware?

    Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following: 1. Click on the My C... Read more

    2 more replies