Tech Problem Aggregator

Infected with atlsystemXXXXXX.exe

Q: Infected with atlsystemXXXXXX.exe

Windows XP Professional system is infected with a virus or malware that makes files that start with atlsystem and end with .exe. In between atlsystem and .exe there are random numbers. MalwareBytes detects and says it removes them, but there is some underlying component that isn't removed. The files come back after reboot.

DDS Log Contents:

DDS (Ver_09-02-01.01) - NTFSx86
Run by nreitter at 18:39:59.64 on 2009-02-23
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1439 [GMT -5:00]

AV: eTrust ITM *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nreitter\My Documents\Downloads\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235403139892
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235403130658
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli s t e m 3 2 \ i n o b u . d l

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nreitter\applic~1\mozilla\firefox\profiles\xw51chwf.default\

============= SERVICES / DRIVERS ===============

R2 eq2soft;Service Eset;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R2 netmantow;Network Connections.;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-02-23 17:18 59,904 a------- c:\windows\system32\atlsystem429956.exe
2009-02-23 17:18 59,904 a------- c:\windows\system32\atlsystem663724.exe
2009-02-23 17:18 59,904 a------- c:\windows\system32\atlsystem882754.exe
2009-02-23 17:18 59,904 a------- c:\windows\system32\atlsystem568713.exe
2009-02-23 17:18 131,072 a------- c:\windows\system32\atlsystem66447.exe
2009-02-23 17:18 122,880 a------- c:\windows\system32\atlsystem34844.exe
2009-02-23 17:18 97,792 a------- c:\windows\system32\atlsystem918628.exe
2009-02-23 15:40 59,904 a------- c:\windows\system32\atlsystem461558.exe
2009-02-23 15:40 59,904 a------- c:\windows\system32\atlsystem896885.exe
2009-02-23 15:40 59,904 a------- c:\windows\system32\atlsystem232131.exe
2009-02-23 15:40 59,904 a------- c:\windows\system32\atlsystem9850.exe
2009-02-23 15:40 131,072 a------- c:\windows\system32\atlsystem653661.exe
2009-02-23 15:40 122,880 a------- c:\windows\system32\atlsystem945467.exe
2009-02-23 15:40 97,792 a------- c:\windows\system32\atlsystem805520.exe
2009-02-23 15:36 86,016 a------- c:\windows\system32\u152395931.dll
2009-02-23 15:36 77,824 a------- c:\windows\system32\u1523630.dll
2009-02-23 15:36 59,904 a------- c:\windows\system32\atlsystem488833.exe
2009-02-23 15:36 59,904 a------- c:\windows\system32\atlsystem407560.exe
2009-02-23 14:54 86,016 a------- c:\windows\system32\u142345755.dll
2009-02-23 14:54 77,824 a------- c:\windows\system32\u142395749.dll
2009-02-23 14:12 86,016 a------- c:\windows\system32\u142370424.dll
2009-02-23 14:12 77,824 a------- c:\windows\system32\u142329818.dll
2009-02-23 14:07 <DIR> a-dshr-- C:\cmdcons
2009-02-23 14:06 161,792 a------- c:\windows\SWREG.exe
2009-02-23 14:06 98,816 a------- c:\windows\sed.exe
2009-02-23 13:39 <DIR> --d----- C:\hjt
2009-02-23 12:40 131,072 a------- c:\windows\system32\atlsystem85617.exe
2009-02-23 12:40 122,880 a------- c:\windows\system32\atlsystem71669.exe
2009-02-23 10:33 <DIR> --d----- c:\windows\pss
2009-02-23 10:32 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-23 10:19 86,016 a------- c:\windows\system32\u10233874.dll
2009-02-23 10:18 77,824 a------- c:\windows\system32\u10237459.dll
2009-02-23 08:21 <DIR> --d----- c:\docume~1\nreitter\applic~1\Malwarebytes
2009-02-23 08:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-23 08:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 08:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 08:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-23 08:15 86,016 a------- c:\windows\system32\u82357832.dll
2009-02-23 08:15 77,824 a------- c:\windows\system32\u82312528.dll
2009-02-23 06:57 135,168 a------- c:\windows\system32\atlsystem5738.exe
2009-02-22 17:21 86,016 a------- c:\windows\system32\u172275047.dll
2009-02-22 17:21 77,824 a------- c:\windows\system32\u172265645.dll
2009-02-22 17:15 86,016 a------- c:\windows\system32\u172295311.dll
2009-02-22 17:15 77,824 a------- c:\windows\system32\u17229067.dll
2009-02-22 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-22 16:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-22 16:48 <DIR> --d----- c:\docume~1\nreitter\applic~1\SUPERAntiSpyware.com
2009-02-22 16:28 86,016 a------- c:\windows\system32\u16221541.dll
2009-02-22 16:28 77,824 a------- c:\windows\system32\u1622040.dll
2009-02-22 15:41 86,016 a------- c:\windows\system32\u152235944.dll
2009-02-22 15:41 77,824 a------- c:\windows\system32\u152248443.dll
2009-02-21 19:06 86,016 a------- c:\windows\system32\u192185922.dll
2009-02-21 19:06 77,824 a------- c:\windows\system32\u192114019.dll
2009-02-21 12:35 65,536 a------- c:\windows\system32\der5609488.dll
2009-02-21 12:35 65,536 a------- c:\windows\system32\der7119346.dll
2009-02-21 12:33 86,016 a------- c:\windows\system32\u122131225.dll
2009-02-21 12:33 77,824 a------- c:\windows\system32\u122135920.dll
2009-02-21 12:32 65,536 a------- c:\windows\system32\der4559674.dll
2009-02-12 15:56 <DIR> --d----- c:\program files\Citrix
2009-02-12 15:56 60,744 a------- c:\documents and settings\nreitter\g2mdlhlpx.exe
2009-02-05 20:41 <DIR> --d----- c:\program files\MJ4120 SERIES
2009-02-05 20:40 <DIR> --d----- c:\program files\CdrPlayBack_MJPEG
2009-02-05 20:39 548,864 a------- c:\windows\system32\J2K_Decode.dll
2009-02-05 20:39 352,256 a------- c:\windows\system32\ijl15.dll
2009-02-05 20:39 327,680 a------- c:\windows\system32\kdu_v45R.dll
2009-02-04 17:08 <DIR> --d----- C:\fc018016df1fe2817d17cc58ff
2009-02-04 17:08 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-29 15:03 132 a------- c:\windows\ODBC.INI
2009-01-29 10:10 <DIR> --d----- C:\crystalreportviewers12
2009-01-29 10:09 42,847 a------t c:\windows\system32\ISUSMsg.rtf

==================== Find3M ====================

2009-02-23 08:18 81,556 a------- c:\windows\system32\nvModes.dat
2009-01-21 16:53 249,856 -------- c:\windows\Setup1.exe
2009-01-21 16:53 73,216 a------- c:\windows\ST6UNST.EXE
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-06 08:38 35,328 a------- c:\windows\system32\drivers\ax88772.sys
2008-12-26 12:25 123,127 a------- c:\windows\HPHins12.dat
2008-12-25 08:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 18:40:17.27 ===============

A: Infected with atlsystemXXXXXX.exe

Delete your version of ComboFix and download a fresh one from below, then save it on the Desktop.. but DO NOT run it yet..Link 1Link 2Link 3NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..1. Please open NotepadIf you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter2. Now copy/paste the entire content of the codebox below into the Notepad window:http://www.bleepingcomputer.com/forums/t/205983/infected-with-atlsystemxxxxxxexe/

KillAll::

NetSvc::
softyinforwow1
eq2soft
netmantow

Driver::
softyinforwow1
eq2soft
netmantow

Collect::
c:\windows\system32\atlsystem429956.exe
c:\windows\system32\atlsystem663724.exe
c:\windows\system32\atlsystem882754.exe
c:\windows\system32\atlsystem568713.exe
c:\windows\system32\atlsystem66447.exe
c:\windows\system32\atlsystem34844.exe
c:\windows\system32\atlsystem918628.exe
c:\windows\system32\atlsystem461558.exe
c:\windows\system32\atlsystem896885.exe
c:\windows\system32\atlsystem232131.exe
c:\windows\system32\atlsystem9850.exe
c:\windows\system32\atlsystem653661.exe
c:\windows\system32\atlsystem945467.exe
c:\windows\system32\atlsystem805520.exe
c:\windows\system32\u152395931.dll
c:\windows\system32\u1523630.dll
c:\windows\system32\atlsystem488833.exe
c:\windows\system32\atlsystem407560.exe
c:\windows\system32\u142345755.dll
c:\windows\system32\u142395749.dll
c:\windows\system32\u142370424.dll
c:\windows\system32\u142329818.dll
c:\windows\system32\atlsystem85617.exe
c:\windows\system32\atlsystem71669.exe
c:\windows\system32\u10233874.dll
c:\windows\system32\u10237459.dll
c:\windows\system32\u82357832.dll
c:\windows\system32\u82312528.dll
c:\windows\system32\atlsystem5738.exe
c:\windows\system32\u172275047.dll
c:\windows\system32\u172265645.dll
c:\windows\system32\u172295311.dll
c:\windows\system32\u17229067.dll
c:\windows\system32\u16221541.dll
c:\windows\system32\u1622040.dll
c:\windows\system32\u152235944.dll
c:\windows\system32\u152248443.dll
c:\windows\system32\u192185922.dll
c:\windows\system32\u192114019.dll
c:\windows\system32\der5609488.dll
c:\windows\system32\der7119346.dll
c:\windows\system32\u122131225.dll
c:\windows\system32\u122135920.dll
c:\windows\system32\der4559674.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,003. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.**Note** When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box.Simply follow the instructions to copy/paste/send the requested file.

2 more replies
Answer Match 26.04%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Answer Match 26.04%

DDS (Ver_09-05-14.01) - NTFSx86
Run by Bogdan at 0:21:16,39 on 30.07.2004
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1251.380.1049.18.223.55 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
H:\FIX\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\b... Read more

A:Infected by the same flash drive as this http://preview.tinyurl.com/o3l47t one was infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 26.04%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Answer Match 26.04%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Answer Match 26.04%

Hello, I have a gateway desktop computer with Winidows XP SP3, Internet Explorer 8, 2GB RAM, and 600GB Hard Drive.Avira Free Antivirus detected TR/Drop.daws.juu in my recovery partition (D:\) yesterday. MBAM detected PUM.Hijack.StartMenu on my regular partition. I removed these infections and proceeded to backup some files to my eternal hard drive. While doing so, Avira detected TR/Keygen.AQ.19 and TR/Tool.Keygen.517 in the "system volume information" folder on my eternal hard drive. I removed these as well.Lately I've noticed that my computer would behave strangely but more of the behavior is so subtle that it's hard describe it properly. Every now and then a process named mme.exe would show up in the task manager. I did a little bit of digging and everything I found suggested that it is maliciious.I am usually able to resolve stuff like this on my own, but this time I'm getting nowhere. I have never had an infection on anything other than the partitiion that my operating system is installed on. I am need of your help badly. Thank you for your time, here are the logs. -----------------------------------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Owner at 5:50:25 on 2012-02-10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1348 [GMT -6:00].AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.===... Read more

A:Multiple Infections - Regular Partition infected with "PUM.Hijack.StartMenu" - Recovery Partitiion infected with...

Hi there,

It appears that you are receiving help at another forum: http://forums.majorgeeks.com/showthread.php?t=253464

Having multiple topics open at different forums only serves to confuse matters and waste the volunteers' time. In addition, it seems that you have since reformatted your drive. As such, I will close your topic here.

Regards.

Casey

1 more replies
Answer Match 26.04%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

A:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Answer Match 26.04%

Hi, Our computer has been infected since yesterday with the SMART HDD virus, which has been hiding all programs. I also believe our computer is infected with a TDSS type of rootkit virus in reading thru you website, as we've been having redirects happening in the search results of Google and BING for quite a number of weeks now.

We have a WINDOWS XP Service Pack 3 computer.

The SMART HDD virus had (at first) completely hidden all the programs from me and made them in-accessible. (see below) I was able to "un-hide" the programs, which allowed me access to Internet Explorer, Outlook Express and a few other programs, but not access to the important virus programs such as Malwarebytes and it wouldn't allow me to run the TDSSkiller program (even with re-naming it.), DDS froze up my system twice so I've not tried it again.

What I've done so far:

From a work computer on a whole different network, I was able to read up on your site, good information on what is going on and the steps I needed to take. However, the system is not allowing me to take the necessary steps, so I'll definitely need your help in getting around these roadblocks. I have been running my computer in SAFE MODE and doing that - I was (at first) able to un-hide the programs that are non-accessible, by going to My Computer and following the steps your site says to do. That temporarly enabled me to un-hide the programs, but now, the programs are hidden again. Before the progra... Read more

A:Infected with SMART HDD and also appear to be infected with a rootkit (TDSS type of issue)

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

24 more replies
Answer Match 26.04%

Hello, I am new and hope I am in the correct forum. If not please direct me to the right place. I am going nuts here. I am running Windows XP. I keep getting an extremely annoying warning message which says the following: There is an "x" in red beside the message...."Your System was infected by zlob trojan. It's very dangerous for your system (critical data can be lost)!Click OK to download the antimalware application to clean your hard disk (Recommended)"So you can see it looks very official. It is constantly popping up, especially when I used internet explorer, but not when I use Mozilla Firefox. When I click OK it goes to : setup.exe and says that the application is from 89.149.227.195. I am afraid to click on the setup.exe because I figure it is trying to sell me something.I have Norton Antivirus which I keep updated, but it says it has taken care of all the potential problems of adware and trojans, but this popup continues. I downloaded Avgfree and Spybot Search & Destroy and they say everything is cleaned up too, but the pop up continues. I have done scan using other programs such as SpyDoc and among other things they say I have:Trojan.FakeAlertTrojan.GenericApplication.NirCmdAdware.BHO.GENI ran HiJackthis and this is what it said:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:32:40 PM, on 4/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDO... Read more

A:Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc

Hi,I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and NortonNever install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Also,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since i... Read more

5 more replies
Answer Match 26.04%

Here is my log using HijackThis. My contacts in Windows Live Messenger are receiving pop-up message notifications with infected links. Norton is not picking anything up, and computer is running really slow. Malware Bytes did not pick anything up either. Any help would be appreciated ... thanks!-------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:41 PM, on 05/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Prog... Read more

A:Spyware infected, MSN Live Messenger sending out IM with infected links

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 26.04%

I was infected with vundo, and I thought I cleaned most of it out using SpyDoctor, Spybot S&D, vundofix, etc. but whenever I log back on, I'm still infected.Please help!Here's my HJT log. Not sure what to do to get rid of this infection. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:55 AM, on 10/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:... Read more

A:Infected with Vitrumonde. Used SpyBot, SpyDoctor, VundoFix, VirtuBGone, still infected

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

16 more replies
Answer Match 26.04%

Hi, everyone... my name is Avi... and I'm running XP service pack II. I thought I was pretty good with computers, since I've been playing with them since the era of Wing Commander and Star Control II, and usually I can solve computer issues on my own. However, 2 days ago I noticed that my background had changed to a blue screen that said "Warning, Spyware detected your computer...", and I repetively get a "Blue screen of death" notice on my computer which indicates that its about to shut down, but... then it just goes back into windows. My system restore seems to have become disabled, and the background and screensaver modes on my display menu are not working. I have Kaspersky AV 7.0 installed, but I never installed the Kaspersky firewall cause i felt it slowed down my PC too much. I am running the windows firewall, though... and I have adaware. Please help me get my PC back to normal!I ran the Deckard's Scan, along with the Hijack This scan, and I have included main.txt and extra.txt in this post. Thanks so much!Deckard's System Scanner v20071014.68Run by Avishek on 2008-06-14 15:19:30Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; System Restore is disabled (service is not running).Backed up registry hives.Performed disk cleanup.System Drive C: has 15.3 GiB (less than 15%) free.... Read more

A:Infected With Trojan.win32.pakes.czg/warning Your Computer Has Been Infected...

Hello Ice9996 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additiona... Read more

1 more replies
Answer Match 26.04%

So at first I had the "Internet Security 2010" bug, but I think I fixed that with rkill. But now I got the green desktop with the "system is infected" message. I have heard of people who have this problem trying to restart only to find their system totally screwed, so I'm scared to turn off/restart. I have run DDS and Root Repeal. I know its Christmas, but please help!!!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 3:25:14.42 on Fri 12/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.44 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome... Read more

A:Infected, Big Time... Green Desktop with "Your System is Infected" Message

Visit below website. Understand on how to use ComboFix >> download and run the program >> post the log here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

9 more replies
Answer Match 26.04%

WinXP Service Pack 3 Dell m4300 machine.Last week, let wife use machine, surfed to billboard.com and machine was infected with something.Could not open Task Manager among other things.Shut down, restarted, on restart, logged in to different local admin user and deleted all temp files from profiles. That stabalized machine. Updated McCafee and Ad-Aware. Scanned, no major issues uncovered first day.2nd day, same thing, updated McCafee, Ad-Aware, scanned. McCafee removed a virus, cannot recall which.Machine seemed stable.This week, started getting hijacked links in Firefox and IE. Also locked pop-ups with 'x' and 'cancel' loopping back to advertisement pop-ups.Also, evertime opened a new tab in firefox, a new firefox window would pop-up with a dozen or so tabs open to local files.I was in an urgent situation, so I ran Combofix, it found some stuff and removed it. The entire Combofix.log will be pasted below. Note, I could not figure out how to turn off McCafee on-access scan, so ran it with it on, and I could not download the 'update' for combo-fix, so it ran as I downloaded it.The machine is now stable, but I would like expert help making sure it is clean.After the Combofix log below, I have posted the DDS.scr and the RootRepeal.exe logs from this morning.Please let me know.Thank you, Pete.ComboFix 09-12-02.01 - pwood 12/02/2009 10:07.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3072 [GMT -6:00]Running from: d:\downloads\cf\... Read more

A:Infected Machine - infected copy of atapi.sys found by Combofix

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

3 more replies
Answer Match 25.62%

Yesterday while on the computer I suddenly got the Positive Finds popups. I had malwarebytes premium running and it wasn't able to prevent it I guess.
 
Ran a scan with MBAM and it detected it, I restarted thought it would be fine but Positive Finds is still all over my browser
 
This is the first virus/spyware/adware I've gotten in years so I would like some assistance from you guys
 
Thanks

A:Infected with Positive Finds adware, already took some steps but still infected

Never mind all I had to do was reinstall Chrome and it's gone now

2 more replies
Answer Match 25.62%

Two days ago my computer got infected w/ Internet Security 2010. I did research online and found advice on threads to get rid of it by trying Malwarebytes Anti-Malware and it hasn't worked. I've ran 4 full scan's and each time it pops up with new infections. I have cut off all ties to the internet and have tried performing the "full scan" under safe mode but I still have the blue/green desktop w/ the "Your computer is infected" box in the middle of the desktop and the Internet Security 2010 Icon on the desktop. Now the pop-ups have stopped but how do I get rid of the icon and "box" in the middle of the desktop??? Please help, want to have my laptop back to normal!! :(

A:Infected w/ Internet Security 2010; tried Malwarebytes & still infected

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 25.62%

This is my first post!
 
It may be me just being paranoid, but around a month ago, I was on a japanese import website looking at cars and it told me to download the latest version of flash player and I thought it was legitimate.
 
Anyway, I downloaded off a mirror link to find that when I ran it I had a fake police "lockdown" on my machine.
 
I managed to remove it once, but it reappeared. I then the second time logged off my pc but did not "force log off" and managed to get around the fake "lock down" the virus had made.
 
I have managed to remove all of the startup entries of the virus programs and all of the original files.
 
However, now my MSCONFIG thinks that my Norton 360 is disabled on startup, yet it startsup fine?
 
I had to re-enable all of the services on my PC to make sure everything was working, but now my computer takes minutes to boot up with all programs working, as opposed to before the virus I could load norton instantly.
 
Any help would be great, I have done scans with Norton 360, Malware-Bytes and SpyBot Search and Destroy 2 since.
 
Thanks,
Stallzy.

A:Infected by Fake Police virus and removed, still think my PC is infected.

Hi stalzy ,, Lets look a bit farther.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.AdwClean... Read more

15 more replies
Answer Match 25.62%

Directrdr has infected my computer. I run Firefox 3.5.3 and I cannot search with Google, Bing, or any other search engine that keep logs of my search history. Each time I use one of these search engines new tabs and/or new windows will open up to pages that I did not open myself. I can see the hxxp://www.directrdr.com . . . in the address bar and then it redirects to some other website that I did not authorize. I can use IXquick with few problems, it does not redirect to other pages, but sometimes new tabs will open anyway. When I run IE and try to navigate away from my homepage-MSN it redirects too. I have run Spybot, AVG, Malwarebytes, SDFix, and various others, tried cleaning in Safe Mode and I cannot get rid of this thing. Please help. Thank you for your time.I do not have a GMER file to attach because it keeps crashing. I tried to run it twice and each time it keeps stopping before it can complete its task, it will scan a few files and then stop. Error Message:gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience. DDS (Ver_10-03-17.01) - NTFSx86 Run by at 18:04:11.65 on Thu 07/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.68 [GMT -5:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-5... Read more

A:Infected with directrdr browser hijacker?! Firefox & IE infected.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

42 more replies
Answer Match 25.62%

computer started out with avg detecting several resident shield viruses. noticed ping.exe was using my entire system resources. Firefox was hijacked and started opening random pages. Shut computer down and rebooted into safe mode. Cannot do system restore, tried several restore points with no sucess. Ran AVG in safe mode, backdoor generic14.cbjj found and supposedly white listed as necessary. Ran spybot s&d couple of harmful intrys found. Ran Malewarebytes in safemode trojan horse c:\windows\sytem32\Drivers\netbt.sys. virus fsquirt.exe found and supposedly deleted. Now are booted into safe mode with no connectivity and still obvious that my computer is sick. Need help with how to get back online and get the tools to help me correct this virus. Got help from BC Advisor Broni as to tools to help get this started. Computer is now booted to regular mode and I have ran the requested tools and am posting results as follows

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Cara Leigh at 15:40:52 on 2011-12-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1547 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Backdoor.Generic14.cbjj infected netbt.sys infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432355 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

21 more replies
Answer Match 25.62%

Hi,
I have Dell Inspiron E1405 with Win XP SP3. For last 15 days I am infected with rootkit-agent.sys and tried every malware/antivirus/spyware tool suggested by "am i affected forum". since the rootkit could not be fixed, I was advised to visit HJT forum. need help.
I keep getting rootkit detected message by my AVG.
I am pasting DDS below and also attaching the "attach" file.
request your attention.
regards
g10

**************

DDS (Ver_09-06-26.01) - NTFSx86
Run by first at 22:50:06.40 on Thu 07/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.372 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
... Read more

A:infected with rootkit-agent.di ndis.sys file is infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

11 more replies
Answer Match 25.62%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

A:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 25.62%

Hi, Rigel has been trying to help me, but has now suggested I post here instead. Unfortunately, he was unable to help me.http://www.bleepingcomputer.com/forums/t/222246/infected-please-help/Log created by WinPatrol version 15.5.2008.0:15.5.2008.0Scan saved at 10:58:02 AM, on 5/18/2009Platform: Windows Vista SP1 Home Edition Service Pack 1 (Build 6001)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\taskeng.exeC:\Windows\System32\dwm.exeC:\Windows\explorer.exeC:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exeC:\PROGRAM FILES\SIS VGA UTILITIES\SiSTray.exeC:\Windows\RtHDVCpl.exeC:\PROGRAM FILES\SPARE MESSAGING\MESSAGINGAPP.EXEC:\Windows\V0380Mon.exeC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXEC:\PROGRAM FILES\Java\jre6\bin\jusched.exeC:\Windows\ehome\ehtray.exeC:\PROGRAM FILES\Creative\SHARED FILES\CTSched.exeC:\Windows\System32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exeC:\PROGRAM FILES\INTERNET EXPLORER\ieuser.exeC:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exeC:\Windows\System32\Macromed\Flash\FLASHUTIL9F.EXEC:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exeC:\PROGRAM FILES\WINDOWS LIVE\Contacts\wlcomm.exeC:\PROGRAM FILES\COMMON FILES\Adobe\Updater5\ADOBEUPDATER.EXEC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL... Read more

A:Infected, unable to identify. Moved from Infected Forum.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

48 more replies
Answer Match 25.62%

Since today, my computer doesn't load the explorer anymore. I can still run it through Windows Task Manager though but running explorer.exe, but after it loads, my background has been changed to a message saying "WARNING! You're in Danger! Your computer is infected with Spyware! All you can do with computer is stored forever in your hard disk."
It also constantly badgers me with faulty anti-virus applications called "System Security."

Thank you very much for any help.

Update: I can't load up any applications or even task manager after explorer has started. An icon in the bottom right continues to state "Warning! Application cannot be executed. The file _______.exe is infected. Please activate your antivirus software."

A:Infected: WARNING! you're in danger! Your computer is infected with Spyware!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 25.62%

SUPERAntiSpyware has found 5-6 instances of registry keys infected as unclassified.uknownorigin and appears to be unable to delete them despite repeated efforts.

I have run Advance Systemcare 3 in hopes of deleting it to no avail.

Any help would be greatly appreciated!

A:Infected? SUPERAntiSpyware finds infected registry keys

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

6 more replies
Answer Match 25.62%

i was recently infected with a backdoor.trojan which norton anti virus quarantined and i subsequently deleted it in norton anti virus but i do not know if my system is clean or if it still infected. i would be very grateful if someone could take a look at my log below. thankyou.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:49:40, on 17/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeC:&... Read more

A:Recently Infected With A Backdoor.trojan , Help Needed Please To See If Still Infected

Hello monkeyface, Sorry for the delay. We have many logs backed up. I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.**********************You will need to use Internet Explorer for this scan. Disable your Norton Antiv... Read more

10 more replies
Answer Match 25.2%

Referred here from: http://www.bleepingcomputer.com/forums/t/218785/i-think-i-have-a-keylogger-problem/ ~ OBHello there. I first posted on "Am I Infected" because I had a keylogger problem. That was solved, but apparently the member working with me said I was still infected which was the reason my computer slowed down in the past couple of weeks. He said he couldnt find the AntiVirusSentry file with all the MAMB and SAS scans I did after getting rid of my other problems, so he sent me here. I know my computer is slow, only have 512 of RAM and some of my drivers and BIOS need updates, but its never been this slow. Sometimes while opening a new window, the internet freezes (quite often lately), and sometimes I have to shut them down by using CTRL+ALT+DEL. Other times an error message about runtime appears and says the window has to be closed. I've read it was a problem with the latest Adobe, but I dunno. I just know its painfully slow at the moment. Please help me.DDS (Ver_09-03-16.01) - FAT32x86 Run by Andr? Caetano at 17:21:17,58 on 18-04-2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.418 [GMT 1:00]AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scan... Read more

A:I'm infected - "am I infected" couldnt solve the problem

Should I post a new log? A member told me after I post a log I shouldnt change anything but I did check the disk for errors and I disfragmented the disk. Not sure if that affects anything?

59 more replies
Answer Match 25.2%

Hi there!I'm infected with some very annoying trojan, ive previously ran adaware, spybot search and destroy, avg free antivirus, avast. Some of these picked up the problem, but im still getting the "yourieprotect" homepage when i go on internet explorer.I have ran everything as per this link: http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/This is my smit file: smitRem ? log file version 3.2 by noahdfearMicrosoft Windows XP [Version 5.1.2600]"IE"="6.0000"The current date is: Wed 11/29/2006 The current time is: 14:26:06.57Running fromC:\Documents and Settings\Mourad\Desktop\smitRem~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Pre-run SharedTask Export(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)Copyright? 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Appinitdll check ........ Thank you Grinler!dumphive.exe ?2000-2004 Markus StephanyREG... Read more

A:I Am Also Infected With: Infected With W32/[email protected] A/k/a Zlob Trojan

Hi medicineman1984 and welcome to Bleeping Computer Please post a HijackThis log to here:Click here to download HijackThis.exe Save HijackThis.exe to your desktop. Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder. Run HijackThis.exeClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies
Answer Match 25.2%

Looking for help to remove this dasterdly thing / Been several days on it.

Cannot go to Microsoft to download updates - "Internet explore cannot display this webpage"

system hangs badly

I.E. icon shows alot of activity in system tray

Thank you in advance


DDS Log below and Attach.txt, Attach.zip and Ark.txt attached also

DDS (Ver_10-10-21.02) - NTFSx86
Run by Mike at 16:05:53.54 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.434 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Micros... Read more

A:Infected with TDL4 Rootkit - MBR Possibly Infected

Hi there,I see you've run ComboFix....could you please post the report from it? Also, I see Geek Squad got you...or are you them???? I'd like to know if anything else was done is why I ask.Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

10 more replies
Answer Match 25.2%

Hi all, sent here by Broni for elevated help.  Basically, to summarize, I got a worm possibly through a vulnerability in Flash and from an infected ad (I've only browsed legit websites and I have McAfee SiteAdvisor) and as is typical of people who have the worm, I can't remove it.  Apparently, it's infected my MBR and I was told to run DDS.
 
Here's DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by Daniel at 18:10:34 on 2013-05-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1324 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system3... Read more

A:Infected MBR; Infected with MSIL/Necast.D worm

Hello DasNasty I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

12 more replies
Answer Match 25.2%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

A:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Answer Match 25.2%

Here is my DDS log. Right now my desktop is pure white and I can't set a background image. Also I have a red X showing up in the tray saying "Your Computer is Infected - Click Here to Remove"

DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Administrator at 14:46:59.31 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSr... Read more

A:Infected with "Your computer is infected with a virus - Click Here"

Forgot to mention when I use google in Firefox, I have to open the link 6 or 7 times before it actually brings me to the link, other times it is redirected to a number of sites.

12 more replies
Answer Match 25.2%

Posted about my main box and my vista spare part box.. this is to figure out whats up with one of three laptops that were all on a router together... This laptop crashed after getting the infection I recovered via the harddrive acer setup. No optical drive onstalled this is one of two acer netbooks we use in our family. Thoiught i reinstalled everything i believe a rootkit of some sort has ahold of this laptop...settings change on there own cpu usage is about 50% when just sitting idle from user stand point.
 
 
Please let me know what logs to provide.. Thanks again to all that have helped thus far and continue to be a great support.
 
 
btw: this laptop is an acer aspire one with win xp..

A:My laptop is infected... part of a group of pc's infected

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download a... Read more

32 more replies
Answer Match 25.2%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:36:36 μμ, on 26/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Pr... Read more

A:Infected with a virus that causes NOD32 to remove any .exe that is not infected

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 25.2%
A:Steam infected with Adware (Chrome also was infected)

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Answer Match 25.2%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob



DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

A:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Answer Match 25.2%

I am finding increasingly more machines where antivirus can't seem to disinfect a machine, even with the latest definitions.

Is there a solution for this?

What is everyone else doing to cope with this problem?

I used to be able to disinfect an infected machine and really get it out. Now, after disinfection, I frequently see new alerts within just a few minutes for viruses that I know are included in the virus definition file.

Case in Point: I went on a service call today and found a dozen different viruses in over a hundred different files spread over an eight-computer LAN. After two and a quarter hours of defeat after defeat, I loaded up the entire network, router and all, and brought it back to my shop. This is a drastic step; but, I gotta' know for sure that they are clean when they go back and this is the only way I know to do it with certainty.

I have always been told that one should not run two antivirus programs at once. I'm now doubting one program can do it. Maybe two can't either; but, I am seeing situations where I believe two is better than one.

NTFS has only made it more difficult. I frequently have to remove an NTFS drive and connect it to a known-clean machine to remove viruses. But, that leaves all the virus-related lines in the registry of the non-active but suposedly disinfected drive.

Anyone have any suggestions how one can do a sure-clean on an infected NTFS machine without going to such drastic steps?

There's got to be a ... Read more

A:Infected, cleaned, still infected--can antivirus disinfect it any more?

7 more replies
Answer Match 24.36%

Hi,

My computer is infected with some kind of virus. One of the many, at least it seam like there is. The serious one creates an Internet Gateway at LAN Controller bootup. I cannot disable the Internet Gateway directly but I can disable the LAN Controller (Local Area Connection) then it disapears. The second I enable the LAN Controller the Gateway gets connected again.

Additionally, It seams I have over 70 processes running at any given time, if that helps. Dell tells me the only thing I can do is to reformat. Please Help, I would rather not like to format my system.

I am sure you will find more than just that after reviewing the HijackThis Log file.

Please help me as soon as possible.

Thank you in advance,

Jadecad

===================

Logfile of HijackThis v1.99.1
Scan saved at 10:36:50 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AO... Read more

A:Infected BAD, Please Help Virus Infected -Multiple?

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

I need you to update your copy of Ewido. Please go to this website - http://www.ewido.net/en/download/updates/
Download the full updated database (Approximately 3600 KB) & install it unto your copy of Ewido.

Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

After you have restarted, wait for HijackThis to launch automatically.
With HiJackThis & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O16 - DPF: {B49C4597-8721-4789-9250... Read more

6 more replies
Answer Match 24.36%

I believe I have an infection. When I open my Internet Explorer and browse the internet, after a bit of time a new IE browser window pops up with various ads, virus protection offers, google things etc. It happens every so often. I have tried Malwarebytes, and it did not find the virus. Other virus removal tools have indicated the following is infected:fsvga.sysThe anti virus tools do say they fix it, but it gets infected again afterwards.I have seen the following message:Infected copy of c:\windows\system32\drivers\fsvga.sys was found and disinfected Restored copy from - Kitty had a snack And it continues to be infected.According to GMER, as im sure you will notice, it does show the following:C:\WINDOWS\system32\DRIVERS\fsvga.sys suspicious modificationC:\WINDOWS\system32\drivers\atapi.sys suspicious modificationI have followed you instructions on posting virus removal help request, and the requested files have been attached. Here is also the DDS as follows. Thank you for your help in advance on this matter:DDS (Ver_10-03-17.01) - NTFSx86 Run by Joel at 14:48:26.03 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\W... Read more

A:Infected With Unknown - Infected fsvga.sys

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless ... Read more

11 more replies
Answer Match 24.36%

Let the ol' lady use my PC and ends up getting a 'HTML/Infected.WebPage.Gen notification from AVIRA. Everytime she hits her blogs on IE it ends in bad news. Here is the DDS log. Not sure if I require the Kasperesky scan. I don't have it but will see what you guys say first. Hope this helps. Please advise. Your assistance in this matter is greatly appreciated.DDS (Version 1.1.0) - NTFSx86 Run by ALAN WONG at 21:12:00.89 on Tue 12/23/2008Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.438 [GMT -8:00]AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)FW: Sygate Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Sygate\SPF\smc.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\S3trayp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Pr... Read more

A:Infected with HTML/Infected.WebPage.Gen

Hi,sorry for the delay in getting back to you.If you still needs help, please do next:Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply.

1 more replies
Answer Match 24.36%

Hi,
My friend brought me her HP laptop a few weeks ago because it had a virus. I saw Security Suite stuff pop up all over, and you couldn't run ANYTHNG, so I used the instructions on this site to get rid of it. I thought it was gone but she brought her computer back to me a couple of weeks ago because she was getting popups again. Btw, she actually paid the security suite site thingy 80$. I'm having her go through the steps to get her money back for that now.
So I rescanned with AVG and malwarebytes and it didn't come up with anything. I kept the computer for a few days and used it like normal but got no popups so I gave it back to her. So about a week ago she gave me back the computer as the IE would not work. So I scanned it again and both malwarebytes and AVG came up with a couple of things and got rid of them.
So now I'd like to see if the computer really is clean.
Also, I'd like to know what she needs on here to keep the computer clean?? She scans with both AVG and malwarebytes but I'm not sure that is enough if she keeps thinking she's getting infected. I know she does a lot of facebook apps.

Also, this computer absolutely refuses to scan gmer. The first time I downloaded and ran it it scanned for about an hour then spontaneiously the computer shut down. I didn't see any messages because I wasn't paying attention to it when it shut down. So the next day (today) I tried to scan again and it stopped very close to the ... Read more

A:Was infected with security suite, re infected?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

19 more replies
Answer Match 24.36%

I have a badly infected computer that I would like to make a copy of the whole system to mail to one of the av/am vendors. I think it has some new variants on it.
 
Can the drive it self become infected so that I may not be able to trust that anything else I create with this drive will not be also infected?
 
While this drive is not really exspensive I do not really have the finances to casually replace it.

A:Can a USB Cd/rom be infected plugging into a infected system

Hello dannyboy950:
 
If your computer is badly infected, then backing up the system will just copy the infections to any backup DVDs, which you obviously know.  I don't think you need to worry too much about your external DVD drive being infected, per se.  That would only happen if one or more of the infections could compromise the DVD firmware or the USB driver(s).
 
You should be aware though that many variants of viruses and malware will disable the Windows Volume Snapshot Service (VSS) which will prevent the creation of backups and system restore points.
 
My advice would be to follow the directions here and submit an Farbar Recovery and Scan Tool (FRST) log to the trained Bleeping Computer Malware Response Team members in the Virus/Trojan/Spyware and Malware Removal Logs Forum.
 
You should be aware that the anti-malware response community shares their information with other anti-malware/virus vendors and experts.  If you have been infected with zero-day malware and/or viruses, that information will be shared with those concerned,  Importantly, we need to restore your computer to full functionality, so I do recommend that you get it "disinfected" here.
 
I hope this is of some help.  Forum rules prohibit the posting of FRST logs in this particular Forum - they are only dealt with in the Forum I mentioned.  I am still in training, so I won't be able to assist you in the other Forum.
 
Have a great day.
 ... Read more

5 more replies
Answer Match 24.36%

I'm not sure what caused this as I didn't do anything out of the ordinary with my computer yesterday, but when I opened up itunes a message popped up from my anti-virus avg saying there were infected files in itunes by a trojan. I then clicked to heal them and when I tried opening up itunes it wouldn't let me because some files were missing so it wouldn't start. I figured something was wrong so I started scanning my computer to see what I could find. First I used Malwarebytes' anti-malware and that didn't find any infections, then I scanned it with avg and that found over 500 infections, not all of them were serious ones but some of them were trojans with itunes files. This morning I tried uninstalling and then reinstalling itunes thinking that might solve the problem, but it didn't work and itunes still won't start. I hope someone can help me solve this problem as I am not the best when it comes to computers. If you need anymore info please just ask.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Zac at 7:40:37.82 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.388 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe... Read more

A:Trojan infected itunes may have infected more

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 24.36%

heyy guys,

okayy so about a month ago a trojan managed to get onto my netbook and i scanned with malwarebyte antimalware and super antispyware in safe mode which seemed to fix is for the most part, but im still getting some problems and avast, mbam and superantispyware are all coming up clean.

the worst thing is my internet just cutting out after about 40 minutes of use, wireless zero configuration turns itself off and will not turn on
and one of the svchosts using way too much memory and cpu, but i cant turn it off because that just messes up my netbook.

soo yeah some help would be great cuz this is really getting on my nerves.

More replies
Answer Match 24.36%

Today, I used a pendrive of a friend on my computer, I had auto folder open on. the folder opened and later to find nothing on the pendrive but only a E:\ folder inside the pendrive, then when i clicked hidden items viewable, i saw the pendrive logo I went inside transferred my important document since it needed an immediate printing. My computer has turned very slow following that and there are various hidden documents now on my desktop like $w_microsoft.docx which are of names of files i had deleted long ago and several other files which i had created and used long back but never used in the near history. 
 
Please help me fix this , remove the virus and get back to my old computer speed.
 
 
Thanks alot for help in advance
 
 
 
----FRST LOG-------
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016
Ran by ASRLAPTOP (administrator) on DEEPAK (05-05-2016 18:57:15)
Running from C:\Users\ASRLAPTOP\Downloads
Loaded Profiles: ASRLAPTOP & Administrator & Guest (Available Profiles: ASRLAPTOP & Administrator & Guest)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entr... Read more

A:I think i have been infected by a worm from using an infected pendrive, need hel

Hello imdeepster I am Marie Curie and will gladly help you with any malware-related problems.Please familiarize yourself with the following ground rules before you start.Read my instructions thoroughly, carry out each step in the given order.Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.If you are unsure about anything or if you encounter any problems, please stop and inform me about it.Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.Back up important files before we start.--------------------------------------------------------------  Please read the following warnings before you proceed.  ComboFix Warning------------------------------ I see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest malware; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article.Backdoor Warning------------------------------ One or more of the identified malware is known to use a backdoor, that allows attackers to ... Read more

9 more replies
Answer Match 24.36%

I too was recently infected with XP Security Tool 2010 and I used the fix described on BC. I installed Malwarebytes and FixExe.reg. This seemed to get rid of the problem. But very soon after each time I clicked on any link on Google on Firefox or Internet Explorer I am redirected to seemingly random advertisement websites. I also use Avira Antivirus protection and it pops up saying: HTML/Infected.WebPage.Gen in file C:\Documents and Settings\Network Service\...\2[1].php. If I catch the Avira popup and click remove it will Quarantine. However within 2 to 6 hours it returns.Have copied and pasted DDS.txt log, gmer.txt log, OTL,txt log, Systemlook.txt log and TDSKiller.txt log. Also attached the attach.txt file and gmer(ark) txt file. Sorry, did not untick the IAT/EAT box in gmer. Those are the logs myrti requested from toomuchpoison.Hope I didn't overdue it.Thanks,MajazzleDDS.txt log DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 16:47:53.63 on Thu 04/29/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1915.1050 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\... Read more

A:Infected with HTML/Infected.WebPage.Gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

26 more replies
Answer Match 24.36%

When Windows loads, the "performance monitor" component for the optimizer pro virus calims that 375 items need to be cleaned and potimized. closing it out does not reactivate it. Mcafee also frequently pops up, preventing unwanted software from running. below is a copy paste of frst.txt and atached is the addition.txt file. Thank you.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by teacher (administrator) on RM305-PC (28-08-2015 01:27:23)
Running from E:\
Loaded Profiles: teacher (Available Profiles: Rm305 & teacher)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelpe... Read more

A:Infected with Optimizer Pro and pop says I am infected with viruses

Hello neuropocalyptic I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "th... Read more

0 more replies
Answer Match 24.36%

Hello computer gods,I'm hoping you can fix my problem I've been infected with drsmartload, and I ran smitfraudfix. It said that it cleaned it up but it's still popping up as infected and I'm getting ridiculas adware and project 1 boxes. I will post my "hijack log" and hopefully this is the right forum if not please redirect me. Im looking foward to getting rid of this "Freakin" thing. CheersMSmitFraudFix v2.109Scan done at 20:14:36.00, Tue 10/10/2006Run from C:\Documents and Settings\Magg\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTFix run in safe mode???????????????????????? Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? Killing process???????????????????????? Generic Renos FixGenericRenosFix by S!Ri???????????????????????? Deleting infected filesC:\drsmartload?.exe DeletedC:\WINDOWS\keyboard1.dat DeletedC:\WINDOWS\newname.dat DeletedC:\WINDOWS\teller2.chk Deleted???????????????????????? Deleting Temp Files???????????????????????? Registry Cleaning Registry Cleaning done. ???????????????????????? After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? End

A:Infected With Drsmartload Used Smitfraudfix Still Infected

I will post my "hijack log" and hopefully this is the right forum if not please redirect me.Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Te... Read more

2 more replies
Answer Match 24.36%

Bit of a wierd 1.

Turned on my machine today, went to the toilet and came back and Avast was asking to restart my computer and do a full scan from boot up. I said yes but cancelled it because it was taking too long.

I go look in virus chest and I noticed that tier0_s.dll from my steam folder is sitting in there, and that it was transfered in there today. But where it says "Virus description", it says "--no virus--"

What does this mean? Is it some kind of false positive? Did I screw things up by cancelling the scan?

A:Avast says I have an infected file...which isn't infected

O.k, bit of research and looking on the Avast forums and it looks like it's a false positive

2 more replies
Answer Match 24.36%

Hi I've had a few viruses named HTML/Infected.WebPage.Gen recently and I would normally be able to remove them myself using hijack this. But unfortunately hijack this isn't working for me and is coming up with an error. My anti virus is finding the viruses and I am removing them with the anti virus but they keep coming back.As soon as I click hijack this this message appears:For some reason your system denied write access to the Hosts file.If any hijacked domains are in this file, HijackThis may NOT be able to fix this.If that happens, you need to edit the file yourself. To do this, click Start, Run and type: Notepad ?C:\Windows\System32\drivers\etc\hosts?And press Enter. Find the line(s) HijackThis reports and delete them.Save the file as ?hosts.? (with quotes), and reboot.I have tried to do as it says above but another error message tells me that i am unable to save the file.I then clcik "OK" and then this error message appears:An unexpected error has occurred at procedure:ModMain_CheckOther1Item()Error#75 ? Path/File access errorPlease email me at [email protected], reporting the following:*What you were trying to fix when the error occurred, if applicable*How you can reproduce the error*A complete HijackThis scan log, if possibleIt then produces the Hijack scan, so then I proceeded to fix the files that I think may need fixing which are these files:BHO: thesuperads search enhancer: {b2fe5f61-3eb4-4e22-7c84-f52993635f52} - c:\wi... Read more

A:Infected with HTML/Infected.WebPage.Gen

Ok after reviewing the DDS log I now have removed the virus lol but I still haven't worked out what's wrong with my hijackThis?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, pl... Read more

3 more replies
Answer Match 24.36%

Every 10 minutes or so, a red pop up box appears saying my computer is infected and asks if I would like to remove - it is called PC Security Guardian. Then a minimized window opens and says "PC Guardian has detected suspicious software - click to remove."

There was no data from the GMER scan, so the ARK.txt log will not attach.
DDS.txt Log:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Dunigan at 18:50:36 on 2011-06-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2739 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\syst... Read more

A:Infected with a pop ups saying computer is infected followed by a pig squeel

Hello rallysport1992 ,Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan ... Read more

4 more replies
Answer Match 24.36%

Logfile of HijackThis v1.99.1Scan saved at 4:53:51 AM, on 01/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Opera\Opera.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [VTTi... Read more

A:Was Or Is Infected Infected With Torpig.c.trojan (or The Like)

1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

49 more replies
Answer Match 24.36%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:42:12, on 6.3.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\QuickTime\qttask.exeC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\IP Monitor\IPMonitor.exeC:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\RALINK\Common\RaUI.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\EarthView\EarthView.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla... Read more

A:Infected Wih Html/infected.webpage.gen

Hello Braco and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

1 more replies
Answer Match 24.36%

Hi,
I have tried a few different anti virus downloads to try and rid my computuer of the virus to no avial. Even purchased one which I know now was also a fake.

Please help.

Rick
 Rootrepeal_report_08_30_09__20_35_13_.txt   5.08KB
  2 downloads

A:Infected with Fake virus infected pop ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 23.94%

I'm at the end of my rope here. A "friend" gave me her computer to clean up. The thing was so full of malware it was unbeliveable. I've got most of it, but there is this one nasty bit of adware "Cool Web Search" that remains... I've tried running the latest versions of Ad aware, Spybot, and CWShredder. They seem to find and remove the cool web stuff, but when I shut down and start up again, it's back. I've gone to the trend micro site, but I keep getting a .dll error when I start downloading the definition files.

When I shut down, the machine hangs and tells me that it is waitng for a response from "Win Min".

It also occasionally freezes on startup, leaving me with a blue screen and a mouse pointer stuck in the middle. (This seems to be mitigated somewhat if I move the mouse around during startup!)

The log file from this machine is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 25/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DE... Read more

A:Infected Windows Me PC Hangs on Shutdown - "Win Min" infected with Cool Web Search

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.


How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/... Read more

15 more replies
Answer Match 23.52%

Hi
As my title suggests my bro's laptop has this annoying infection.
I have Avira like my logs will say and the infection seems to be in a firefox profile. (Can I reinstall Firefox to fix my problem?)
I use Firefox but my brother IE 8 (and so IE is default).
At random times and when connected to Internet, a popup appears with usually
a scanner showing you its scanning your computer or ad for bad, virulent AV software. I know it's bad so I click
the X button in corner and it will go for a variable amount of time.
Avira btw cannot get rid of it and in fact does not even find it after scanning with maximum options.
This also happens sometimes much rare tho: A message appears telling I have an infected computer and wants me to press OK and scan using IE. I click X and once it opened IE with scanning screen. I click X ASAP.

One more issue: Firefox sometimes will say "Firefox has stopped working.."
and that it will close. Right away a balloon pops up in tray telling me the browser was closed to protect me from Data Execution Prevention.

Avira sometimes at random times pops up saying Virus or unwanted program was found, right? It asks me what to do with this file.
Move to quarantine
Delete
Overwrite and delete
Rename
Deny access
Ignore

I usually picked delete or deny access
It found the virus in this file:
C:\Users\Piotrek\AppData\Local\Mozilla\Firefox\Profiles\jfyfitzg.default\Cache\34F11269d01

I understand I have Limewire. My brother uses it... Read more

A:[SOLVED] Infected with HTML/Infected.WebPage.Gen HTML script virus

Bump, please

16 more replies
Answer Match 22.68%

Here are a few things that may be relevant to the problem:

1) Computer unable to access certain websites. (Ex: yahoo, facebook, etc.)
2) I did a scan and my computer is supposedly infected with "zlob" and "adware.IpWins"
3) My computer is running significantly slower then a few weeks ago.
4) Tons of random pop-ups that I did not have a few weeks ago.
5) Full system Scanned with Lavasoft's Ad-Aware but problem persists.

Here is my HJT log:
--------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:18 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG... Read more

A:Computer infected with spyware. Infected with "Zlob"?

11 more replies
Answer Match 22.26%

hello ,
i was infected by virusburst and i did lots of instructions to solve my problem, I used malwarebytes anti malware and it cleaned all infected files but now my problem is the internet explorer still not working and even starting any more,
and in mycomputer each folder opens in it's own window even in options it's marked to open in the same window
but i don't see any fake alert any more ,
I'm using windows vista and now opera browser,each browser that i marked as default browser stopped working(internet explorer and mozilla ) ,
i dont know which kind of log i should post here so i wait for your requests.
i just wanna know if i'm still infected and what should I do ???
thank you for helping me !!

A:I Was Infected By Virusburst.am I Still Infected ?

Hello shimars,I see that you have an HJT log posted here:http://www.bleepingcomputer.com/forums/topic165409.html Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days yo... Read more

1 more replies
Answer Match 22.26%

I think my computer is on a couple different botnets, and i wouldn't be surprised to see other viruses =/Any help your be greatly appreciated.Edit; sorry, i didn't see the rule of what virus i had was supposed to go into the title untill it was too late Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:58:11 PM, on 6/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Digital Media Reader\readericon45G.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files&#... Read more

A:Desktop infected/ Infected with a bot

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

20 more replies
Answer Match 22.26%

I recently replaced my old desktop with a new desktop and when I made the switch the old computer was infected... here was the thread
http://www.bleepingcomputer.com/forums/t/615738/flashplayerexe-virus/
 
My new desktop attempted to download the flashplayer.exe file but was stopped by chrome. However, there was a file (crownload something or other and malwarebytes did remove this file.
 
Today on the new desktop, I had a popup that said URGENT CHROME UPDATE.  I immediately hit ALT F4 to close out chrome.  The fact this popped up makes me suspicious that something is still not right or this computer is infected.
 
Any help is appreciated. 

More replies
Answer Match 22.26%

Hi I have posted to this site and have recieved great help and I am now suffering some issues again. After I recieved help last time everything was ok and then I started having problems so I just switched hard drives. I am now back on my hard drive and reset it up but now I think my computer is infected again. I have not downloaded any torrents files which was my problem last time. I installed Antivirus and Zone Alarm before going on the Internet and have made sure to only download from CNET as far as I can remember. I don't know what I'm doing wrong to keep getting infected, if in fact I am. So because I had recieved help previously with most of the same issues and with the advice of dell customer service I ran combofix. Here is that log. I have WindowsXP, Dell Dimension 3000, Avast Antivirus, ZoneAlarm. If this is the wrong place to post this could you please point me in the right direction. Thank you so much for your help.ComboFix 10-08-24.0A - Owner 08/25/2010 2:36.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.670 [GMT -7:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\1pdfdec.dllc:\program files\Common Files\Tempc:\program files\Common Files\Temp\Love's Power Mahjong SETUP.... Read more

A:Still Infected/Re-Infected, Combo Log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

7 more replies
Answer Match 22.26%

My laptop got infected and I've slowly been able to clear most of viruses out of the system. Each time I clear something out, something else shows up the minute I try to get online. The last scans I've done haven't picked up anything else but I'm still getting redirected to other sites every time I try to perform a search on the internet. I don't know how to find what's causing it now.
 hijackthis.log   11.51KB
  0 downloads Help please!!!Tried running scans again, still showing clean but I got this message from norton, "An intrusion attempt by wwww.angrye.in was blocked" After I did the scan I went online to test out to see if I was still getting hijacked, that's how this message popped up. It also said, "The attack was resulted from \DEVICE\HARDDISKVOLUMNE2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" Help!!!EDIT: Posts merged ~Budapest

A:Infected,Removed and still Infected

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 21.42%

Hi, this is my first time posting here.

I'm running Windows XP Pro SP2, and my computer has a virus that, at first, was giving me a tool-tip-like message from the system tray saying "Your computer is infected! ..." and something about installing a scam antivirus program. I've done a lot of searching for this issue and have seen many cases of it. Posts on other forums offered specialized programs like "Smitfraudfix.exe" and others that I was unable to get to work.

I've updated my Java (which stopped the annoying "Your computer is infected!" popup), removed my Temporary Internet Files, and run Avast! and Avira every time I restart my computer, but each time there seems to be malware that needs removed. Can someone please help me clean this virus / trojan off of my machine completely?

Thank you for your time, here is a HJT log from the time of this post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:53 PM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files... Read more

A:"Your computer is infected!" Popup message. Computer infected with Trojan

16 more replies
Answer Match 18.06%

Hi,
Thanks in advance for your help.
My daughter uses this computer and I have no idea what she may have gotten in to.
I am running Windows 7 Home Premium.
I have McAfee Total Protection.
McAfee has detected and quarantined or removed various threats.
I have also been using Malwarebytes over the years, but had not run recently.
I recently tried to run malwarebytes and it will not update and then windows gives me an error with a Problem signature:
 Problem Event Name:    APPCRASH.
I went to malwarebytes forums to try to figure it out, but it led me back to BleepingComputers, so I figured I would continue here. You folks have helped me several times over the years and for that I am grateful.
Again thanks for any help you can provide.
Alan

A:Am I infected

Hi margolisI have also been using Malwarebytes over the years, but had not run recently.I recently tried to run malwarebytes and it will not update and then windows gives me an error with a Problem signature:There is a new version of MBAM out now.To avoid any possible conflicts, i suggest you remove the old version and then reinstall the latest version.Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.Restart your computer (very important).Download and run mbam cleanIt will ask to restart your computer (please allow it to).After the computer restarts..........Download Malwarebytes Anti-Malware Free and save it to your desktopDouble click the desktop icon, click Run, then OKClick NextSelect I accept the agreement then continue to click Next then finally click InstallA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the programClick FinishIf you are notified the Database is out of date click Update NowClick Scan Now >>A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes..(Copy to clipboard for pasting into forum replies)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab >> Applic... Read more

34 more replies
Answer Match 18.06%

Please review my HJT and Avira and let me know if anything looks suspect. My computer has been booting and shutting down extremely slowly. Also Avira has found 2 hidden objects. Thanks for your help in advance XD. Here are my scans:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:16:20 PM, on 7/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\e... Read more

A:Am I Infected?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

15 more replies
Answer Match 18.06%

System is running slow.  Browser startup page keeps going to a search screen titled Tuvaro instead fo yahoo.com.  Malwarebytes suddenly will not run.  Malwarebytes services that are set for auto/start are listed as terminated and will not allow a restart.  Trend Micro finds nothing in its scans.  Eset online found several items (quarantined).  Super-Antispyware found several hundred things(all quarantined).  Yet, the problems sill exist.  Please advise.

A:I think I am infected.

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

17 more replies
Answer Match 18.06%

Hi,
I'm having the same issue that I described in my other thread: http://www.bleepingcomputer.com/forums/t/540642/infected-rundll32-file/
While I'm not experiencing any problems with my computer right now, it still seems that there may be some sort of malware on it, and I would like to get rid of it. 
 
 
Here is a link to my DDS log: http://pastebin.com/s0f8sFtX

A:Not sure if I'm still infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541834 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

19 more replies
Answer Match 18.06%

My virus protection keeps finding a bgotrtu0.dll file on restart and removes it. Anyone help me with removing whatever is creating it? I have XP Pro with all service packs up to date. F-prot virus, malwarebites & superantispyware up to date as well.
Pearldiver57

A:Am i still infected?

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

1 more replies
Answer Match 18.06%

My machine is suffering from a bug of some sort that won't allow my Zone Alarm Security Suite to run, won't allow regedit to run, won't allow hijackthis to run, etc, etc. The apps start but stop after a brief glimpse of their startup window

I have run Spybot and it revealed a number of potential issues. the ones that seemed to be important were Microsoft.WindowsSecurityCenter_disabled, Microsoft.Windows.RedirectedHosts. these are removed but come back. The internet explorer homepage was also changed

I have attached a log file after downloading and running ComboFix

Can anyone help?
 

A:?? Infected

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

2 more replies
Answer Match 18.06%

I'm not sure what happened but... today I downloaded from a P2P service. u_u Yeah, I know but I didn't think anything would happen as always. So the file itself was really big but I didn't install it at all, just extracted it. I was going to install it and block sites using my HOSTS File, etc but then I had to leave. So I turn off my computer for a few hours then come home to a message saying my hard drive has limited space. So I check it and I had about 2MB left on my 48.8GB hard drive which was weird since I'm sure I had upwards of 20 before I left? Don't quote me on it but I know there was a lot of room. So I delete the exe file that I downloaded to free up some space and managed to get 5GB of free space... but that's still not that much.

So I'm not sure if I'm infected with something that filled up my hard drive? Or... I'm not sure but I really just want to check and make sure nothing abnormal is going on.

A:Am I Infected?

Anyone to help? I'd really like to check to see what's going on...

2 more replies
Answer Match 18.06%

I shall try to make this brief. Sunday Morning my son's computer crashed. We have Verizon Security Suite on this system, which is an e-machine running Windows XP. Just a note, before Verizon it was AOL's. Verizon's anti-virus quarantined a virus called "backdoor". Re-ran scan, came up...ha ha....clean. Reboot...come up mit message ConsumerInputUA.exe BadImage DLLC:\Windows\system32\mcenspc.dll not valid windows image. Okay, call Verizon Tech, with a few very choice words, because of what I had read on this site, and they had run Anti-malware, Hijackthis smitfraudfix.2 and Superantispyware. Please don't hold me to the order the guy ran these...I am not sure...Sorry! But I do know that 8 trogans were found, again. Sorry! I don't know which ones, and 1 Adware. But I do know that after they had run Superantispyware...this message came up #2768:aolsoftware.exe fail to start because tai2.dll was not found. And now, every start-up the numbers change, but the message stays the same. The numbers are #1448, #2768, #1224 and #1704...all with aolsoftware.exe. And no, we don't run AOL anymore, my son uses Firefox and Verizon is the DSL. And yes, I did call back Verizon on this issue on Monday...they have not gotten back. I did download and run ccleaner...didn't work. Any help on this matter would be greatly appreciated and please remember I am not a computer nerd!, just an old hippie trying to learn...Peace and Thanks&#... Read more

A:Am I still infected?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

26 more replies
Answer Match 18.06%

Can someone analayze my logs
 
Mod Edit:  Sent "now that you have posted" content in PM - Hamluis.

A:Help i think my pc is infected

Hello kalapurkki,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure al... Read more

20 more replies
Answer Match 18.06%

Highjack This Log, from the Administrator Account, in safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 4:55:19 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\MISC\S&D-esque prograns\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: ViewSource Class - {85DDD882-701E-401B-8A7D-D51227048214} - C:\Program Files\Internet Spy\iewatcher.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Mes... Read more

A:Am I Infected?

Highjack this log from my actual account, with admin powers. Sorry for delay in posting thing, had a bad storm, and our internet went out!Logfile of HijackThis v1.99.1Scan saved at 8:34:04 AM, on 6/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\RRIM\aim.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\WINDOWS\system32\taskmgr.exeG:\MISC\S&D-esque prograns\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eqoa.allakhazam.com/forum.html?forum=18O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1 ... Read more

2 more replies
Answer Match 18.06%

Hello
 
I just formated my laptop and repartionned the hdd, I reinstalled Windows 7 Ultimate, but my pc take a several time too boot.
 
Below my Configuration and time to start windows
 
Config Speecy
 
 

 tempsdemarrage.jpg   18.58KB
  0 downloads
 
Thanks a lot
 
 
 

A:Maybe Infected, please can you help me

Plese find Bellow DDS Log and Attach.TXT
 

 attach.txt   8.98KB
  0 downloads
 

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Hicham at 22:27:33 on 2014-07-27
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8073.2314 [GMT 0:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost... Read more

13 more replies
Answer Match 18.06%

Hi,I was infected with something that caused redirects of websites. I was able to (hopefully) removed it with Malwarebytes Anti-Malware (no more redirects). However, I still think I am infected with something because my system is really slow. Also, when I tried running Gmer in Safe Mode (I tried running it in Normal first but it just froze), a blue screen popped up with a message saying something like "ulpqdow.sys" is causing an error or something (it was really really fast) and then the system restarted. Am I infected with something and if so, how do I remove it? Also, did this "thing" came from Azureus ? The Azureus folder was modified this morning but I havent used it in months.Thank you very much for your help in advance. Here are the requested logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by bin at 11:53:02.30 on Fri 08/06/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.880 [GMT -7:00]SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\Windows ... Read more

A:Infected with something

Hello bintWelcome to BleepingComputer What are the symptoms that you are having?==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

23 more replies
Answer Match 18.06%

Hi,I have used various anti viruses (ad aware, bit defender, house call and kaspersky) and now SuperAntiSpyware but I still get reoccurring root viruses when doing scans. I ran McAfee Avert Stinger as well. I also get detected: riskware Mass-mailer software Running process: C:\WINDOWS\Explorer.EXE when doing a scan with Kaspersky Anti Virus.PLEASE HELP. Here is my HiJackThis Log.Logfile of HijackThis v1.99.1Scan saved at 23:11, on 2007-07-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Ahead\InCD\InCD.exeC:\WINDOWS\system32\SHVRTF.EXEC:\Program Files\Logitech\MediaLife\MediaLifeService.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files ... Read more

A:Please Help - Am I Infected (here Is My Log)

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

23 more replies
Answer Match 18.06%

I been having issues with my computer slowing down terribly when ever i load and stream videos or games. I have done just about everything. I did whole computer scan including locked files and it showed that they were over 100 infected but low risk but AVG wouldn't dispose of the threats because of how low risk they were. I looked into the problem with AVG and they said to redo the scan without including the locked files and that showed that my computer was clean, but it still does not perform as it should. I have use malware programs jrt scannow pc boost software and nothing has helped. If there is anything I can do to help solve this issue is would be greatly appreciated.

A:I Think im infected

http://www.bleepingcomputer.com/forums/t/518596/multiple-com-surragate-slowing-down-computer/
This is where i started

19 more replies
Answer Match 18.06%

Computer is acting very strange. NOD32 found something, I thought it quarantined it but it doesn't seem to be the case. Here is the log, thank you for checking it.Edit: Forgot to mention. Scans with some spyware software found Virtumonde and supposedly removed it, but doesnt act like it. Computer cant reboot normally, has to go to last good know a couple times before it finally boots.Logfile of HijackThis v1.99.1Scan saved at 9:12:46 AM, on 7/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\Sonysys\VAIO Recovery\reminder.exeC:\Program Files\SONY\sHotKey\sHotKey.exeC:\WINDOWS\System32\ezSP_Px.exeC:\program files\support.com\client\bin\tgcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Windows Media Connect 2\WMCCFG.exeC:\Program Files\Ad... Read more

A:Am I Infected?

Hello lady bug,

Sorry for the delay, it's been pretty busy here lately.
If you still need help, please post a new Hijackthis log, I'd be happy to take a look at it for you.

2 more replies
Answer Match 18.06%

I left my computer open one night. When I woke up, someone was opening, closing the folder, pictures etc on my computer. I panicked and shut down the computer. Then, I scanned with a bunch of antivirus programs. Some of them found some malwares and some of them didn't. Of course, I couldn't trust it anymore. I formatted just disk C. By the way, I was purchasing online. Is my credit card in danger?
Anyway, I set up Avast and MBAM after recovery and I scan my computer regularly. However, they sometimes detect viruses(the last ones are svchost.exe and audiobg.exe) and deleting or moving to quarantine. I guess the virus cannot be defeated. What should I do? Are the virus located in disk D? If I format the whole computer(both disk C and D), can I trust it? Thanks.

A:Infected

MBAM still found something in svchost.exe. Isn't there anybody who can help?

24 more replies
Answer Match 18.06%

here is the logs
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by jol at 12:22:42 on 2014-07-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1033.18.8157.6498 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork... Read more

A:I think im infected bad

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542600 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 18.06%

hi i am not very technical thank you in advance for any help you can offer. this is what is coming up BV:AutoRun-J [Wrm]

i have the logs that u say to keep but it wont let me attach them, oh god i hope i have done this right, please dont shout at me if i havent

regards

PaintedRose

A:Help I am infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

2 more replies
Answer Match 18.06%

Moderator Elvandil asked me to post my problem here to rule out the possibility of my computer being infected. Please follow the link below to read the XP crashing problems I've been having. I really appreciate your help.

http://forums.techguy.org/windows-nt-2000-xp/618003-progam-crash-windows-xp.html
 

A:Am I infected???

6 more replies
Answer Match 18.06%

Hi all,A couple of days ago while on the net I had the following registry change request from Spybot, which I denied.27/05/2011 20:06:31 Denied (based on user decision) value "YI9B2F0F3H9GVYWVTSWQVMO" (new data: "C:\systemhost\systemhost.exe") added in System Startup user entry! This followed Kaspersky (not updated - I know I should have) quarantining x5 'unknownthreat UDS:DangerousObject.Multi.Generic on the 22nd and 23rd of this month.Further google searches on 'systemhost' took me to this site and some worrying reading. Aside from a couple of unsuccessful attempts for me to link with Firefox browser everything so far seems to be running smoothly.Spybot Search & Destroy found nothing untoward.Installed MalwareBytes - ran and nothing found.Installed and ran SUPERAntiSpyware - 5 tracking cookies found and deleted.I've also installed and ran DDS and GMER as recommended elsewhere and logs are saved if necessary.Oh yes I forgot I am using Windows Vista. Anything to worry about?Hope somebody can put my mind at rest,Jensen

A:Infected ?

Anything untoward happening at all?

BTW these requests from Spybot search and destroy should be ok, a very trustworthy program.

4 more replies
Answer Match 18.06%

not sure if i am infected or not but noticed over a 2 weeks ago that i am losing anywhere from 500mb to 2.5gb of free space on both my internal and external hd's. i have looked through the folders on the external (fewer folders/easier) and could not find anything with that days date on it.
thank you in advance for your attention,
travis.

A:i think i am infected?

Hello let's see if an MBAm scan reveals something...Next run MBAM:Please download Malwarebytes Anti-Malware (v1.35) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

5 more replies
Answer Match 18.06%

I constantly keep having pop ups from mcafee regarding virus protection

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by VMarie at 8:33:39 on 2014-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1023 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* signature-cached-Wed, 18 May 2016 20:30:52 +00008
SP: Windows Defender *Disabled/Updated* signature-cached-Wed, 18 May 2016 20:30:52 +00007
SP: Microsoft Security Essentials *Enabled/Updated* signature-cached-Wed, 18 May 2016 20:30:52 +00006
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\7B0A8368-1A6F-48A5-B23... Read more

A:infected but not sure with what

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by VMarie at 8:33:39 on 2014-08-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3559.1023 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* BOTTOM BUTTONS 2
SP: Windows Defender *Disabled/Updated* BOTTOM BUTTONS 1
SP: Microsoft Security Essentials *Enabled/Updated* BOTTOM BUTTONS 0
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\windows\system... Read more

13 more replies
Answer Match 18.06%

http://www.bleepingcomputer.com/forums/topic400297.html/page__p__2267701__fromsearch__1#entry2267701

More replies
Answer Match 18.06%

Hi , I keep getting this adobe update thing , I had clicked ok then I get a bynch of optimizer/speed up your computer etc stufff, I ran malware and it got rid of it then the adobe thing keeps coming back  screenshot
 
cant see the screenshot?  how to post it??

A:think I am infected

Hi conanpriority -
Just try these programs first -
Please print or save these instructions so you do not lose them -
 
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If any security program requests permission to access the Internet, allow it to do so.
 
Next -
Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -
Important: Do not reboot your computer until you complete the next step.
 
Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].t... Read more

26 more replies
Answer Match 18.06%

hey friends! i wonder what happen to my com. it change my destop pic to none. eventhough i've set my own destop pic, it change it back to black after awhile. what happen ? T.T

A:am i infected?

Hello! Did you try to change it back via desktop properties?

Is your computer running rather slow, any other weird signs, or a specific action taken by your security program(s)?

3 more replies
Answer Match 18.06%

Logfile of HijackThis v1.99.1Scan saved at 10:14:35 AM, on 6/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Yahoo!\Antivirus\ISafe.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\Antivirus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program... Read more

A:Not Sure If I'm Infected Please Look At Hjt Log And Let Me Know

Hello,First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG Antivirus and Yahoo Antivirus.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninst... Read more

8 more replies
Answer Match 18.06%

Ok so my bitdefender went down and noone of my shields were active for some reason and i had to reboot to get them back up.. Then eventually i noticed a www.secure.exe running in the background, so im not sure exactly what to do or if anything else is on my maching, of course bd says nothing but ya..Here is my log any help is appreciated.!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:56:06 AM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThreatFir... Read more

A:Infected?

And i was also trying to figure out what anti spyware to get so thats why yo might see a few, they are trials, and they are uninstalled now. Webroot found two things, but before the scan as done (not that it could remove) my comp rebooted, then i uninstalled, and decided to post here instead...
 

1 more replies
Answer Match 18.06%

Logfile of HijackThis v1.99.1Scan saved at 04:47:11 p.m., on 06/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARCHIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\slserv.exeC:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ar.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ar.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V?nculosR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-... Read more

A:Infected Pc! Help

Welcome to the BleepingComputer HijackThis Logs and Analysis forum macaronij My name is Richie and i'll be helping you to fix your problems.Download KillBox,unzip/extract it to your desktop.http://download.bleepingcomputer.com/spyware/KillBox.zipStart up Killbox and place a check in 'Delete on Reboot'.In the 'Full path of file to delete' box,copy and paste:C:\WINDOWS\system32\dmdskmgb.dll Then press the red button with the white cross.It will then provide a window for you to confirm the delete.Next it will ask if you now wish to reboot,select YES.Allow it to reboot.If it does'nt reboot automatically,reboot manually.****************************Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf then click on 'Install'.After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.****************************Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* I... Read more

5 more replies
Answer Match 18.06%

I'm going to state right away that I'm not a very computer literate person. So even the Preparation Guide for Requesting Help is totallymind boggling to me. I'm to terrified to use these programs because I have no clue how to properly use them, and I am a klutz.When I start my desktop up my Desktop icons are not matching up to the program name it's like some one played scramble with the iconimages. That and certain programs once I open them will not minimize anymore I have to manually do it.Also in my Task List: It's showing 65+ processes. Is this considered abnormal?Also I noticed a program on my program list I don't even remember downloading/installing, which is called Performance Solution Hotrevenue.Please help me.Thanks

A:Infected?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies