Over 1 million tech questions and answers.

The Agony Of My Malware Infections

Q: The Agony Of My Malware Infections

I have read other forum topics about the problem I am having (a blinking red icon in my windows quickstart menu). I continually have the process cool.exe popping up and it's making a strange "clicky" sound from my cpu-- sort of like the sound you get when you're about to access dialup.Anyhow, I'm a Master's student at a major Canadian university and it's not helping my thesis that I have these constant ads popping up and these malware problems.Any help would be appreciated greatly! Thanks!Logfile of HijackThis v1.99.1Scan saved at 7:05:19 PM, on 18/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Prevx1\PXAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ishost.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\system32\ismini.exeC:\Program Files\Lexmark X74-X75\lxbbbmgr.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Lexmark X74-X75\lxbbbmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\PowerISO\SCDEmuApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Prevx1\PXConsole.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\{BC8C69A0-095F-1033-0311-030211030002}\Update.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\DOCUME~1\Tom\APPLIC~1\MANTEC~1\netdde.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exeO4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exeO4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdoh.dll,startupO4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"O4 - HKLM\..\Run: [fluaopb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fluaopb.dll,lxuojybO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Dsss] "C:\DOCUME~1\Tom\APPLIC~1\MANTEC~1\netdde.exe" -vt yazbO4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimizedO4 - HKCU\..\Run: [Kysiqhum] C:\Documents and Settings\Tom\My Documents\??pPatch\n?tdde.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cabO18 - Protocol: bw+0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: offline-8876480 - {EDB532AD-F812-4C24-8BB1-6F90CE62F01D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exeO23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

RELEVANCY SCORE 200
Preferred Solution: The Agony Of My Malware Infections

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: The Agony Of My Malware Infections

You have no active AntiVirus!Get the free AVG 7 install it, check for updates and run a full scanAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/========================Add remove programs - remove logitech desktop messenger==================You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning: running option #2 on a non infected computer will remove your Desktop background.=============================1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exehttp://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall===========================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".6. Under "Reports"o Select "Automatically generate report after every scan"o Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".4. AVG will now begin the scanning process. Please be patient as this may take a little time.Once the scan is complete, do the following:5. If you have any infections you will be prompted. Then select "Apply all actions."6. Next select the "Reports" icon at the top.7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.Post the log from AVG and a new HiJack log

Read other 11 answers
RELEVANCY SCORE 47.6

Deckard's System Scanner v20070826.66
Run by Chad on 2007-08-31 01:43:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2007-08-31 05:44:01 UTC - RP188 - Deckard's System Scanner Restore Point
30: 2007-08-30 08:34:58 UTC - RP187 - Software Distribution Service 3.0
29: 2007-08-30 06:47:12 UTC - RP186 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
28: 2007-08-30 03:18:06 UTC - RP185 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
27: 2007-08-28 23:30:38 UTC - RP184 - System Checkpoint


-- First Restore Point --
1: 2007-08-07 21:29:00 UTC - RP158 - Installed Windows Media Player 10


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Chad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:03 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\l... Read more

A:OH the Agony of pop-ups!

Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Now, start the computer in Safe Mode:When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Also download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 46.8

Despite my efforts to maintain a clean and safe computer, something miserable has bitten me. I'm not entirely sure what the issue is, but I know something unusual is going on.

Here are some signs and symptoms ...

Recently, after periods of unattended downloading, I would lose internet connectivity. The only way I could regain connectivity would be to reboot. Reboot would take what felt like forever. Sometimes there would be a windows dialogue box asking for login credentials for dial-up, which is odd considering I am not on dial. Recently, it has been discovered that all boot ups are agonizingly slow with apparent lengthy periods of inactivity (ie hard disk activity, or even a signal being sent to the monitor) On average, 4-5 minutes to boot up.

Today, while surfing, my AVG anti-virus went crazy picking up immediate virii from websites that were appearing out of know where. Bam Bam Bam Bam! A new virus infected webpage auto opens and is caught by AVG. There was also an unusual blue webpage titled windows critical update that could not be closed. I use Firefox, not IE, but if I recall, these websites may have been hosted by IE.

I have randomly been asked on occasion to shut down.

I have lost ability to access regedit (says the administrator has removed privledges, even in safe mode as the administrator). Even known workarounds commonly available on the internet have failed.

I am unable to run Adaware ... it says it's already running, when it's not ... that I ... Read more

A:Agony With wmpscfgs.exe

Kaspersky Labs Online file scanner has identified the file wmpscfgs.exe as being infected with Trojan-Dropper.Win32.Agent.bsmw .

There is very little reference material online regarding this virus.

Since posting original message, I have scanned again with onboard AVG virus can, and online Housecall scan. Both identified several other virii, but not the one in question. These secondary virii were removed as part of the scan process.

Read other 6 answers
RELEVANCY SCORE 46.8

I hope someone out there will help me! I have this Movieland thing going on and it's driving me nuts. I read Jelly_tots post earlier today and followed the advice as far as the HijackThis log, but now I need to know what to do from here!! Please help me! The log is below:
Thank you!!

Logfile of HijackThis v1.99.1
Scan saved at 5:00:19 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MediaPipe\MPTray.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\MediaPipe\DownloadManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Pack... Read more

A:Movieland agony

Read other 7 answers
RELEVANCY SCORE 46.8

I ran chkdsk when starting windows and it has been running for two days and no end in sight at all! What to do? And i desperately need a laptop.

Please help!

Read other answers
RELEVANCY SCORE 46.4

Hello selvamaniWelcome to the Bleeping Computer Malware Removal ForumDownload random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

A:Malware infections

Due to inactivity, this thread will now be closed.

Read other 2 answers
RELEVANCY SCORE 46.4

HiDespite running just about every kind of adware and spyware removal software, not to mention Norton AV, adware, spyware and a trojan called abwiz keep turning up. I presume that something is lurking that is prompting these things to be re-installed. Every so often, when on line, I also get some spurious softare called something like windows anti-spyware trying to install itself.I have run hijack this and the log is pasted below. Can anyone help?Logfile of HijackThis v1.99.1Scan saved at 09:26:43, on 01/08/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\PROGRA~1\COSIDS\BIN\TbMux32.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Conversions Plus\FORMATM.EXEC:\Program Files\Norton AntiVirus\navapsv... Read more

A:Malware Infections

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also, Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

Read other 10 answers
RELEVANCY SCORE 46.4

Hi there,My computer has been infected with what seems to be endless amounts of trojans, spyware and viruses. I first noticed my computer was sluggish and slow. I had Norton Internet Security for 5 years and switched to AVG a year ago. AVG did not find much, and I just recently installed Panda Security.I know I recently had the Virtumonde virus, Smitfraud, and some sort of a backdoor trojan. When I open certain folders, I receive a message saying "Windows Explorer needs to close unexpectedly". Also, when I try to run Trend Micro's online scan, my IE7 window closes immediately.Panda's online scan found 3 viruses which it removed. I also installed Stopzilla and NoAware, which also apparently removed quite a few.Also, sometimes, when I'm browsing in Seamonkey, my page gets redirected to another page and a pop up occurs and I'm asked to download some software to clean my computer, etc.I'm sure my computer is infected but how now how to fix the problems. Please help. Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:36 PM, on 27/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Anti... Read more

A:Malware Infections - Please Help!

Hello freelancer-mountain,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 46.4

Greetings. I work for a public school district which issues PC's to some students. Needless to say, they get viruses. In order to become more proficient at removing malware, I'd like to deliberately infect Win XP test machines (which I can restore from Ghost images) with common, hard to remove malware. Any suggestions on how to do this? I'd prefer to locate & install specific malware, rather than just go surfing with an unprotected PC and see what it catches.

For example, I just spent two days removing the H8SRT trojan (Rootkit.TDSS) from a student PC. I'd like to infect a test machine and repeat the process in order to better streamline and document the removal process.

Thanks. -BB
 

A:I want malware infections...

I'm afraid your not going to get advice of how to infect machines here

As you can imagine others will take the advice and information and use it for different purposes - imagine your students reading this post ......... and learning how to infect PCs

Also - the malware Gurus work very hard cleaning PCs and would not more PC to clean - its a very busy forum as it is.......

you can do a course on
http://www.geekstogo.com/forum/Would-you-like-to-learn-to-fight-malware-t4817.html
http://malwareremoval.com/forum/viewtopic.php?t=233&sid=a663bc062f24ad03020babcd56b41b51
http://www.malwareremoval.com/
 

Read other 1 answers
RELEVANCY SCORE 46.4

Have followed the preparation guide for posting HijackThis Log. I have cleaned my temp files and Ad-Aware scane also Spybot. I use current Trend Micro as my anti-virus program. My problem is multi infections unable to remove. Listed below is my Trend Log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:56:45 AM, on 10/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dlbxcoms.exeC:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nusrmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog... Read more

A:Malware Infections

Hello pfeipl,Welcome to Bleeping Computer I hate to the bearer of bad news but, your log shows a very dangerous Trojan is residing on your PC.The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP. The Trojan downloads and executes additional files from a remote site. Configuration files may also be downloaded which define further behaviors.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I ReinstallShould you decide not to follow that advice, we will of course do our best... Read more

Read other 18 answers
RELEVANCY SCORE 46.4

I AM GRATEFUL TO ALL WHO HAVE HELPED ME. I AM STILL HAVING TROUBLE
I INSTALLED MALWAREBYTES MALWARE REMOVER
IT SCANNED AND HAS A LOG
EACH TIME I GO TO THE LOG PAGE AND CLICK THE BUTTON ON THE BOTTOM IT BRINGS ME TO iTUNES
iT SEEMS AS THOUGH IT IS TELLING ME ALL MY PROBLEMS ARE IN ITUNES.

MALWARE BOT IS STILL LISTED IN MY SECURITY PANEL I AM USING W VISTA HOME PREMIUM
I ALSO DO NOT KNOW HOW COPY THE LOG TO POST. SORRY

A:MALWARE INFECTIONS

Welcome to BCSimply copy the log and paste it in the text box when you post a message. Here's a tutorialhttp://www.wikihow.com/Copy-and-PasteRun Malwarebytes again. Update it first, then click the FULL Scan button

Read other 1 answers
RELEVANCY SCORE 46.4

Hey i got alot of messed up stuff going on and getting installed so i wanted to see if you guys could check out my HJT log. an example is mgrs.exe plus alot of IE pop ups. like outerinfo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:37 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\mgrs.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\SecCenter\scprot4.exe
D:\WINDOWS\system32\ygrgmhsi.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\COMMON~1\ICROSO~1.NET\spoolsv.exe
D:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\s?stem32\d?dplay.exe
D:\WINDOWS\explorer.exe
D:\Program... Read more

A:Some malware infections plz help

Read other 9 answers
RELEVANCY SCORE 46.4

i'm a university student using win XP 2002 professional, service pack 2.
A series of false security warnings have been appearing on my PC.

Security Warning!

Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recomendations: Click Yes to remove it from your PC immediately

and

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protection.

I also get my browser advertisement window filled with porn and
I get 3 unwanted links placed on my desktop:

Privacy Protector
Spyware & malware Protection
Error Cleaner

which I cannot delete. i have mcafee antivirus, but can't help.
my browser home page keeps being changed from google to ultimate cleaner 2007 and others. could an analyst please help me.
thanking you in advance
mushota

A:need help on malware infections on my win xp sp2

Welcome to TSF

Sorry for the delay


Please download SmitfraudFix
to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 7 answers
RELEVANCY SCORE 46.4

Hi all, after loosing my desktop Medion PC - maybe consecutive to audio folder downloaded + win media player plugin download (post in Vista forum)- now the VAIO lapton win can't start windows. Can't remember how to satrt in safe mode and then what should I do. PLEASE HELP, urgent all my work is stock in these 2 PCs. I only got one PC left.
Thanks Thanks Thans for URGENT HELP>
 

A:Solved: laptop in agony

Read other 7 answers
RELEVANCY SCORE 46.4

can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.

A:sound card agony 2

Originally Posted by glennpalmore


can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.



Hi Glenn, Welcome to the Forum.

The best answer here is probably to buy a new sound card

Pooch

Read other 2 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:Hard drive agony -- please help

Why can't you use the Data Lifeguard Tools diskette that came with you WD HD? I just put a new WD in last month and I only formatted the new drive before copying over data.
 

Read other 2 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:hard drive agony -- please help!!

I had a Western digital and a Maxtor HDD together in a system a few years ago. I can remember that they didn't both work together. Since then, I have sort of become brand loyal and only use Maxtor (Western digital and most others are just as good)-I don't mix hard drives. Most drives will work together but occasionally you get two that don't and you can avoid the possibility of this by just using one brand. If this is the case, then you might be able to put them both on different IDE channels long enough to transfer files.
If it isn't brand compatability, then check to see (in cmos) that your unrecognised drive is using the same access mode as it was before when it worked, probably LBA. If it is somehow set to a different mode, then what you described is exactly what happens.
In event of a corrupted partition, you may need to buy some partition salvaging software. One peice of software you can get for free usually on the Maxtor site is Maxblast, which runs on DR. DOS (one comes with each new boxed HDD too, if you still have it somewhere). If you download this HDD installation disc, and put it on a floppy it will give you a lot of great utilities to install and troubleshoot Maxtor hard drives.
One more thing to check is the cable. I have had ribbon cables that had one wire break somewhere and even though the drive continued to work, funny things would happen. You do have the proper 80 pin (not 40 pin) IDE cables, right?
 

Read other 2 answers
RELEVANCY SCORE 46.4

Hello Peeps,    I just received T520 package today and my excitement suddenly turned to grief when I saw a bright glowing red dot on my screen. OMG... a dead pixel right out of the box! Did I just drop my hard earned grand that I have been saving for months on something that would bug me for the rest of the products life?    I quickly searched Lenovo's dead pixel policy and almost fainted when I found out the unit has to have at least 3 dead pixels to be considered for replacement noooooooo...wahhhh....boohohoho..sob       Why did they ship out a unit with dead pixel??? I'm pretty sure it was NOT missed by QA because it glows like a laser beam in the dark and a dead pixel would not develop while in transit!           I'm going to contact Lenovo post sales tomorrow and really hoping something can be done. I know some of you will consider this as another guy who got a dead pixel rant, but man, when someone spend this amount of cash, and I'm not rich, I would at least expect to receive a non-defective product. Oh Lordy, I should have trusted my instinct and buy something of this value in a brick and mortar store. Hoping for the best but this night would not be a pleasant one. Sigh,Jason   













Solved!

Go to Solution.

A:Dead Pixel Agony

You just got it and you're not satisfied you can return it.So return it.The End





T520 Model 4239 Intel(R) Core(TM) i7-2860QMbr>; Nvidia NVS 4200M Win 10 64bitZ70-80 I7 - 5500U 16GB GB - 1TB HD Win 10 64bit FHD 17.3", G840 w/2GB

Read other 9 answers
RELEVANCY SCORE 46.4

MS Update installed a Realtek driver that really does not agree with my system. I'm fine with the MS 5 High Def version.

Ever time I g to device manager and programs & features and delete it and spec the MS generic version I'm good for about a minute then the Realtek gets installed. Even after I delete the folder in programs. I am totally stumped here as this version MS is pushing out is really having problems and I cant make it go away.

I have gone to advanced settings and set it to prevent downloading ANY driver updates at all. It keeps coming back.

I've tried just about everything I can find on Google. I'd really appreciate some help on this. It began happening after this past Tuesdays update. I had other issues (now solved) with that update

A:MS Realtek driver agony - please help

The following steps worked for me...
First uninstall the faulty driver, but do not restart your machine until you do the following:

Type"Device Installation Settings" in your Windows search box. A result named "Change device installation settings" should show up.

?Choose No

Once that's done, you have to go into the Windows Update Settings and change it to "Notify Schedule a restart".

Now go ahead and do a restart.

At this point, the driver won't automatically install, but will be listed in Windows Update. Microsoft expects you to install it anyways. What you need to do is hide it from Windows Update. Download the "Show or hideupdates" troubleshooter package

https://support.microsoft.com/en-us/kb/3073930

That tool will then let you see what's in Windows update and you can then hide it from Windows update.

Read other 0 answers
RELEVANCY SCORE 46

came home last night and found my dad had used pc and there were lots and lots of popup screens together with a suspicious icon in the system tray saying 'critical system errors!'. the icon pops up a balloon every few minutes prompting me to download 'virusbusters'. he informed me that he had tried this virusbusters thing which scanned the pc but of course prompted him to buy.i have run mcafee and it detected nothing. also downloaded spybot which detected lots of malware which i removed but a few remain which i cant seem to get rid of including this system tray thinghere is my hijack this log.Logfile of HijackThis v1.99.1Scan saved at 12:40:11 PM, on 11/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exeC:\Program Files\McAfee.com\VSO\oasclnt.ex... Read more

A:Multiple Malware Infections (i Think)

Welcome to Bleeping Computer, marcopolo.* Please download SmitfraudFixExtract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 13 answers
RELEVANCY SCORE 46

I have multiple infections on my laptop running XP SP2. I tried to use MAB but when opening it an error message came up saying "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem". So I uninstalled MAB and tried reinstalling it. Now I see that was a very bad idea! Now I can't open any .exe file. When I log on to the laptop I get the same error message for rundll32.exe.

Any help would be greatly appreciated!!

A:Multiple malware infections

Should have read MBAM not MAB...fingers too fat to type

Read other 20 answers
RELEVANCY SCORE 46

I know you have to be careful when downloading or installing thing from the internet in order to protect yourself from malware but occasionally I'll get it installed without downloading anything. I'll just be browsing when suddenly my browser crashes and when I bring it back up lo and behold I have a new homepage. How does this happen and how do I prevent it in the future?
 
Windows Vista Home Basic
Google Chrome
Firefox (Though I don't ever remember being on anything but Chrome when it happens)

A:Random Malware Infections

In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, and browser extensions which come bundled with other free software (often without the knowledge or consent of the user). They can be the source of various issues and problems to include adware, pop-up ads, browser hijacking which may change your home page/search engine, and cause user profile corruption.  As such they are generally classified as Potentially Unwanted Programs (PUPs) and many of them can be removed from within its program group Uninstall shortcut in Start Menu > All Programs or by using Programs and Features (Add/Remove Programs) in Control Panel, so always check there first. With most adware/junkware it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In most cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings.Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. These tools typically search for and remove related registry entries, ... Read more

Read other 10 answers
RELEVANCY SCORE 46

Hello,I have a very elusive malware. I tried to remove with AdAware, Spybot Search & Destroy, AVG and it seems that it copies itself every time. I have not been able to use the laptop. I appreciate any help you can provide.Here is the HijackThis Log:===Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:44:30 PM, on 2/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.... Read more

A:need help w/ malware/trojan infections

Hello, srd.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksWe need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NEXT:We need to run a GMER scanDownload GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other open programs as there is a slight chance your computer will crash.Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Leaving the settings at default, click Scan.When the scan is complete, click Save and save the log onto your desktop.In your next reply, please include the following:Log.txtinfo.txtgmer.txt

Read other 35 answers
RELEVANCY SCORE 46

Received notification by virus protection program that a Trojan was found and it could not remove it. Tried several things and I believe that the Trojan is removed. However, I have 4 registry infections that remain. Combofix log is attached.

Attached Hijackthis log.

Read other answers
RELEVANCY SCORE 46

Hi Im new here and Im sorry if Im doing wrong by coming straight here to post this - its late and Im stressed
 
Im still using xp
avg and malware bytes are showing Im infected on both my desktop and my external hard drive
Id appreciate any help from your members here
Thank you
Wendy

A:avg and malware showing infections

Hello wendy and welcome.Did they remove or quarantine what was found?Lets also run these and see how you are after.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.D... Read more

Read other 17 answers
RELEVANCY SCORE 46

Please i need your help my computer got infected with a bunch of trojans and malware, its running very slow, it takes along time for webpages to load up, when i boot my computer it takes a long time to get set up and function. In general my whole system is just realy slow...like slower than dialup. i realy need help from you guys. here's the logs from the scaners listed on your instructions.


DDS (Version 1.0) - NTFSx86
Run by Owner at 21:57:24.73 on Thu 11/27/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.398 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.... Read more

A:various trojan and malware infections please help!

Hi there greeksalad

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

==================================

We will begin with ComboFix.exe. P... Read more

Read other 16 answers
RELEVANCY SCORE 46

Hi:
I am running Windows XP Pro., 316MB RAM, 10Gig HD, compaq presario 1200US laptop. Last week, I noticed after installing Spyware Terminator with Crawler Toolbar, that my CPU was operating at near 100% continuously and drastically slowing down my computer. I discovered later, after reading and running, what seems like a million removal tools (RemoveIt Pro v4, Multi-Virus Cleaner 2007,a squared free, Rogue Remover, etc., that Crawler toolbar was in over 120 registry locations. I then removed it with RemoveIt tool. I tried also X-con Spyware something or other and found out that it was malware. I have since deleted it from my computer, I hope. I also notice I no longer have System Restore. I went to Services and noticed that System Restore Service was set in Automatic but it was not "Started". I clicked "Start the Service" and unfortunately got a pop-up saying that "System Restore could not be started ... Error 2: the system can not find the file Specified." I then ran a Panda Scan. It also found about 20 problems. I don't remember all because I've ran so many tools, I'm confused now. I have Firefox browser, AVG, Zonealarm, and Lavasoft Ad-Aware (all freeware). I also run CCleaner and EasyCleaner 2. I thought these were all recommended protection but obviously they have failed to protect my computer. I ran Troyan Explore and got KhGen and A\Istb. Another tool (don't remember) said I had Generic Malware, Generic Trj., Downloade... Read more

A:Trojans and other malware infections

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/605211-no-system-restore.html
 

Read other 1 answers
RELEVANCY SCORE 46

Hi All ~I have an infected laptop. I have run MalwareBytes AntiMalware and SpyBot. They both detect and remove malware, yet the malware, particularly "Malware Doctor" always returns. Below is a Hijack This log. I would appreciate your assistance in removing the malware and spyware, and thank you very much in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:19:56 PM, on 6/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\system32\carpserv.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\Program Files\Common Files\... Read more

A:Cannot Remove Malware Infections

Hello qthush99,Welcome to Bleeping Computer.Sorry for delayed response. Forums have been really busy. My name is fireman4it and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Read other 14 answers
RELEVANCY SCORE 46

Upon booting my PC, I keep getting a Symantec popup stating "Unable to load PIF:: AlertEng.dll", then RealPlayer starts up stating unable to load SYSTEMBOOTHIDEPLAYER. The PC runs sluggish and I periodically get the blue screen of death. It has been doing this for nearly 10 days now and I am lost as to how to fix it.

I have gone into safe mode (with network connection), run Ad-aware, Spybot, BitDefender and Panda, and ComboFix but the problems still exist. I thought it might be the Vundo virus, so I ran Vundofix, but it found nothing.

Someone please help! Attached is the results of the Panda scan (all others supposedly cleaned what they found) and my Hijack Log:

Incident Status Location

Adware:adware/sidestep Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tom & Kari\Cookies\tom_&[email protected][1].txt
Adware:Adware/SaveNow Not disinfected Personal Folders\Inbox\lakefree.exe[lakesetup.exe][BSAVEINST.EXE]
Adware:Adware/SaveNow Not disinfected Personal Folders\Inbox\Emailing: pdiet36\pdiet36.zip[lakefree.exe][lakesetup.exe][BSAVEINST.EXE]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\UBCD\BartPE\I386\SYSTEM32\NIRCMD.EXE
Hacktool:Hacktool/AngryScan Not disinfected C:\UBCD\BartPE\PROGRAMS\IPScan\ipscan.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\UBCD\burn\I386\SYSTEM32\NIRCMD.EXE
Hacktool:Hacktool/AngryScan Not disinfected C:\UBCD\burn\PROGRAMS\IPScan\ip... Read more

A:Help!!! Problems with malware infections???

Can anyone help, please?? I am now getting a BSOD! THis has been going on for over 2 weeks and i have gotten no where with it.
 

Read other 1 answers
RELEVANCY SCORE 46

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:33:54 PM, on 2009-02-15Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Windows Live\Messenger\wlcsdk.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.comR1 - HKLM... Read more

A:I have Malware! Virueses and other infections!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 46

Hi all! I'm attempting to help out a friend of mine who's PC has been infected with a massive amount of viruses/spyware/malware. At first the PC wouldn't even boot giving a variety of errors (missing DLL's). But after doing everything from manually expanding missing DLL's and running utilities off of an ultimate boot disk I was able to get in to the system. After getting into the system I was able to run a number of scanners scanners: AVG, SpyBot as well as Ad-Aware. The system is running pretty good with the exception of a few popups. So I'm wondering if anyone here could walk me through removing these additional popups. The main popups I'm receiving are from WinAntiVirusPRO 2007 prompting me to download (which of course I'm not). Any help would be greatly appreciated! Here is my log file: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:02:35 PM, on 11/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobil... Read more

A:Please Help With Malware/spyware Infections. Thanks!

After reading some of the posts in this forum I was able to run Combofix, analyze the results and create my own script to remove the remaining entries. Everything is running well and I've eliminated all of the popups.

Thanks to all who respond in these forums. Even though I didn't get a direct response I was able to use the information from other responses to clean this machine.
This thread can be closed.

Read other 2 answers
RELEVANCY SCORE 46

I am having internet connectivity issues due to possible infestation of something. Anyway, I am unable to download files off of the net, I.E. I had to redownload my graphics driver several times, because mid-way my connection timed out. My router firewall has a list of several hundred attacks all within a few minutes of themselves. I will post that along with a HJT-log. Any help is greatly appreciated. TY.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:39 AM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 -... Read more

A:Possible Spyware/Malware infections.

Here is a updated router firewall log, along with the system log to show you all just how often i am getting disconnected from the net.

User Login From 192.168.2.3 => Thu Jul 3 02:37:55 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 02:25:32 2008

WAN Connection Disconnected => Thu Jul 3 02:25:31 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 02:21:46 2008

WAN Connection Disconnected => Thu Jul 3 02:21:45 2008

User Login From 192.168.2.3 => Thu Jul 3 01:55:08 2008

User Login Error From 192.168.2.3 => Thu Jul 3 01:55:01 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:48:32 2008

WAN Connection Disconnected => Thu Jul 3 01:48:32 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:35:31 2008

WAN Connection Disconnected => Thu Jul 3 01:35:30 2008

User Login From 192.168.2.3 => Thu Jul 3 01:31:20 2008

User Login From 192.168.2.3 => Thu Jul 3 01:25:31 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:24:00 2008

WAN Connection Disconnected => Thu Jul 3 01:24:00 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:07:07 2008

WAN Connection Disconnected => Thu Jul 3 01:07:07 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:03:32 2008

WAN Connection Disconnected => Thu Jul 3 01:03:31 2008

Get IP Address 72.28.204.2 From DHCP Server => Thu Jul 3 01:01:44 2008

WAN Connection Disconnected => Thu Jul 3 01:01... Read more

Read other 1 answers
RELEVANCY SCORE 46

[b]One of 'my' malware is a fake "Windows update" that opens up on my browser, asking me to allow to install protective ware (I know, through research, that this is in fact a malware.)

Additionally, I am re-routed to certain search sites automatically when I am browsing - I know this is malware operating.

Finally, I had trouble running 'malware byte's antimalware', apparantly due to a malicious program that recognizes it is threatened by this antimalware and goes to great lengths to annoy me!

I have followed, to the letter, the guide on this forum and am counting on your help to get rid of it for good.

Any additional recommendations you might have for me I would take with gratitude.

Many thanks in advance for your help/b]
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:29:25.28 on 27/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.383.83 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WI... Read more

A:Various Malware infections (not sure of their names)

Hello, DragonFly31.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by... Read more

Read other 14 answers
RELEVANCY SCORE 46

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:41:32 AM, on 1/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtra... Read more

A:Spyware And Malware Infections

Hello surfnutPlease Print out these instructions or Copy and Paste this 'Fix' into Notepad for future reference as you will be required to Reboot into Safe Mode.Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)O2 - BHO: 0 - {D3A60F5E-F2C0-43D6-D08C-1C893A4CCCD6} - C:\Program Files\Common Files\laxu.dll (file missing)O2 - BHO: (no name) - {D54A98AB-A8A4-45C6-B34C-9E194E4DC6B8} - C:\WINDOWS\system32\ssttr.dll (file missing)O4 - HKLM\..\Run: [hotyge] C:\Program Files\Windows Media Player\hotyge22011.exeO4 - HKLM\..\Run: [ecdad67e] rundll32.exe "C:\WINDOWS\system32\kwsqosgs.dll",bClose any Explorer windows which may be open and click the "Fix checked" button, then exit HijackThis.Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose yo... Read more

Read other 2 answers
RELEVANCY SCORE 46

Hello, will make this short and sweet. I infected my wifes computer with a bunch of BAD stuff while surfing around on MySpace. Mirar, 3721, Acoona, and a bunch of others.I went step by step through the Prep Guide and it looks like they worked!!! Could you please check the HJT log and let me know if there is anything further I need to do? And if everything does look clean, what programs/cleaners/fixes can I delete?ThanksJayLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:33 AM, on 3/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\No-IP\DUC20.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\... Read more

A:Many Spyware/malware Infections - Did I Get Them All?

Hi Jay,

I wanted to get both of these done as close together as possible. This one looks pretty good. If you've done anything with it, or noticed anything different since you posted this log, please post another one and let me know what it's doing.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 46

Hello, I hope someone can help me.

I have a very badly infected computer. Its an Acer running Windows Vista Home Premium SP1. 2 Gig RAM, 32 bit O/S

I've tried to install Hijack This and it gets corrupted immediately. The same holds true for Combofix, dds, Avast, SuperAntiSpyware etc. I was able to install A2 for some reason and I ran that. It found a few things but I still have the problem

I slaved the drive to another computer and scanned it with Malwarebytes, SuperAntiSpyware and Avast boottime scanner. All 3 programs removed a lot of stuff but when I put the drive back in the original computer (Acer) I'm still unable to install any anti-malware program.

I'm able to access the internet but when I go to tech sites like BC the pages never load properly and I can't see the entire conversations in the forums.

Is there any way to remove malware using a command line application or a way to do it manually? Any help would be greatly appreciated.

Thanks

A:Major Malware Infections

Try this application and then immediately run the DDS scanCombofix should not be run except under the guidance of a HJT team memberIf it does not work, post back hereRkill.scrhttp://download.bleepingcomputer.com/grinler/rkill.scrWhen you double-click on the Desktop icon, a small DOS window will open and the application will run on it's ownIt should only take a few minutes and it will close by itselfDo not reboot the machine

Read other 4 answers
RELEVANCY SCORE 46

I was recently given a laptop by my cousin. After running a Malwarebytes and Avira scan, I came to find it heavily infected.
 
Avira found 38 different issues, some of which include:
 
ADWARE/Amonetize.Gen7
ADWARE/Adware.Gen7
PUA/Linkury.iona
PUA/MyPCBackup.Gen
PUA/Linkury.Gen2
PUA/Systweak.Gen4
PUA/Mplug.tryu
 
Malwarebytes found 518 traces of maleware. Ive attached the Malwarebytes log file.
 
Any help getting rid of these issues would be greatly appreciated,
 
Thank you.

A:Malware and Virus Infections

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery... Read more

Read other 12 answers
RELEVANCY SCORE 46

Hi, this is my first time posting, so please bear with me.I purchased a new PC less than 2 months ago. Within a week of getting it, it became very sluggish & started freezing & crashing. I had installed a lot of software on it & ran multiple applications at the same time, so I attributed these problems to those causes. About 1 month ago, my pop-up blockers started fail. Pop up ads began to appear while I was online running Firefox & spontaneously, even if I didn't have a browser open. Meanwhile, I started to have trouble navigating to websites- both IE & Firefox will often fail to go to a page that I've typed in a url for, & will virtually always fail to open links. The message is either IE/Firefox cannot communicate with the server or the connection to the server was lost. This happens regardless of the strength of my wireless connection, which is almost always "excellent." Next, my cursor became frozen in the middle of the screen, but this was determined to be a mechanical problem with the Function key by Dell, who replaced the keyboard, & fixed that problem. I often see that it tries to redirect to hxxp://results.google-analytics.com/ It will open new tabs to go there, or spontaneously redirect the tab I'm working in there- I never get to see the results, though, it just tries to load indefinitely. Today my computer started to play music randomly. As with the pop up ads, I don't need to have a browser open... Read more

A:multiple malware infections

Hi helpmyinfctdpos, and welcome to Bleeping Computer.Your machine is severely infected - I hope this will be a warning for you - you need to take some preventive steps in the future...QUOTEAlso, I'd like to know how vulnerable my data may have been while this PC was connected to the internet. Not only did I have my financial particulars on it, but I had documents & video files connected to it that I'm worriedabout. Is there a way to trace the locations that data was sent to from this PC?I know of no way of checking that... However, this infection is a security risk (as most infections nowadays) - ThreatExpert Report... I'll ask you to change your password later, however, if you have a possibility to change them now from a known clean computer, please do so... Please do the following:Firstly,Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be promp... Read more

Read other 2 answers
RELEVANCY SCORE 46

I seem to have so many problems that it could be easier to list what works, rather then what doesn't work.Here goes:1 The task bar not present with out forcing it to appear. When it appears it does not allow anything to be visible on the task bar when minimizing.2 Drag and drop do not function at all.3 No copy and paste. The context menus have paste and paste special greyed out.4 Search does not work at all.5 System restore points are all gone, and I cannot create new restore points.6 Sound output is disabled.7 Send to on context menu does not allow files to be sent to cd drive.8 Avast AV and Malware Bytes do not work at all. Avast won't allow scans. Uninstall and reinstall does no good. Malware Bytes does not load. It stops at a message stating vbalsgrid6.ocx is an older version. Uninstal and reinstall does no good.The system is an older eMachines Celeron. Model T-2682, 2GB memory, 2HDD, XP Professional, SP3. I hope you can help me with the batch of problems. Thank you in advance.

A:Major malware infections

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 46

I was recently attacked by Microsoft Security Essentials Alert Malware, so i removed it via following this guide http://www.bleepingcomputer.com/virus-remo...ssentials-alert. However although it removed the trojan, i suspect that there are other trojans that Malwarebytes' Anti-Malware wasn't able to remove. I also get pop-ups once in a while which confirms my thought that other trojans are present. Here is a HijackThis Log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:04:01 PM, on 11/10/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files&... Read more

A:Malware and trojan infections

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay in response.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and choose the notification you wish and click Proceed. Your subscription will be added and the topics you are subscribed/tracked to can be found in your Control Panel on this pagePlease take note of the following guidelines in the meantime:Please perform all steps in the order received and do not proceed if you need clarification.In the meantime, please refrain from making any changes to your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Old topics are closed after 3-5 days with no reply, and working topics are closed after 5-7 days. If for any reason you cannot complete instructions within that time, that'... Read more

Read other 1 answers
RELEVANCY SCORE 46

Hi there,My pc seems to be infected with malware. i constantly get popups when using IE. These include bannerconnect, winanonymous, systemerrorfixer. I have run adaware and spybot but the problem still persists. Can someone please help me? Here is my HJT log; thanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 22:39:18, on 27/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Windo... Read more

A:Malware Infections (bannerconnect)

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 4 answers
RELEVANCY SCORE 46

Symptons: 1. Multiple pop up screens when using Internet Explorer to surf the web. 2. Computer running really slow3. Computer suspected of being infected with multiple malware: TROJ_VUNDO.AJP; TROJ_VUNDO.YEK; TROJ_ZAPCHAST.DM4. The file nvcoi.exe is suspect.The user does not have an antivirus program installed on their computer.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:08:13 PM, on 05/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\vVX1000.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Yahoo!\Messenger\YahooMes... Read more

A:Multiple Malware Infections

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

Read other 21 answers
RELEVANCY SCORE 46

This is the HJT log. Please help analyze. sad.gifLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:51:10 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\1021\services.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Michaelsoft\GMenu\GameMenu.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\WinRAR\WinRAR.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO1 - Hosts: 210.48.149.53 gameguard.mapleglobal.comO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no... Read more

A:Spyware or Malware Infections

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 2 answers
RELEVANCY SCORE 46

Hey there...I am redirected from here.
http://www.bleepingcomputer.com/forums/topic469841.html/page__st__15

The last person helped me greatly, but there are still some lingering issues (porn pop ups...slow computer, freezing programs), etc.
Here are the results of DDS and GMER.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by rosemac771 at 14:38:29 on 2012-10-24
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1978.816 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============a== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\SMINST&#... Read more

A:Infected with various Malware infections

Hello mercuryrsng I will be helping with your computer problems.From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.Remember that you came here for help, so allow us to help you If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.Always do the steps in the order they are listed in (left to right, top to bottom).I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.If you have a question about something, do not hesitate to ask.Let's begin: From Programs and Features (via Control Panel), please uninstall the below:Java™ 6 Update 35Java™ 6 Update 5PC Care Center__ Please download RogueKiller to your desktop.Now rename RogueKiller.exe to winlogon.exeDouble-click winlogon.exe to run.When it opens, press the Scan buttonWhen the scan is finished, press the Delete button.Post ... Read more

Read other 12 answers
RELEVANCY SCORE 46

Last week we discoveredwe had a Olmarik Trojan virus that could not be removed by our (then) current PC Speed Scan Pro, that is without sendinding them more money. I heard an ad on KNBR radio about "ESET". Downloaded their free ESET NOD32 Antivirus software, and found you guys in the process. After reading through SEVERAL threads and trying various diffrent manual removal steps, I found the followingfrom a link on your site to Wilders Security: ESET has a new standalone remover for Win32/Olmarik, located at http://download.eset.com/special/EOlmarikRemover.exe. Please try using it to remove the infestation. Regards, Aryeh Goretsky. Who apparantly is an ESET moderator. Anyway, after re-running a Full System Scan with ESET NOD32 Antivirus software I had 1 virus which ESET deleted. I still have function problems, such as not being able to use Microsoft Help (offline)(tried to get pc to restore, Help won't open, Can't use SEARCH, some browser or webpages are blank such my face book home page. Hope this helps. OH BY THE WAY! the following may be important: I originaly started with Grinler's prep guide dated 11-10-05. I was able to do all steps except #6 the DDS Log. When the DOS style window did open, but it quickly closed with out scanning or creating a report. Tried several times to no avail. I have HiJackThis on my PC and will run a scan to stay ahead if you need the report or need to re-direct me. don't know how to use it though, so a scan is all that I will do.RO... Read more

A:Trojan Infections, Malware

FYI- To all reading my original thread. I've decided to Restore the PC from scratch.

Read other 2 answers
RELEVANCY SCORE 46

I have been having multiple problems with malware that has caused multiple hard restarts or system restores. I have paid services to fix the problems and none have worked. I currently have a redirect going on and Open Cloud security trojan. I have thoroughly read the topics and done what is called for preparing for a fix. I have my DDS log see below but Gmer will not run. I am currently in safe mode to do this work. I update Java freuqeuntly due to game play and do a large amount of work on this PC as well. I need your help! I follow instructions pretty well and would appreciate any help you could give me. I could not back up tried to with the instructions and tools in other posts here. Frankly the only thing I am concerned about losing is my MS suite.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by HP_Administrator at 5:43:03 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1568 [GMT -6:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\560724095:2147980510.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla ... Read more

A:Multiple malware infections

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421381 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers