Over 1 million tech questions and answers.

Unknown symbol on turnoff icon-possible spyware/virus?

Q: Unknown symbol on turnoff icon-possible spyware/virus?

Dear Techguy support, I'm guilty for not ensuring my defenses were adequate on my son's laptop. There is currently a small sheild on the turn off icon whenever I attempt to turn off the laptop. I don't think it is suppose to be there. There is a note under it that tells me to click to install important updates and turn off my computer. Also, for some reason Internet Explorer icon is no longer on the desktop and I can't find it on the program list on the control panel. Not sure what happened. My son tells me he tried to reinstall it from online but received an error message saying there was a problem preventing reinstalling it. Below is my Hijackthis log. Please advise. Thanks .

Logfile of HijackThis v1.99.1
Scan saved at 4:34:41 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Burl Lambert\Desktop\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop" target="_blank" class="wLink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qzgate.com/gatevc.php?pn=srch0p6total7s2
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccISPwdSvc - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: ccProxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: comHost - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\126140.exe (file missing)
O23 - Service: ehRecvr - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: ehSched - Unknown owner - C:\WINDOWS\eHome\ehSched.exe (file missing)
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

RELEVANCY SCORE 200
Preferred Solution: Unknown symbol on turnoff icon-possible spyware/virus?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Unknown symbol on turnoff icon-possible spyware/virus?

bump

Read other 3 answers
RELEVANCY SCORE 56.8

For the last few days my McAfee VirusScan Enterprise 8.5.0i features has been disabled and greyed out. My Access Protection, Email Protection and Buffer Protection are absent when I open my Virus Console from my Start menu. I cannot open my Virus Console from my system tray where the icon is. I keep getting an error message that says: Could Not Access the Local Computer. But I AM the local computer. I also have full privileges. I ran services.msc to see if I had access to shut down mcshield and I get another error message Error 5: Access Denied. Now my Microsoft Word isn't working. It's saying that there isn't enough memory or the disk is full. But I know I have enough space. I've also gone into the Administrator account in Safe Mode to look at my Virus Console and, although the options are avaliable, everytime I reenable them it just disables again when I reopen it. I haven't have problems for months since I got this. I've reinstalled this thing a hundred times to no result. And I've scanned my computer multiple times with different recommended devices in and out of safe mode. I am at wits end. I could really use some help.Here is my 'main.txt' information:Deckard's System Scanner v20071014.68Run by Buni on 2008-05-20 11:51:07Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- L... Read more

A:Unknown Virus Or Trojan Or Spyware Attacking My Virus Protection

Hi, if you would still like assistance, please do the following.Please download Malwarebytes' Anti-Malware and save it to your Desktop. Alternate download location Alternate download locationDouble-click mbam-setup.exe to install the application.Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.NextClick Start and then Run to bring up the Run box.Copy and paste the contents of this quote box into the run box:
"%userprofile%\desktop\dss.exe" /configClose all other open windows.Click OK.A window will now open. Click Check All and then click Scan!.When the scan is complete, two text files wi... Read more

Read other 16 answers
RELEVANCY SCORE 56.8

For the last few days my McAfee VirusScan Enterprise 8.5.0i features has been disabled and greyed out. My Access Protection, Email Protection and Buffer Protection are absent when I open my Virus Console from my Start menu. I cannot open my Virus Console from my system tray where the icon is. I keep getting an error message that says: Could Not Access the Local Computer. But I AM the local computer. I also have full privileges. I ran services.msc to see if I had access to shut down mcshield and I get another error message Error 5: Access Denied. Now my Microsoft Word isn't working. It's saying that there isn't enough memory or the disk is full. But I know I have enough space. I've also gone into the Administrator account in Safe Mode to look at my Virus Console and, although the options are avaliable, everytime I reenable them it just disables again when I reopen it. I haven't have problems for months since I got this. I've reinstalled this thing a hundred times to no result. And I've scanned my computer multiple times with different recommended devices in and out of safe mode. I am at wits end. I could really use some help.
Deckard's System Scanner v20071014.68
Run by Buni on 2008-05-20 11:51:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enabl... Read more

A:Unknown Virus Or Trojan Or Spyware Attacking My Virus Protection

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070801
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAf... Read more

Read other 2 answers
RELEVANCY SCORE 56.8

I have DL'd some freebie stuff for X-plane. [Aircraft - airports etc]
I have used a recommended installer to ensure correct file placement.
None of the new stuff will open in the program although it is itemised.
In WinExplorer each new file has a little lock symbol on the icon.

Can anyone explain this and how to deal with it?

Thanks.
 

A:Lock Symbol on File Icon

I am going to assume the last post in this thread should help you. This is the first thing Google found.
http://social.technet.microsoft.com...y/thread/e6e585dc-c685-4e2f-8c62-db2f762ab056
 

Read other 2 answers
RELEVANCY SCORE 56.8

Icon symbol issue when checking ?use this app for all .* files?,

Please, have a look on the screenshots which better explain my issue

I have *.loc file, and I wanted to open it once in Note Pad and then to get its symbol back to its initial state (no symbol for the file icon).

Unchecking the ?use this app for all ** files? never gets the icon back to its original state!

Is there a solution to get the icon back to its initial state (no symbol)?


Thank you

Best

Jamal

A:Icon symbol issue when checking “use this app for all .*

hello ,I think you need to make changes in file association ,just checking the use this app for all .loc files in your second last attachment will not do it as there isn't even another app in the list, to need to re-associate to app it belongs to ,and if my Googling is correct its belongs to a GPS program ,in the second last image it shows a more options link ,if you click that do you get you gps program in the list of programs to open the file

Read other 9 answers
RELEVANCY SCORE 56.4

Hi All,

I have a symbol with 2 blue arrows on all my file icons and i have no idea what it is. Any ideas?

Thanks,
Ed
 

A:Solved: unknown symbol on all file icons

Read other 8 answers
RELEVANCY SCORE 56.4

okay... i think what's causing my computer to go bonkers is this thing called fhdaumwA.exe
i have no idea what it is, nor can i find any info on it on google.
it also doesn't help that my explorer.exe doesn't seem to be working because of some sort of virus, so i cannot even go poke around in "My Computer" and use installed programs
(like hijackthis, unless i know the run command for it...)

anyway..
if anyone knows how to get rid of or knows what fhdaumwA is, please help me.
also-- if anybody knows how to get rid of TA_Start and Think_Adz... that'd be great too.
maybe im wrong but i think those things are preventing my explorer.exe from working properly.

and if someone does answer my questions, please keep in mind that my explorer.exe is not working x_x;; and that i cant even run explorer.exe through windows task manager....
 

A:unknown virus fhdaumwA and known virus/spyware that i dont know how to get rid of

Hi, junesue1205

Welcome.

Bring the Task Manager (Ctrl+Alt+Delete) and run Explorer.exe as a new task. Would that make a difference?
 

Read other 3 answers
RELEVANCY SCORE 56

After opening the case of my Lenovo T440s I got the "Bottom cover tamper detection" error and it wants me to enter the BIOS password after pressing "ESC". What makes me curios is the icon of a person / man next to the lock icon. Its unlike the supervisor password lock icon I was used too.It isnt accepting my supervisor password so is this different icon meaning that I need to enter the user password or something?For clarification: I know its my fault when I dont remember the correct supervisor password and in fact the mainboard needs to be replaced. I just want to know whats that icon about. Thanks in advance!

Read other answers
RELEVANCY SCORE 56

I know that if you go under properties there are a lot of icons to choose from. I want a picture that I downloaded since I accidently deleted the .ico file in my download folder. It's a shortcut to a program. Of course I emptied the recycle bin!

A:How do I change the icon symbol/picture on desktop to my own jpg?

Redownload the picture you deleted, then go to one of the many websites which change jpegs to icon files. Put your icon in a place which is safe, then do the change icon procedure which you know about, choosing your icon file.

Read other 2 answers
RELEVANCY SCORE 56

We have run AVG, KAV2010, Spybot, Anti Malwarebytes, and Ad-Aware. Each one has cleaned a few files. However our default browser is Firefox, but we are constantly getting IE popups. Here is my HijackThis log. Any help or suggestions is appreciated.Edit: iexplore.exe is a running process at the time hijackthis was run, but does not show up in the log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 PM, on 7/14/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\I... Read more

A:Virus/Spyware Unknown

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 5 answers
RELEVANCY SCORE 56

Hello,

I seem to have contracted a spyware virus. It seems quite nasty
I get a pop up on my computer (even when not on the net) that says I have a trojan spm/lx virus & I need to install an "intrusion detection system" software.
I have lost my desktop image & can not restore it. My windows media player will not work anymore, & "system restore" also will not work.

I tried to run the DDS to create a report, but this spyware/virus keeps poping up saying I have to "activate their antivirus software". Which I don't want to do.
I found a way around it. But THEN when I run the GMER Rootkit Scanner, it crashes. Everytime. So I can not complete this step of the process.

I only have a subscription to Norton, which had ben good enough for years & years. But they want to charge a high fee to help fix this.

Since you all helped me with my moms computer a few weeks ago, I figured I come back here for your help with mine.

What would be my next step, since I can not get the GMER Rootkit Scanner to complete a scan & create a ark.txt file?

Thanks for your help regarding this matter.

Dave

A:Unknown spyware virus

A lil up-date.
This thing is related to a "advanced-virusremover-2009" pop up that turned into my current nightmare.

Other odd things I've noticed. Any program I try to start, this pop up says "Application cannot be executed. The file is infected. Please activate my anti virus software". Well, If I don't "kill" the window, I can then open the program on my second try, and it runs normally.

My Norton program says there's nothing wrong with my computer.

As for my computer, It runs well, with the exception of the pop up ad, which wants me to install a program. And messes with the ability to start other programs.

I still am unable to re-set my desktop image.

And I'm having no luck running the "GMER Rootkit Scanner" without it crashing, to create a ark.txt file.

I hope this is useful in figuring out how we can "Crush" this "bugger".

Dave

Read other 19 answers
RELEVANCY SCORE 56

I am using Windows XP and recently was alerted that a virus was detected. I turned off system restore and rebooted and got rid of the Trogan but have since had icon's magically appear on my desktop. If I scan with AVG Anti Virus it does not detect any current viruse's and I used Ad-Aware SE to clean out spyware several time's. My Ad-Aware SE is up to date as is my AVG. In my start-up (msconfig) I have some file's that concern me although they are not checked for start-up. Also when I check my test result's for the AVG I do not see what virus was detected any longer but on one result I see that a file named >>> Wrapperouter.exe had been deleted and when I try to check my web based e-mail it slows way down and an IP Address of 69.42.87.219e.html shows up and does not allow me to go to the page I need to, It takes me to another page from popupsearches.com. I checked the IP and it belongs to a company called Webair Internet development Inc in Jericho New York. I wonder if the richup file has something to do with j e r i c h o Hmmm. The richup file was checked when I looked in my start-up and I unchecked it. Any advice would definitely be appreciated...

Thank You

Bambi.....
In Start-up:

PPWebCap
PSof1
richup
Cfgmng52 RunDLL32.EXE C:\WI...
ash Disp C:\PROGRA~1\ALWIL...
 

A:Unknown Virus\Spyware?

Please do not post duplicate threads. I have replied to your other thread here:

http://forums.techguy.org/t375924.html

This thread is closed.
 

Read other 1 answers
RELEVANCY SCORE 56

Hello, I recently came down with AdVantage as well as a series of other nasty programs that I think have been removed, save for one, which is really the one I was hoping to get rid of in the first place. I have updated AVG, Spybot S&D, SUPERantispyware, and Ad-Aware, and run ALL Of them with a full scan to reveal little of anything useful. I eventually downloaed the microsoft Malicious Software Removal Tool and that seems to have done the trick for AdVantage. However, I still have this one program that pops up and tries to download and install something all on it's own. Now, as best I can tell, it's not able to actually download nor install anything, as it appears to error, and ask me where a file is. This is the string it searches in by default (The string that's in the search box by default) C:\DOCUME~1\Teddy\LOCALS~1\Temp\_is28\ Now, I know for sure that it's actually downloading something, but I haven't a clue where it's putting it. I lost ALL my free HD space to this monster. It was originally trying to run under the name Eclipse Patch, but after I uninstalled that, it changed to another program and started trying to coerce me to install it. Other things the window does, is reopen if I close it, instantly, time and time again. If I end it with Task Manager, it goes away for five or ten minutes, then starts crying more.

I'm including a hijack this Log in hopes that it reveals something I missed. I looked over the entries I didn... Read more

A:Unknown Spyware/virus

Read other 16 answers
RELEVANCY SCORE 55.2

Hello, so this problem has happened to me before, and it's gone away before, but now it's back and it's staying for longer than it has previously. So the first thing I noticed is that in the bottom right on the toolbar, my network icon has the loading symbol around it. It doesn't go away unless I right click on it, in which case it shows that I'm not connected to a network. I can still open and run my browser, however pages like pandora or youtube don't load. Any program that connects online (such as games), and some that don't, refuses to open. I can't open Network and Sharing Center, or any page in Control Center for that matter. I also can't run any troubleshooters. I've tried restarting my computer in various safe modes including with command prompt, where I ran sfc /scannow. This brought up a message saying that some files were corrupted but could not be fixed. I also restored my computer to a previous time when my computer was working fine, and that fixed the problem until I restarted my computer the next day, when the problem returned. I know it's not my network that is the problem, my wifi works fine and I've double checked all the cables to my modem, router, and the Ethernet cable which I tried switching out. Sorry for such a long post and thank you to anyone who took the time to read it, also thanks in advance to anyone who can give me some advice.

Read other answers
RELEVANCY SCORE 55.2

Hi, I bought my Yoga 910 on may and its battery was charging normally until 3 days ago. Suddenly the charging symbol/icon in the screen start to oscillate between showing and not showing the plug - plugged and unplugged - every 2 seconds. The icon was blinking together with the charging led light (as the movie attached). I checked the cable for possible lose connection, but everything was in place.I checked also the battery on windows device manager, looking for some update, but everything was already up to date.The battery was not charging and now it is completely drained. Any help? Thanks,Paulo


























Lenovo 910.zip ?1682 KB

Read other answers
RELEVANCY SCORE 55.2

hi, i think my computer has a quite serious problem, yesterday i tried to install a few programs n maybe one of them contains a virus, when i did the virus scanning, i found there's trojan virus there.
i cudn't open my c: or my documents, and almost all.

i tried to cleaned them up using my antivirus program (AVG 7.5, free ed)
and it works

after that, i tried to do another scanning, and the result shows that it has no viruses anymore,

fyi- before there was 8 file were infected, most of them are from system32

the new problem is, even though i can open all my drives like normal, but the icon of my drive c now has changed into a red cross symbol, as shown in the attachments, "screen"

and when i turn my laptop on, there's a box appears, shown in attachments, "error1"

can u please tell me what is going on with my laptop?
and what should i do?

thanks a lot.
waiting for ur reply
thx!
;p

nessya
 

A:why does the icon of my computer (drive c) is changing to a red cross symbol?

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 55.2

I'm working on my mom's computer, and I've run two different antivirus scans, plus AdAware, and I still haven't been able to completely clean her computer. I don't know what virus(es) remain, but there's something still on her computer. I've run bitdefender online and housecall online as I cannot install an AV software due to whatever bug she has. I know it is still infected because when I launch IE and type in a web address, mulitple IE windows open up going to various different websites. Attached are the DDS logs.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 13:13:59.21 on Tue 03/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.431 [GMT -5:00]
============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\AOL\1192735984\ee\AOLSoft... Read more

A:Unknown Virus/Spyware/Hijacker

Hello JP Balzen, I have some very bad news for you. Your System is infected with Virut!!Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.More information:http://free.avg.com/66558There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either: Immediately before the encrypted code at the end of the last sectionAt the end of the code section of the infected host in 'slack-space' (assuming there is any)At the original entry point of the host (overwriting the original host code)Miekiemoes, an expert??for malware removal, and an MS-MVP, additionally has a blog post about Virut.I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.r... Read more

Read other 4 answers
RELEVANCY SCORE 55.2

I am using Windows XP and recently was alerted that a virus was detected. I turned off system restore and rebooted and got rid of the Trogan but have since had icon's magically appear on my desktop. If I scan with AVG Anti Virus it does not detect any current viruse's and I used Ad-Aware SE to clean out spyware several time's. My Ad-Aware SE is up to date as is my AVG. In my start-up (msconfig) I have some file's that concern me although they are not checked for start-up. Also when I check my test result's for the AVG I do not see what virus was detected any longer but on one result I see that a file named >>> Wrapperouter.exe had been deleted and when I try to check my web based e-mail it slows way down and an IP Address of 69.42.87.219e.html shows up and does not allow me to go to the page I need to, It takes me to another page from popupsearches.com. I checked the IP and it belongs to a company called Webair Internet development Inc in Jericho New York. I wonder if the richup file has something to do with j e r i c h o Hmmm. The richup file was checked when I looked in my start-up and I unchecked it. Any advice would definitely be appreciated...

Thank You

Bambi.....
Concerned about these file's In Start-up:

PPWebCap
PSof1
richup
Cfgmng52 RunDLL32.EXE C:\WI...
ash Disp C:\PROGRA~1\ALWIL...
 

A:Solved: Unknown Virus\Spyware?

Read other 16 answers
RELEVANCY SCORE 55.2

Hello, friends. Last night when I was on line to do my research papers. Suddenly IE ads started popping up, and no I do not use IE, instead I have been using firefox for 4 years+ now. And it was weird because I have been train not to visit suspicious sites and have not had a adware/spyware attack for years (due to my cautious habit). Please tell me what is wrong now. Also I used hijackthis and attempted to remove suspicious files, but now it have this "limited or no connectivity" icon . I think i did something terribly wrong and hijackthis cant backup the ones i deleted. I think I am infected by Vundo/del and Webhancer, Isearch toolbal, Win.32.trojanclicker, Win32.trojan.small and more .Thanks and here is the log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:46:42 PM, on 11/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TOSHIBA\ConfigFree\CFSvcs... Read more

A:Unknown virus/adware/spyware

so far i used the following programs:true sword 5.0microtrend online virus scannerkaspersky lab online scannerand avg free 8.0and now I can connect to my net, here is the newest scanLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:23:14 AM, on 11/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS ... Read more

Read other 8 answers
RELEVANCY SCORE 55.2

It seems I have some type of problem that redirects my browser. It does it on IE8 and FireFox.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Sylvia Martinez at 16:55:29.84 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.412 [GMT -6:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\sys... Read more

A:Unknown virus, spyware or trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

When computer goes to internet, network connections blocks (LAN) and no internet connection avaiable (thrue LAN - direct internet DSL connection). Here is ATTACH and DDS text files.....

Thanks in advance...

A:Unknown virus, maleware, spyware...?!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

i was looking through my program files and found a file called Learn2.com it contains the folder StRunner which contains: stcurs, struntme.dll, STRunner, and stuninst.

and in under common files i found these folder: xing shared, SureThing Shared, SWF Studio, SpeechEngines, Nullsoft, MSSoap, Borland Shared, and Corel.... any help is appreciated.
 

A:Unknown Files--- Virus? Spyware?

Read other 8 answers
RELEVANCY SCORE 55.2

Im new here, so sorry if I get something wrong.I am running windows XP Home, Chrome browser. I have followed the instructions to create a log file and attached it here. I usually am able to locate and remove trojans/spyware/viruses myself, but this one has me beat.
A few weeks ago I downloaded from an email what I thought was an invoice for road toll I had traveled on. Turned out to be a scam and computer did all sorts of strange things, shut down on its own, opened weird web pages, cant remember what they were now. I noticed in the task manager processes list that iexplore.exe was using a lot of memory and internet browsing was very slow. I dont use internet explorer and have it disabled so I ended the iexplore.exe process. Internet went back to normal, after a while iexplore.exe started up again causing the same problem, I kept ending it but kept restarting. I downloaded Task Blocker to kill it every time it started up. Some days it was continuously being ended, but computer and internet were fine. Problem is a few days ago task blocker wouldnt open, even tried uninstalling and reinstalling, still didnt work. I then downloaded "Ultimate_Process_Killer_2.0.2" which enabled me to end the process manually and kill the root file, which I did like 100 times until it didnt start up again. I havent had a problem since but wanted some help to make sure it is gone for good. Sorry this is so long, please advise as to what you need me to do next. Thanks.

A:Unknown trojan, virus, spyware

 We have newer scanners that will show us much more, lets do this  Please download aswMBR to your desktop.Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.I just want to see the report....Please Do Not Fix Anything     ============================================================================   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating systemA simple way to check your system: Start --> Computer (right click) --> PropertiesRight click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.Please make sure All Users is checkedDo not check
*List BCD
*Drivers MD5
*Shortcut txtPress Scan button.It will produce a log called FRST.txt in the same directory the tool is run from.Please copy and paste log back here.The first time the tool is run it generates another... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

Good evening guys, i really need help from 1 of the pro here to get rid of this, it is really getting on my nerves.
Here's the problems:
First, my keyboard (im using microsoft wireless k/b) stop working
calculator automatically on by itself,
IE would also start by itself and select 'history'
Volume controller would automatically set to mute,
It also seems auto click my desktop programs/files
when i open a notepad, the find and replace options just came out.

The weird thing is whenever i dc my k/b (pulling out the batteries), the system just goes fine but once i connect the k/b, the problems return. I've tried scanning using Panda AVPRO (result: no virus found), spybot s&d (result: scan a few spyware and deleted) but to no avail. Tried to boot it in safe mode, missing boot.ini option in msconfig and i cant press the f8 button during startup. I didnt try to reformat my com because i afraid one of my files might be infected and i dont really wish to do that either. I will post the hijackthis logfile in the next message since im using another computer to post this up. Would greatly appreciate if someone could help me with this.
 

A:Unknown Virus/Spyware/malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:33 PM, on 1/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
C:\Program Files\Lavasoft\... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

Hey guys.

I need some real help here. I have some sort of virus or spyware.....etc.... It redirects all of my google searches to other weird websites that are other search engine or shopping websites i have never heard of. It also has stopped all of my anti-virus and anti spyware programs to stop from running and i also can't seem to install them again. I really need this computer to work because it is my baby and i have to use it for a big paper i have to write for school. It is a Sony Vaio VGN-FS775P/H . I used AVG Free for my Anti-Virus and Search and Destroy for my spyware protection. Neither programs work. Also i am knowledgeable about computers. But i do like step by step instructions for these kinds of problems. But i will take any help i can get!!!!

A:Unknown Virus/Malware/Spyware??? I Need Help!!!!

Hello and welcome to TSF.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 55.2

I've been working with a very kind person on this site under the Security > Am I infected? What do I do? forum. After several days of troubleshooting, they asked me to post here for your help.Here's my original request:I was out of town for 10 days and someone else was using my computer. Upon return, there was a Windows Security Suite virus that pretty much had hijacked the entire computer. I ran MalwareBytes.... and pretty much got rid of that issue as best as I can tell.However, I cannot run a Google Search - my results are redirected.Worse - I cannot access my Gmail, Google calendar, home page, or anything else google-related. I AM able to access them on any other computer, just not on mine.Any suggestions would be greatly appreciated.--------My topic in that forum is: http://www.bleepingcomputer.com/forums/t/247683/cant-access-google-anything/I went through your Preparation Guide and had some problems there.I did all steps as instructed, until Step 6 - Run DDS. I disabled VB Scripting, but am still unable to run a DDS log. When I start the program, it opens and I get the following:As per the instructions you would have received, kindly ensure any onboard script blocking tools have been disabled for they shall interfere with DDS.DDS is a non-invasive diagnostic tool.-DDS makes no registry writes/changes-DDS does not create any permanent files/folders.This scan should not take longer then three minutes to complete.When the scan is complete, a logfile/report shall pop open.P... Read more

A:Infected with unknown virus or spyware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.==============Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 11 answers
RELEVANCY SCORE 55.2

Hello.

I think my machine was infected when I accidently clicked on some pop-up or banner ad. I first noticed I was infected when loads of warnings from a fake anti-spyware product (that I hadn't realized I had downloaded/installed), started to pop-up.

I've ran Malwarebytes Anti-Malware, Spybot S&D, and AVG Free 8.5 multiple times, and now Malwarebytes has said there are no infections present. However, when I boot up and login, it rarely completes all the startup procedures and just freezes instead. If I do manage to login, a short time later I will get a scrambled BSOD before the machine restarts itself (No idea what the prompt is for the BSOD).

I am running Windows Visa Home Basic, and I don't have any system restore points I can use.

A:Infected with some unknown virus/spyware

Hello and welcome /// please post your last infected MBAM (Malwarebytes)log so we can see what was found.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Got a steal on a computer FX55, 4 gig ram, 2 geforce 6600 GT 128 video cards, 1 tb of HD space but I'm stuck trying to get this thing to start. I've gotten the 800b0100 error but now I'm not getting that far after doing a full clean format of the primary HD. What I have connected is a dvd drive, the main ide drive (has a sata raid setup but have that disconnected), 2 G of ram and the video cards.

I've set the bios to boot the CD first but I'm getting an error after it verifies the DMI pooling and says booting from CD:
The next thing that happens is I get a message that says

press any key to boot from CD - then right below it I get
{some sign it looks like an 8 with the bottom of the 8 cut off} is missing
Press Ctr - alt - del to restart.

Any help would be appreciated. I don't have much experience with the computer so the history is a little unknown.
 

A:unknown symbol is missing - control - alt - delete to restart from CD boot

Read other 16 answers
RELEVANCY SCORE 54.8

I'm running WindowsXP Professional on a Dell Latitude D600, and I recently swapped out my laptop base unit, due to a failure with the prior unit. I successfully swapped over all the peripherals from my old laptop unit (screen, drives, Wi-Fi, battery, etc.) and the laptop started up normally, with no problems.

While not a problem, I just now noticed that on Windows Explorer, under [file] Name column, I see that for everyone of the files listed, there a very small "green checkmark" or a "yellow exclamation mark" in the lower right-hand corner of the symbol that designates the file type (Word, Excel, PDF, etc.). I've never seen that under Windows Explorer before, working this laptop - or any computer for that matter.

Anybody have an explanation for the mysterious symbols that have shown up, all of a sudden? Thanks.
 

A:Solved: Small Symbol w/File Name Icon in Windows Explorer

Read other 9 answers
RELEVANCY SCORE 54.8

Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 15:15:55Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:59, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Fil... Read more

A:Infected By Various Unknown Virus/malware/spyware

Hello Mabok and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, ... Read more

Read other 6 answers
RELEVANCY SCORE 54.8

My computer got infected with what I'm guessing to be a trojan over the past couple of days, probably yesterday.
Basically what it does is open a pop up window whenever I start Firefox or IE. And I failed to take notice of it, so I'm not sure if it is due to the virus or some other problem, but the software for my ATI Radeon x1650 is completely shot. The card runs, but the Catalyst Control Center attached to it doesn't even run. I tried reinstalling it to no avail.
I'm not getting any error messages.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ignacio at 23:46:36.70 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2495 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcS... Read more

A:Infected with unknown pop-up spyware/trojan/virus

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

Read other 2 answers
RELEVANCY SCORE 54.8

Hello.I have a Windows Vista with latest service pack and updates, it has been infected with antivirus 2010, but im unsure if i have got rid of this. When trying to run Norton antivirus, malwarebytes, superantispyware etc the program is closed and then the access to those programs is removed. Also i cannot run safe mode, when starting safe mode i get the cursor, but then the computer restarts.I cannot run autoruns and neither some other sysinternals program, closes afther a sec or 2. Need some help witht this.Also i have not attached the GMER log since i get same issue there, runs for a little while befor its closed.DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by test at 10:06:37,65 on 26.09.2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.47.1044.18.2813.1840 [GMT 2:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Netw... Read more

A:Infected with unknown virus/spyware/rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

I have a workstation running XPP with SQL express and other production software that has been infected with something that shuts down the NIC and reboots the machine.Machine now running in safe-mode with networking for credit card authorizer to function.Spent many hours scrubbing the machine and thought I had got it cleaned - 24 hours later it is in the same condition.Have run AVG (in Safe-mode consle and GUI), malwarebytes, and SuperSpyWare - the safe-mode AVG cleared enought to boot normal. Ran the AVG root-kit and full scan - they were clear.This bad-ware creates multiple folders in the root that look like SQL installs that failed - they contain a EULA.TXT that is locked and can't be deleted in OS operation. Used UBCD4W to remove them a day ago - now they are being generated again.Trying to avoid a format and re-install as the production software requires a great deal of configuration when installed.Has anyone seen this activity and does anyone have a solution?

A:Unknown Virus/Malware/Spyware shutting down NIC

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello when I try to open my yahoo email account I fin an already opened one with other person´s name. Besides, computer keeps making a sound like if someone is clicking the mouse.
Panda and AVG find nothing. What can I do? Thank you!!
 

Read other answers
RELEVANCY SCORE 54.8

I am a Wikipedia editor, and one day last year I found out that when I was editing an article, I would type something, and then it would take a couple seconds before the word actually appeared on screen. So I got suspicious and ran Malwarebytes. The cause was a Rogue.Installer. After I removed it the computer was fine. However, two weeks ago, I got the problem again. However Malwarebytes and Avast couldn't catch it. And this time the problem came with another. Pictures would either take very long to show up, or it would just show red X boxes. Now this doesn't happen to all pictures. At first I tried resetting IE which did seem to help. However the problem came back once again and resetting now does not help. So please help me get rid of this annoying problem.
 

A:Unknown internet virus/malware/spyware

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:41 PM, on 12/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-42... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

I have a friend's PC i'm trying to clean but have been unsuccessful. I have installed Malwarebyte's, Ad-Aware, Avast, Spybot both in normal mode & safe mode. I have also attempted to rename the setup and .exe files associated with each program but I get an access denied message with all of them. Requested info is provided/attached. Thank you.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Maritza Rojas at 12:07:06.92 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

============== Running Processes ===============
============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=79340083
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero dsl\SearchEnh1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {86856066-a970-4514-9614-383019f82a3c} - ribenepo.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: NetZero DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - c:\program files\netzero dsl\Toolbar.dll
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB... Read more

A:PC infected with unknown virus/adware/spyware,etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

My problem is that i can not run explorer.exe from anywhere. It seams to run for a few seconds on the process list then goes away. I have no taskbar, desktop icons, or explorer.exe running. I have run ad-aware with its' updates as of last night, Removed everything that they found. I have tried to install spybot search and destroy numerous times on different hardrives and even on a flash drive and it wont startup for some reason. I had it installed allready but it stopped working(wouldn't load) so I tried reinstalling it and it would install fine but would never load the process.

There is no upload button on my browser so I am going to copy and paste the attatch.txt file (it seams that my javascript is messed up, it acts up on other sites as well. I hit the BB Code Help button and nothing happens, I just hear the click sound)
DDS (Ver_09-01-07.01) - NTFSx86
Run by cerius2 at 13:18:46.88 on Mon 01/12/2009
Internet Explorer: 6.0.2600.0000 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = <local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
BHO: {213453a5-2a96-44ca-b50b-378fb745006b} - c:\windows\system3... Read more

A:unknown Virus/Trojan/Spyware/Malware

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 15 answers
RELEVANCY SCORE 54.8

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

A:Virus, Trojan, Spyware or Malware name unknown

Due to lack of feedback. this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

Read other 2 answers
RELEVANCY SCORE 54.8

Hi...My friend's computer has been infected with some virus that keeps coming up with a pop-up that says:Security Center Alert To help you protect your computer, Windows Firewall has blocked activity of harmful software. Do you want to block this suspicious software? Name: Spyware.ISpynowRisk Level: HighDescription: iSpynow is a Spyware program that records keystrokes and takes screen shots of the computer, stealing personal financial information.{button.inactive}Keep Blocking{button.inactive}Unblock{button.active}Enable Protection - (This button takes you to a site that is asking you to download an application called "Personal Defender 2009".)Windows Firewall has detected unauthorized activity, but unfortunately it cannot help you to remove viruses, keyloggers an other spyware threats that steal your personal information from your computer. {link}Click to download and activate protection.{link} - (This link will take you to the same application site for "Personal Defender 2009")Up until last night, no matter what site we would go to, IE would constantly navigate us to a website telling us a threat was detected and navigation was blocked with two links: one that would take us to the same site to download the app and another that would allow you to continue surfing but would then crash IE. Firefox would crash almost immediately as well. I ran SUPERAntiSpyware and cleared off a trojan virus that was hidden as a fake SVCHost.exe file. So now it doesn't t... Read more

A:Infected with unknown Spyware.ISpynow bug/virus

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

I actually have two computers I'm working with and both of them seem to have the same type of viruse or spyware. Both of these computers are used to list products on ebay. Both have a suspicious service named ci that points to a file named c:\windows\system32\tcim.exe. On one of the systems I keep getting a popup with chinese writing that looks like an instant messenger program (but isn't) I had already run combofix and malware bytes antimalware as well as super antispyware but I can't get rid of it.
Here are my logs.

P.S. I also get a 0x0000008 blue screen on one of the systems in normal mode shortly after logging in related to ntfs.sys but it does not happen in safe mode.
DDS (Ver_09-01-18.01) - NTFSx86
Run by Dona Brickles at 22:01:51.51 on Tue 01/20/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.701 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WI... Read more

A:Unknown Spyware or Virus - think it's related to ebay

So after fighting and fighting with this computer I finally gave up and reinstalled windows. I was able to get it removed from one computer using a combination of bartpe, combofix, malwarebytes, and manual removal of suspect things, but apparently this virus infects .exe files and if run, brings the virus back full blown.I found info on it at the following site: LINK Edit: Fixed link.I see many chinese, russian, and other sites talking about this but no one seems to have a fix.

Read other 3 answers
RELEVANCY SCORE 54.8

Logfile of HijackThis v1.99.1Scan saved at 6:27:21 PM, on 12/9/2006Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\PROGRA~1\MULTI-~1\MMKey.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\PROGRA~1\VISION~2\ONETOU~2.EXEC:\Program Files\Scansoft\PaperPort\pptd40nt.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exeC:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\eyc\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.y... Read more

A:Unknown Web-redirecting Adware/spyware/virus

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{8F9E93F5-C34F-47F2-927F-1ED68D8025CA}: NameServer = 85.255.116.69,85.255.112.91O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FF8A48-851A-4919-8A17-854B3DDF68B1}: NameServer = 85.255.116.69,85.255.112.91O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91If you have connection problems after this* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet C... Read more

Read other 5 answers
RELEVANCY SCORE 54

My computer runs extremely slow (from start up, to opening and closing programs, and running internet). As of recent, my computer will not allow me of install any new programs, update Java and now get on Facebook. Everytime I try to download a program (most recently anti-spyware or malware) my computer tells me during installing a dll file or exe file is missing. This holds true with every program I have tried. When I try to open currently installed anti-virus program; the program will either not open or I will receive an error "The program failed to initialize, error (0xc000012d)." When I attempt to login to Facebook my IE broswer says that the certificate is bad and if I reload the page the browers tells me "To enable cookies" to view the page. I am unable to run AVG, Malwarebytes, or an other program.

I ran the scandisk and defragmented the drive with no issues. I am unable to run a DDS report (download will not begin or install). I was able to get a hijackthis log, GMER log and run MBRcheck. All of the logs are attached. I appreciate any advice you can give me to resolve this issue.

 MBRCheck_12.22.10_01.23.34.txt   9.53KB
  6 downloads
 gmerlog1222.log   40.3KB
  3 downloads
 hijackthis12.22.txt   10.62KB
  5 downloads

A:Laptop is a Mess - Unknown trojan, virus, spyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 37 answers
RELEVANCY SCORE 54

As of 6 weeks ago I downloaded a torrent that ended up being a virus. 3 days after that I took a 5 week vacation so I really didn't mess with it much. But now I'm back and it's getting on my nerves.

I think its something like BOO/SInowal.C not too sure though

So first off the symptoms are:
Multiple rogue spywares being downloaded. Only one I looked at was Antivirus 2010.
Computer being slow.
Redirecting google links.
Refusal to open taskmanager or any other app unless I manually end all the crap in taskmanager immediately upon booting up. Usually theres 6 rundll3's
Random webpages opening without me doing anything.
Changed my internet settings to using nonresponsive proxy.

So far I have run a few scans with malwarebytes. I think 3 quick scans and 2 full scans all resulting with different things. I have also tried the Avira free trial but It really didn't do anything. I have been told that I need to turn off system restore but when I tried that it gave me an error saying "System restore encountered an error trying to enable/disable one or more drives please restart your computer and try again." and I plan to restart soon to try it. I also tried using TDSSkiller but It's still here.
If it helps here's the last malwarebytes scan.

Registry Keys Infected:
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfu... Read more

A:Unknown virus downloading rogue spyware/redirecting.

Hello, you did update MBAM between scans. You cut off the part of the log that tells me that and what Operating System we are using.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Fir... Read more

Read other 9 answers
RELEVANCY SCORE 54

Hi...

My friend's computer has been infected with some virus that keeps coming up with a pop-up that says:

Security Center Alert

To help you protect your computer, Windows Firewall has blocked activity of harmful software.

Do you want to block this suspicious software?

Name: Spyware.ISpynow
Risk Level: High
Description: iSpynow is a Spyware program that records keystrokes and takes screen shots of the computer, stealing personal financial information.

{button.inactive}Keep Blocking
{button.inactive}Unblock
{button.active}Enable Protection - (This button takes you to a site that is asking you to download an application called "Personal Defender 2009".)

Windows Firewall has detected unauthorized activity, but unfortunately it cannot help you to remove viruses, keyloggers an other spyware threats that steal your personal information from your computer. {link}Click to download and activate protection.{link} - (This link will take you to the same application site for "Personal Defender 2009")

Up until last night, no matter what site we would go to, IE would constantly navigate us to a website telling us a threat was detected and navigation was blocked with two links: one that would take us to the same site to download the app and another that would allow you to continue surfing but would then crash IE. Firefox would crash almost immediately as well. I ran SUPERAntiSpyware and cleared off a trojan virus that was hidden as a fake SVCHost.exe file.... Read more

Read other answers
RELEVANCY SCORE 54

Hi,

I've got something on my computer and I'm not sure what. I've had a lot of trouble with spyware and viruses just in the last two months or so, but I thought I had them kicked until now. I keep getting obnoxious popups in new windows that are advertisements for everything from dragon gaming to dentists. They show up as windows in my taskbar but don't actually visualize, and they're hard to get rid of. It may be related to my recent searches (which really creeped me out), as I do like fantasy and just recently spent some time looking up dentists. However, the popups are definitely not legit and I get them both in Firefox and in IE.

I've also had trouble with my Windows Firewall and automatic updates turning off - I definitely did not do that, and I keep getting notices that they're off. I tried going into Control Panel to fix it, and it said I wasn't authorized to do that. Considering that I'm the only account on my computer, that's concerning.

I've done a little virus-cleansing on my own before by perusing these forums, but I can't do this one on my own because I don't know what it is. My Symantec and Adaware scans don't turn anything up, and for the last few viruses I've gotten, I've gotten tons of alerts telling me about them. For this one, I've gotten nothing.

I DID start googling all of my processes one day in hopes that I'd run across one that's a known virus, and I fo... Read more

A:Unknown spyware/virus - popups, no error messages

bump!
 

Read other 2 answers
RELEVANCY SCORE 53.6

Hello,
 
My computer is infected with something that is causing multiple (anywhere from 18 to 32) dllhost.exe*32 com surrogate processes to be running at any time.  The infection also seems to be flooding my computer with temporary internet files, which has stalled every scan I have attempted (with the exception of avast!), regardless of whether or not I even have a single window of Internet Explorer open.
 
Any help would be greatly appreciated!  Here is my DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545
Run by matt.baun at 14:48:24 on 2014-04-28
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3977.2012 [GMT -4:00]
.
AV: System Center 2012 Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: System Center 2012 Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetwor... Read more

A:Computer infected with unknown virus, trojan, spyware, or malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

Read other 29 answers