Over 1 million tech questions and answers.

infected with a series of .dll programs attacking my computer with internet explorer pop-ups

Q: infected with a series of .dll programs attacking my computer with internet explorer pop-ups

I recently started getting weird popups in my internet explorer browser and thought that was queer because i use Firefox not internet explorer. my virus protection is Antivir and i looked at it and it was turned off. so i ran a virus scan with it and i got bombarded with warning messages of the same few viruses until it slowed down my computer to the point i had to restart it. the virus names i can remember are hamidita.dll, ziloyoya.dll, mebasugu.dll, and the one that is causing the most problems seems to be rujisovo.dll. i think i deleted most of the viruses but i know i can't delete rujisovo, i used a few different unlocker programs on it and deleter programs and nothing works. it says that every one of my processes, even my winlogon.exe program is blocking it from being deleted. i clicked unlock all button just to see if it would work and it turned off my winlogon.exe process which gave me a blue screen error that i had to manually restart my computer to get off the screen. i used msconfig when i rebooted and turned off the programs from my startup programs which seems to have fixed the popups from coming up but one program will not stay off my startup programs, it automatically puts itself back there. it doesn't seem to effect anything but just to make sure my computer isn't being searched or something from an outside source, i need help getting it off! here is my dds report:DDS (Ver_09-05-14.01) - NTFSx86 Run by Steven at 18:18:01.46 on Fri 06/19/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.735 [GMT -4:00]AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exesvchost.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Smith Micro\StuffIt11\ArcNameService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\DNA\btdna.exeC:\Program Files\Avi Player\AviPlayer.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exeC:\Documents and Settings\Steven\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.rr.com/uDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.commSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dlluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar HelperBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No FileBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: {376892ae-1825-4e5f-9f85-23f9640051cc} - CDNSCacheObj ObjectBHO: {44de3bbc-9b7a-4164-a1d8-d09d01a7e1e7} - c:\windows\system32\jkkIaAsP.dllBHO: Need2Find Bar BHO: {4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} - Need2Find Bar BHOBHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: {814a2a93-dea5-4599-9e39-6e0183f3b4e6} - c:\windows\system32\mafomeba.dllBHO: {9fdc8656-16e4-4826-be39-db35443c9a51} - c:\windows\system32\hGvUKBtt.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Mirar: {dd3a758d-790d-46e9-bc5e-2177addfe57a} - MirarTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Mirar: {dd3a758c-790d-46e9-bc5e-2177addfe57a} - TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No FileEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileEB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imAppuRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"uRun: [Avi Player] "c:\program files\avi player\AviPlayer.exe" hmwmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startupmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /automRun: [jeyayofuvu] Rundll32.exe "c:\windows\system32\mebasugu.dll",sdRunOnce: [RunNarrator] Narrator.exeIE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllTrusted Zone: musicmatch.com\onlineDPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CABDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cabDPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cabDPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cabDPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cabDPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cabDPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cabDPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} - hxxp://www.worldwinner.com/games/v50/chess/chess.cabDPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/isan/default/popcaploader_v6.cabDPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: igfxcui - igfxdev.dllNotify: jkkIaAsP - jkkIaAsP.dllAppInit_DLLs: c:\windows\system32\rujisovo.dll c:\windows\system32\hamidita.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hamidita.dllSTS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hamidita.dllSEH: {44de3bbc-9b7a-4164-a1d8-d09d01a7e1e7} - c:\windows\system32\jkkIaAsP.dllLSA: Authentication Packages = msv1_0 c:\windows\system32\hGvUKBttLSA: Notification Packages = scecli c:\windows\system32\rujisovo.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\steven\applic~1\mozilla\firefox\profiles\1ieqaosg.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\program files\download manager\npfpdlm.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll---- FIREFOX POLICIES ----FF - user.js: general.useragent.extra.zencast - );user_pref(network.proxy.autoconfig_url, hxxp://127.0.0.1:9000/proxy.pacFF - user.js: network.proxy.type - 0============= SERVICES / DRIVERS ===============R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-22 28544]R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-2-8 22536]R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-5-4 11608]R2 AntiVirScheduler;Avira AntiVir Personal ? Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-5-4 68865]R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2006-3-2 137344]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-22 210216]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit11\ArcNameService.exe [2007-5-1 157264]R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2006-3-2 12032]S3 AntiVirService;Avira AntiVir Personal ? Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-5-4 151297]S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-5-4 52056]S4 CSIScanner;CSIScanner; [x]S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-4 24652]=============== Created Last 30 ================2009-06-19 16:56 <DIR> --d----- c:\program files\Unlocker2009-06-19 16:53 3,888 a------- c:\windows\system32\drivers\NTHANDLE.SYS2009-06-19 16:48 18 a------- c:\windows\system32\CPDRI.DAT2009-06-19 16:45 722,192 a------- c:\windows\system32\vb40032.dll2009-06-19 16:45 15,872 a------- c:\windows\Delete Complete Program Deleter.Exe2009-06-19 16:45 280 a------- C:\Complete Program Deleter.lnk2009-06-19 16:30 49,152 a------- c:\windows\system32\wddsgnag.dll2009-06-18 13:37 1,406,761 a--sh--- c:\windows\system32\ayoyoliz.ini2009-06-18 01:37 1,406,743 a--sh--- c:\windows\system32\oninutup.ini2009-06-17 13:36 1,406,730 a--sh--- c:\windows\system32\omojigig.ini2009-06-17 13:31 49,152 a------- c:\windows\system32\ymgextkx.dll2009-06-17 13:30 1,072 a--sh--- c:\windows\system32\ttBKUvGh.ini22009-06-17 13:30 1,072 a--sh--- c:\windows\system32\ttBKUvGh.ini2009-06-17 13:30 236,544 a------- c:\windows\system32\hGvUKBtt.dll2009-06-17 13:26 45,056 a------- c:\windows\system32\qOIYSife.dll2009-06-17 13:25 45,056 a------- C:\ARK1CE.tmp2009-06-10 06:35 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll2009-06-10 06:35 12,800 -------- c:\windows\system32\dllcache\xpshims.dll2009-05-28 19:06 <DIR> --dsh--- c:\documents and settings\steven\PrivacIE2009-05-28 14:35 <DIR> --dsh--- c:\documents and settings\steven\IETldCache2009-05-28 00:23 <DIR> --d----- c:\windows\ie8updates2009-05-28 00:21 102,912 -------- c:\windows\system32\dllcache\iecompat.dll2009-05-28 00:19 <DIR> -cd-h--- c:\windows\ie82009-05-22 17:37 28,544 a------- c:\windows\system32\drivers\pavboot.sys==================== Find3M ====================2009-06-18 01:37 49,152 a--sh--- c:\windows\system32\kidapita.dll2009-06-18 01:37 79,872 a------- c:\windows\system32\putunino.dll2009-06-18 01:37 81,920 a--sh--- c:\windows\system32\resalami.dll2009-06-17 13:36 81,408 a--sh--- c:\windows\system32\ganafihe.dll2009-06-17 13:36 80,384 a------- c:\windows\system32\gigijomo.dll2009-06-02 12:44 5,070 a--sh--- c:\windows\system32\KGyGaAvL.sys2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll2009-04-07 23:19 0 a------- c:\program files\program2009-04-07 23:19 0 a------- c:\program files\nd2009-04-07 23:19 0 a------- c:\program files\e2009-04-07 23:19 0 a------- c:\program files\de2009-04-07 23:19 0 a------- c:\program files\am2009-03-29 15:59 3,082 a------- c:\windows\system32\affv300053706p4now.sys2009-01-28 14:01 34 a------- c:\documents and settings\steven\jagex_runescape_preferences.dat2008-01-04 03:30 382,352 ac------ c:\documents and settings\steven\jre-6u3-windows-i586-p-iftw.exe2007-07-12 19:53 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT2007-02-04 13:53 20,480 ac------ c:\docume~1\steven\applic~1\internaldb4827.dat2007-02-04 13:53 151 ac------ c:\docume~1\steven\applic~1\internaldb6500.dat2007-02-04 13:53 49 ac------ c:\docume~1\steven\applic~1\internaldb41.dat2007-02-04 13:53 379 ac------ c:\docume~1\steven\applic~1\internaldb1942.dat2007-02-04 13:53 0 ac------ c:\docume~1\steven\applic~1\internaldb2391.dat2007-02-02 22:43 0 ac------ c:\docume~1\steven\applic~1\internaldb6334.dat2007-02-02 22:43 9,216 ac------ c:\docume~1\steven\applic~1\internaldb8467.dat2007-02-02 22:43 0 ac------ c:\docume~1\steven\applic~1\internaldb3902.dat2007-02-02 22:43 0 ac------ c:\docume~1\steven\applic~1\internaldb153.dat2007-02-02 22:43 0 ac------ c:\docume~1\steven\applic~1\internaldb5436.dat2007-02-02 22:43 0 ac------ c:\docume~1\steven\applic~1\internaldb4604.dat2008-10-27 00:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat============= FINISH: 18:20:32.17 ===============What should i do to delete these bad programs off?

RELEVANCY SCORE 200
Preferred Solution: infected with a series of .dll programs attacking my computer with internet explorer pop-ups

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: infected with a series of .dll programs attacking my computer with internet explorer pop-ups

Hi mother fatherI see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log (not a DDS log).If you dont have Hijackthis on your computer, then download and install the new version by following the instructions here: http://www.download.com/Trend-Micro-Hijack....html?tag=mncolNote that it is unnecessary to uninstall the old version because the new one will be copied to a different folder. Let it install in the default folder C:\Program Files\Trend Micro\HijackThis Please post it.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Read other 10 answers
RELEVANCY SCORE 59.6

This is my first post to this site and is my first experience with an infection so you are dealing with a true rookie. I am running Windows XP sp 3 and am using Zone Alarm extreme as my antivirus/malware software. I also have spyhunter installed. Detected Trojan.vundo but it keeps reappearing after cleaning. I have downloaded highjackthis and mbam after reading other posts but I guess I need to know where to begin. Any assistance is appreciated.
 

Read other answers
RELEVANCY SCORE 59.2

Lets start off then.My computer has been experiencing problems lately. It runs random advertisement popups, runs MUCH slower, programs close without notice, i have not been able to run many programs. Internet explorer cant load a page, and closes all the time showing this notice:Weirdly, without the rest of the stuff the notice usually shows.This icon appears in my tray, and when you right click and click close nothing happens. (the green and red circles with the exclamation mark)This appears when you click it.4 New Folders appeared in the PROGRAM FILES folder, called OuterInfo, Kimmkofn, rgpmlybi, Zuxttrbm, without me installing anything.I cant run the HijackThis Installer, i click OK as soon as it loads, then it comes up with an error "Out of memory"I also tried to install Spybot Search and Destroy, but it would be about 1 minute into installation and it would just disappear. This happens with many programs.Please help with this matter,Verion

A:Slowed Computer, Internet Explorer Issues, Popups, Programs Spontaneously Closing.

Hello and welcome to Bleeping Computer Verion.Let's go to Control Panel> Add/Remove ProgramsLook for any of these and uninstall them...ClickSpringCowabanga by OINipwindows / ipwinsMediaTicketsMediaTickets by OINOINOuter Info NetworkPurityScanPurityScan by OINSnowball Wars by OINTizzleTalkTizzleTalk by OINYazzle by OINYazzle ActiveX By OINYazzle Cowabanga by OINYazzle Kobe :filtered:! By OINYazzle Picster by OINYazzle Sudoku by OINYazzle Snowballwars by OINYazzle Kobe Balls! by OINZolero Translatoror anything similar with OIN, Outer Info Network or Yazzle in them.and any other programs you didn't install or don't recognize.Then IF they're not listed run the Outerinfo UninstallerImportant! Reboot when done.Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Read other 7 answers
RELEVANCY SCORE 56

Movies are some of the best ways to pass time. The way some movies really resonate with me is quite fascinating. I kind of prefer watching TV series these days because the story tends to be longer. Aside from that, it is quite an amazing blog you
have here. I am a blogger too and I know the work you have to put in just to get a website as nice as yours. Your contents are great and I have bookmarked your website and would becoming every day. I tried these two websited for downloading movies but (zamob and Fzmovies)
on internet explorer but it was a bit stressful or I was confused at first.
If those links don't work, follow these >>>

https://www.tecreals.com/fzmovies/
https://www.makeoverarena.com/zamob-games-music-videos-tv-series-www-zamob-co-za/

Read other answers
RELEVANCY SCORE 54

Ok, as I type this, my entire desktop and start menu etc is gone. I've been getting alerts of a virus but explorer will just quit out and I cannot fix it. i can boot into safe mode and this doesn't occur. Any help would be appreciated

Also, I analyzed it online and it said this was a nasty process, it has been underlined and bolded.

Here is a Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:50 PM, on 6/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\... Read more

A:Solved: Virus or attacking explorer.exe

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply with a new hijackthis log.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

Read other 3 answers
RELEVANCY SCORE 54

Overview:
General
Microsoft Windows XP - Home Edition - Service Pack 2
AMD Athlon(tm) XP 2800+
2.08 GHz, 512 MB of RAM
---
Security Programs

ZoneAlarm Pro (Firewall)
AVG Anti-Virus
Spybot - Search & Destroy
Microsoft - Windows Defender
I'm quite an experience computer user, so I know my way around most of the time. However, I never encountered such a unique situation like this one before.

Before I begin, note that earlier before this problem, a trojin managed to get into my computer through two possible websites (I cannot recall, however, one of them was a MSN Messenger virus and the other was some video site rip-off of youtube). I thought I got rid of the trojins, however, I kept getting repeated warnings. I don't know if this is related or not... but I should note this anyway.
Today, my computer got bombarded with over 72 trojin viruses. Two of those trojins are BackDoor... information below.

AVG Quarantine Zone/Virus Vault
Trojan horse BackDoor.Generic6.EFC
Trojin horse Lop.BO
Trojin horse Lop.BQ
Trojin horse Lop.BN
Trojin horse Lop.BV
Trojin horse Lop.BO
Trojin horse Lop.BN
etc. the list goes on and on... most of the viruses were healed.
Note: These trojins are mainly found in the C Drive, WINDOWS\system32\<virus> (e.g. ddayy.dll, awvvw.dll, gebyy.dll, vtsqq.dll -- Note these are the actual detected virus names in my computer).​

When I boot up and log onto any user, the explorer.exe did not load. After consistent rebootings, I decided to ... Read more

A:Trojin's / RunDLL32.exe Attacking Explorer.exe

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that V... Read more

Read other 1 answers
RELEVANCY SCORE 54

Hello, I have a laptop running Windows XP Home with service pack 3. When I try to open a file from windows explorer it sometimes doesn't respond. I have to right click and use the "open" function. I decided to scan for viruses.

Panda found the following:
ANALYSIS: 2008-08-24 19:01:01
PROTECTIONS: 1
MALWARE: 50
SUSPECTS: 0
PROTECTIONS
Description Version Active Updated
Windows Defender 1.1.3704.0 No No
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Rochelle\Cookies\[email protected][3].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Rochelle\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rochelle\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rochelle\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes ... Read more

A:trojan 135.exe attacking windows explorer

Hi Rochelle

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

I do not see any anti virus detection software present on your computer.
Without a resident virus checker you are leaving yourself wide open to infection, this in turn would render the fix useless. Before proceeding further, please download, install and update an anti virus solution. A good free anti virus software to start with is AntiVir?
-> Only proceed with the rest fo the fix once you have installed a resident virus checker

Next....

Please scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool... Read more

Read other 11 answers
RELEVANCY SCORE 52.8

Ok i recently was infected with spyware but I installed a firewall called Panda and immediately started acting weird, so I said to myself ok uninstall it, no matter how long I leave the remove programs box open it wont load, so its just empty and Icant remove it, when I try by opening the program then clicking on the uninstall it will say error, my computer wil also not open internet explorer, it opens it just doesnt load, the only way i can go on the internet is if i right click on the icon and click start without add-ons, and it also wont shut down!!!!!!!!! please help, i have no clue what to do

A:Help Computer Wont Shut Down And Wont Uninstall Programs And Wont Open Internet Explorer, Please Help!

Did you came from HijackThis Logs and Analysis forum? Else I would suggest you to read up here and post a HijackThis log for malware experts to take a look. If they declare you clean and you still having such problem, then you can come back here and post your question again.

Read other 1 answers
RELEVANCY SCORE 52.4

Problems: Pop ups/fake anti-spyware programs/internet explorer java errors?/lagging internet

Dell Latitude D610
Windows XP SP2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:48 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\U3Vl\command.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ... Read more

A:Pop ups/fake anti-spyware programs/internet explorer java errors?/lagging internet

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Download SDFix and save it to your desktop.
Do not do anything with this yet!



Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.



SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click Run... Read more

Read other 1 answers
RELEVANCY SCORE 52

every 2 minutes pop-ups come up. like warning window had detected internet attack you must scan your computer. then it says anti-virus cant remove your virus.my viruses-trojan, spyware, adware, tracking cokies, backdoor, dialer. and i dont know what to do . please help.thank u.Mod Edit: Topic moved to more appropriate forum~ TMacK

A:Attacking From The Internet .

Have you tried running your antivirus programme in Safe Mode along with antispyware applications?Download Dr Web-Cureit! to your Desktop.Don't run it yet.Please reboot your computer into Safe Mode.Reboot Windows normally and press F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support.Run Dr Web-Cureit! by double-clicking on the drweb-cureit.exe file.Click OK in the prompt window that will open, asking "Start the express scan now".It will first make a quick scan of your system, let it clean what it finds.When it says "Done" in the lower left corner click on all your drives.A red dot will mark the selected drive(s) . Then click the pedestrian who now has turned green.It will scan ALL your drives, say Yes to all.Select 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, in the menu, click File | Save Report List.Save the report to your Desktop. The report will be called DrWeb.csvPlease post this in your reply

Read other 1 answers
RELEVANCY SCORE 50.8

me and my boyfriend go to my parent's house almost every weekend. He has his own internet at home, and sometimes he comes over and uses mine, and everything is perfectly fine on his computer (Windows 7, 64-bit). I only use my own internet and i get no popups and i'm fairly well protected by Trend Micro. He uses Avast. Well lately when we've been coming to my parent's house and using their internet, he gets flooded with popups and viruses until his computer is unusable. I get flooded with popups, but Trend Micro blocks them from doing anything to my computer, and even blocks the content. What can we do? it's only at one house that this happens, and when we return home, no popups or viruses (unless we come home with them). i've never heard of this happening before.

A:Virus attacking a certain internet connection?

This sounds like an ISP issue or a modem\router infection.

Just how is your parents PC connected to the Internet?

Directly to their ISP`s modem?

Through a router then to the modem?

One other thought. Is any other computer, your Parents turned on\connected at the same time? It is possible your parents PC(s) are infected and the virus is spreading through file and printer sharing.

Read other 4 answers
RELEVANCY SCORE 50.8

I can gain access to the internet on my pc through the internet explorer 64 bit edition (running xp pro 64) but not through the 32 bit, since many addons do not support the 64 bit edition, it is neccessary to have access to the 32 bit one. Other 32 bit programs do not work including windows live messenger, azureus, limewire, windows messenger, and so on and so forth. This is problematic for me as i use windows live messenger extensively for business purposes as well as the 32 bit IE so I can use the Adobe Flash plugin. Have tried several things, including disabling add ons, cleaning out the system, virus after virus scan (same for spy and malware). Help Please!? Dxdiag attached!
 

Read other answers
RELEVANCY SCORE 50.4

I have so many popups that my computer is attacking me. That is when it starts up after like 8-10 minutes of wating. I have run spyware and adware and hijack this. I just need help with my log. Please help it is taking me all day just to type this message because of the popups.
Logfile of HijackThis v1.99.1
Scan saved at 10:43:46 PM, on 5/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\RBEnhance\rbenh.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\msiexec.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

A:Computer Is attacking me

Read other 9 answers
RELEVANCY SCORE 50.4

I just got a odd little notification from Norton's firewall of a "high level intrustion attempt by Me-PC" So... why is my computer seemingly attacking itself? Or am I just reading this wrong?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 AM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Users\Dice\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc... Read more

Read other answers
RELEVANCY SCORE 50.4

Ok.
Toshiba
Windows Vista
Laptop
Windows started normally until i logged on and there was a black screen (not black screen virus) And there was a window stating that there was a worm on my computer that takes passwords and personal infomation i tried using task manager But a another window came up stating that windows task maneger has stoped working i closed the window then restarted my computer and went into Safe Mode with networking I then downloaded Spyware Doctor onto the computer and bought the full version it scan the conputer telling me i had 471 infections i then clicked fixed problem after that was compleated i restarted the computer again and went into regular mode but the problem was still not fixed . I searched on the computer what to do and it told me to System restore i did that on safemode and it still did not work .Rebooting is not an option because i dont have a cd and i do not believe it would work anyway. the only way i am able to get on the internet on normal mode is to Press shift 5 times to activate sticky key (what does sticky keys have to do with it you may ask) there is a link on the sticky keys window that states (Go to the ease access center to disable the keybosrd shortcut)i clicked on that which opened a windows internet explore PLEASE HELP ME IT WAS A CHRITMAS PREZENT
Note:Used MAlwarebytes Spyware Doctor and System restore

A:Something is attacking my computer

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 50

Everytime I try to open Internet Explorer, a window comes up then closes as soon as it shows. Like a blink.

I've tried reseting the IE settings on the control panel and it still doesn't work. I've also tried system restore and it still didn't work.

There are also some other programs that won't open, like McAfee Internet Security, it opens but it's just comes up as a plain white window.

This started happening a couple of days ago, I did a windows update and the problem went away. But then after turning the laptop off and on again, it stopped working again (Can't open internet explorer) and this time, after the update I couldn't connect to the internet.

I don't know how and why this started happening as I'm not the one who uses the laptop, but maybe it's the windows update that did this or I'm thinking maybe McAfee? But I'm not really sure.

Can anyone please help me. Thank you

A:Cannot Open Internet Explorer and Other Programs

Did you recently make any changes to the laptop hardware wise? If so uninstall the new hardware and check for latest device driver updates. If not try to uninstall any newly installed software. Back up your data to an external HDD first (like pictures, videos, documents, etc). It might be a driver related issue or a bad HDD.

Read other 8 answers
RELEVANCY SCORE 50

When I click on a link to a word document (or pdf, or a number of others) in IE6, they open imbedded in Interent Explorer. I can't seem to find a way to prevent this and make them open independently.

Does anyone know how?
 

A:imbedded programs in internet explorer

Read other 12 answers
RELEVANCY SCORE 50

So I am running the Windows 7 Home Permium 64bit and I am having quite the problem. None of my programs will open. It seems like the olny thing that will open is Internent Explorer, paint, actual folders, those kinds of things. Nothing else will open such as iTunes, Malwarebytes to scan for anything, not even flashplayer will open to watch YouTube. I've tried starting it in safe mode and still nothing will open. Ive run a diagnostic test to see if it was the hardware and everthing checked out okay. I have even tried SFC /SCANNOW Command - System File Checker and that came back negative. So I am out of ideas. Anyone know what to do?

A:No Programs Open Besides Internet Explorer

  
Quote: Originally Posted by perkobk


So I am running the Windows 7 Home Permium 64bit and I am having quite the problem. None of my programs will open. It seems like the olny thing that will open is Internent Explorer, paint, actual folders, those kinds of things. Nothing else will open such as iTunes, Malwarebytes to scan for anything, not even flashplayer will open to watch YouTube. I've tried starting it in safe mode and still nothing will open. Ive run a diagnostic test to see if it was the hardware and everthing checked out okay. I have even tried SFC /SCANNOW Command - System File Checker and that came back negative. So I am out of ideas. Anyone know what to do?


I would start with a malware scan using malwarebytes.

Malwarebytes : Download free malware, virus and spyware tools to get your computer back in shape!

Read other 9 answers
RELEVANCY SCORE 50

hi. for some reason, all of my programs are opening in internet explorer. All of my desktop icons are, "The white sheet with blue "E" on it". when i open it, it goes in internet explorer 9 thingy where u download stuff. it asks me if i wanna open/save the program in a .INK file. What should i do? P.S. it only does this for desktop programs, i can go in program files x86, and still open them.

A:All programs open in internet explorer?

Can you post a screenshot please?
Screenshots and Files - Upload and Post in Seven Forums

Sounds like someone associated all the application icons to IE... try right clicking on one of these icons and choosing open with... then Choose Default Program... whats listed as the default program? <-- Most likely someone chose IE and there is a checkmark next to "Always use the selected program to open this kind of file"

Read other 2 answers
RELEVANCY SCORE 50

All my programs on the start menu open in Internet Explorer (IE) including the desktop icons.I'm trying to avoid repairing my WIN7 and System Restore isn't working. In need of everybody's assistance.ASAP.Thanxxx...

A:All my programs are opening in Internet Explorer(IE)

Hi Fbike, Welcome to SF,

I guess the issue is with Default programs. Refer this tutorial to change it back

Change which programs Windows uses by default

Read other 5 answers
RELEVANCY SCORE 50

yes, im having troubles with I.E. 6, and cant seem to fix it just yet..i am trying to get it fo fix itself, as i read on this site, but i cant seem to find it in my remove/add programs. what do i do? my OS is windows xp. just got this pc 2-3 months ago.dell. the problem with it, is that i can access programs i would normally access through desktop or my start up men. for instance, if i were to type the letter "r" in the url bar, i have access to my recycle bin. and it wont completely erase my web-site history even though i erase them using the browers internet tools. please help me...thank-you!
 

A:cant find internet explorer 6 in programs

Go to the following link and it will explain how to make all programs visible in the add/remove program window.

http://www.rselby.com/Windows.html#xp1
 

Read other 1 answers
RELEVANCY SCORE 50

Last week I installed Internet Explorer 7 and since then have had a bunch of problems with various programs connecting and not connecting. I ran a diagnostic but not sure of how to proceed. Diagnostic is below. Once I downloaded Internet Explore 7 my Aol Instant messanger stopped functioning as well. It won't connect and when I try to conncect to update programs my laptop won't install them. Not sure of what to do. I know that my Norton's is not working write but I am never sure of how to work with these matters if you can help me out I would really appreciate it.

Last diagnostic run time: 11/08/06 18:35:43 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
... Read more

A:Internet Explorer 7 Not functioning along with other programs

Read other 2 answers
RELEVANCY SCORE 50

Whenever i try to open a program it tries to run it or save it. Even internet explorer itself wont open. How do i fix this. Please help. Turning off internet explorer fixes the problem but then i can't get on the internet.

A:All programs try to open with internet explorer

Welcome to the Seven Forums, AJBUB.

We would really appreciate it if you could add some more details about your issue. From what you have said, it sounds as if you may have a virus. Try running a quick scan with Malwarebytes Anti-Malware and tell us what the results are.

Read other 9 answers
RELEVANCY SCORE 50

All my system files download automatic. my programs prior to this problem update with psi and puma updater. when I try to download a program on major geeks it will say program is downloading..The dialog box at bottom of screen will say open or save. Either one you click will not start the download. I noted on my puma updater it had a choice of run or save or cancel. When you click run it starts downloading. I hope someone can help, I have tried every thing I could think of. Thanks, Mack

A:cannot download programs win 7, internet explorer 11

By far the simplest fix is to use System Restore to roll back Windows to a point in time when everything when your computer was functioning correctly. It allows you to undo system changes without affecting your personal files, such as e-mail, documents, or photos.Video: Fixing a problem using System RestoreIf that doesn't help, try restoring an earlier system image or backup.No suitable restore point, backup, or image available? Kick yourself -- you missed the easy solution, and you're left with digging through Windows' many settings.

Read other 1 answers
RELEVANCY SCORE 50

Hello,
I am running Windows XP and recently I had gotten infected by some spyware and adware programs. I think I have managed to get rid of these, but in the process I may have done some damage with Hijack This. My startup programs will run fine sometimes but then other times they will encounter an error and have to shut down.
Also my internet will not always connect. Sometimes it will but I have to restart my computer a few times before it will let me get on. I have a cable internet connection by the way. Also some of the little extra applets that open up at certain sites do not seem to want to run. For example, shockwave games do not open up they just load forever. My hotmail account does the same thing when I try to compose an email.
I tried to fix it with LSPFix and WinsockXPFix but it hasn;t worked. Please help if you know what the problem is. Thanks a bunch!

Here is the latest Hijack This log, if it will help:

Logfile of HijackThis v1.98.2
Scan saved at 2:11:40 AM, on 8/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\BCMSMMSG... Read more

A:Internet Explorer and startup programs

Read other 8 answers
RELEVANCY SCORE 50

Please help, I have this message popping up every few minutes. I used spybot S&D and Avast (both up to date) to no avail. I googled it and came across some threads posted here. After reading them I believe that I have some sort of malware. All the threads recommended that I get help as an individual rather then follow what was done for others. First I tried using the "Having problems with spyware and pop-ups?" got to step two and found that Panda ActiveScan is not vista compatible. I am running vista ultimate 32 bit, ASUS M2A-VM motherboard, AMD athalon 64x2 5600, with 3 gig ram. please help if you can.

A:C:Programs\Internet Explorer\svchost.exe HELP!!!

Deckard's System Scanner v20071014.68
Run by Chris on 2007-12-20 12:01:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
16: 2007-12-20 15:34:33 UTC - RP254 - Removed Ad-Aware 2007
15: 2007-12-19 07:50:29 UTC - RP253 - Windows Update
14: 2007-12-19 03:45:19 UTC - RP252 - Scheduled Checkpoint
13: 2007-12-18 14:01:02 UTC - RP251 - Installed HP Update
12: 2007-12-17 03:41:30 UTC - RP250 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-12-14 00:08:59 UTC - RP238 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-20 12:03:10
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\ASUS\AASP\1.00.28\aaCenter.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleTool... Read more

Read other 13 answers
RELEVANCY SCORE 50

So I am running the Windows 7 Home Permium 64bit and I am having quite the problem. None of my programs will open. It seems like the olny thing that will open is Internent Explorer, paint, actual folders, those kinds of things. Nothing else will open such as iTunes, Malwarebytes to scan for anything, not even flashplayer will open to watch YouTube. I've tried starting it in safe mode and still nothing will open. Ive run a diagnostic test to see if it was the hardware and everthing checked out okay. I have even tried SFC /SCANNOW Command - System File Checker and that came back negative. So I am out of ideas. Anyone know what to do?

A:No Programs Will Open Besides Internet Explorer

Hello perkobk

Try downloading and merging the default .exe extension from this tutorial see if that fixes it - Default File Type Associations - Restore

You may also need the .lnk extension too but try the one above first.

Danny

Read other 9 answers
RELEVANCY SCORE 50

My grandparents got a call the other day from their ISP saying that their server was being attacked by their computer. When I called they suggested a botnet.

I'm not sure how they could've gotten a virus, because all they know is how to open hotmail... but maybe it was an email attachment or something. Anyways, the ISP has shut off their internet so I was not able to download anything and did not have my own computer with me.

I ran their antivirus (AVG) but it didn't find anything. What would be the best program to use to find the problem?

A:My computer is attacking ISP server

This is a good free scanner.http://www.malwarebytes.org/

Read other 1 answers
RELEVANCY SCORE 50

Hi there
I recently accepted a file from a friends msn messenger.

I now have a virus attacking my computer. i have the lastest updated Norton.

Can someone help me?
 

A:msn virus attacking computer

Read other 7 answers
RELEVANCY SCORE 50

Hello,Since 2 days ago norton is giving me every 30 minutes or so the same message. Saying that a recent attack on my computer was blocked.Here an example of the message:Does some1 have any idea how to fix this problem ?Full scans didnt find any infections.I also get the same message about my SVCHOST.exe.

A:Some1 is attacking my computer ?

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 3 answers
RELEVANCY SCORE 50

Svshost.exe started attacking my computer 3 weeks ago then 10 mins after my internet went down including my wireless internet so i disconnected my modem and router but i need my internet and computer working and i think someone might have tried to hack my computer for info so i want to be sure they can't get to it because all my personal info is saved in the my browser and want to see if they put a tracker in my computer as well. Plus I don't want this too happen again so how can i prevent this from happening.
 

Read other answers
RELEVANCY SCORE 50

Ok.
Toshiba
Windows Vista
Laptop
Windows started normally until i logged on and there was a black screen (not black screen virus) And there was a window stating that there was a worm on my computer that takes passwords and personal infomation i tried using task manager But a another window came up stating that windows task maneger has stoped working i closed the window then restarted my computer and went into Safe Mode with networking I then downloaded Spyware Doctor onto the computer and bought the full version it scan the conputer telling me i had 471 infections i then clicked fixed problem after that was compleated i restarted the computer again and went into regular mode but the problem was still not fixed . I searched on the computer what to do and it told me to System restore i did that on safemode and it still did not work .Rebooting is not an option because i dont have a cd and i do not believe it would work anyway. the only way i am able to get on the internet on normal mode is to Press shift 5 times to activate sticky key (what does sticky keys have to do with it you may ask) there is a link on the sticky keys window that states (Go to the ease access center to disable the keybosrd shortcut)i clicked on that which opened a windows internet explore PLEASE HELP ME IT WAS A CHRITMAS PREZENT

A:Can you help me somthing is attacking my computer

Hi and welcome to TSF

Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


BG

Read other 3 answers
RELEVANCY SCORE 50

After I downloaded a file from limewire(i learned my lesson, don't trust limewire) it infected my computer with a virus and shut it down, after turning the computer off when the peeping sound went off, I restarted my pc, everything was ok, but then the "This application has failed to start because framedyn.dll was not found.
Reinstalling the application may fix this problem.And when I pressed ok the desktop files dissapeared and so did the start line, and then the error popped up again and I pressed again and that went on for awhile, not allowing me to access my files, so I managed to access my browser "Safari" indirectly using the ctrl+alt+shift+delete and run, then I found on the internet how to fix the framedyn.dll error, and so I managed to fix it even with the pop up,also I deleted the virus that kaspersky beta found, the pop doesn't show up anymore and it doesn't restart like previously, but all the desktop files and the start line aren't still showing up, I don't really now what to do. Right now I'm doing a scan of the C disk, but what other actions should I take to get back my start line and the desktop files?
P.S.Thanks in advance, I really need answers.
 

Read other answers
RELEVANCY SCORE 50

Hello, there is something wrong with my computer. I have run Ad-aware and Norton AV and still something wrong.

Here is the HJT log:

Please Help!!

Logfile of HijackThis v1.99.1
Scan saved at 4:13:24 PM, on 11.28.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\poin... Read more

A:Solved: What is attacking my computer? HJT Log

Read other 16 answers
RELEVANCY SCORE 50

and what damage will it to to my computer?
 

A:I have a worm attacking my computer how do i get rid of it?

with anti virus protection.

the computer may become unusable.
 

Read other 2 answers
RELEVANCY SCORE 50

Hi thre and thanks for helping.
I downloaded an infected torrent a few days ago and it infected me with what the spybot S&D found as virtumonde.dll, It also claimed to remove it but Then asked to reboot for a new scan and even in the new scan that came right after windows log on it kept asking for a reboot.
As the attack came I denied any changes for the registry and blocked all the connection attempts (every 10-30 seconds attempt).
My computer keep taking me to micro antivirus and advise me to install it I killed iexplor process every time it happend.

This is the Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 14:57:35, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system... Read more

A:virtumonde attacking my computer :(

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 1 answers
RELEVANCY SCORE 50

This is my first time posting here. I did a search for the site that seems to be hijacking my browser, but found no results.

As of last night, two sites have been redirecting me to:
http://www.atspace.com/dedicated-web-server-hosting-domain-articles-news/index.html
(the index.html sometimes shows as web_hosting.html or seo.html or a few others)

I can load my homepage google.com just fine, and most sites don't give me any trouble. However, "www.special-ops.us" and "www.photobucket.com" have both begun to redirect me to the aforementioned site(s)! Special-ops was the first one to do it last night, and now today both of those sites are doing it.

So far, I have run CCleaner and cleaned everything, including the registry. Also, I have run a virus scan with Avast! Home edition. I am currently running a second scan just in case it's missed something, and I've made sure it was updated a few moments before I ran both scans. I've had friends go to those websites, just to be sure it isn't the sites themselves, and they don't get the same redirect that I do.
I'm not sure where or even WHAT is hijacking these webpages. I should note this occurs on both Firefox and IE, though I use Firefox 99% of the time. Can someone help me? If it helps, I'll post my HJT log:

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:30 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.60... Read more

A:Hijacker attacking computer

Update: Last night, I ran Windows in safe mode so I could run CCleaner and run Spybot, CWShredder, SuperAntiSpyware, and MalwareBytes' Anti-Malware. And then scheduled a boot-time scan with Avast! Anti-virus. Of course, I updated the definitions for each of those programs before I loaded into safe mode, and ran a complete scan if it was available instead of quick scans.

CWShredder found: one object and removed it (It was really late, though, and unfortunately I didn't document what it was)
Spybot found: "Virtumonde.generic" and "Microsoft.WindowsSecurityCenter.AntivirusOverride" and removed them. (though the latter sounds like a false positive)
SuperAntiSpyware found: "Adware.Vundo Variant/Rel" in my registry as well as a bunch of tracking cookies, and removed them.
MBAM found: nothing..
Avast! found: 3 Horst-AAF Trojans and 3 TratBHO Trojans, and quarantined them.

However, I tested my system out today after work, and I'm still getting redirected on Photobucket.com and Special-Ops.us !
So despite finding all those baddies, my system is still infected.
 

Read other 1 answers
RELEVANCY SCORE 50

i keep getting a IE pop-up with either C:\Documents and Settings\Bballa\k.html as the address or C:\Documents and Settings\Bballa\staff.html along with a cmd.exe dos window. What can i do to fix it. Here is my log file form hijack thisLogfile of HijackThis v1.98.2Scan saved at 10:19:35 AM, on 10/13/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\WebDrive\wdService.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\System32\ezSP_Px.exeC:\program files\support.com&#... Read more

A:HELP! Yeakukz is attacking my computer

Hi,

Having a look.

Read other 5 answers
RELEVANCY SCORE 50

I know a lot of people have posted about their problems with this nasty bug. I just want to make sure I follow all the right steps in order to fix my computer. I've tried everything (CWShredder, Spybot, Adaware, etc.) but nothing has worked. It's even affecting my Adobe Acrobat Reader and I'm not able to run any virus scans. Here's my HijackThis log. All I need are detailed instructions....I'm very computer literate. Thanks so much!

Running: Windows 98 SE

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BAUSB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BOSTON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...0OIL-OL.COM/725ca17629/97681342/ogsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Interne... Read more

A:About:Blank attacking my computer

Read other 14 answers
RELEVANCY SCORE 50

First topicAs explained and showed with a screenshot in my first topic.. Norton is saying some1 or something is attacking my computer.I followed the guide as you said... and got 3 logs out of the scans. Im not very good with this.. so I hope you understand it.Thanks,

A:Some1 is attacking my computer ?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 20 answers
RELEVANCY SCORE 50

I'm running Windows XP Professional 64-bit, Version 2003 w/ SP2.
 
Last weekend programs accessing the internet would not run and my Chrome browser would 
only work with about half the URLs, the others gave an Aw Snap screen and would not 
load. I tried IE and these "bad" URLs ran fine. After a reboot of the system, IE will 
no longer run. It opens a screen and immediately hangs (Task Mgr. shows Not 
Responding). 
 
On Wed. and again on Thurs. my DSL line lost internet capability for several hours. 
Internet service resumed later each day. I have taken the problem system off-line and 
no Internet service issues have been seen today.
 
I'm using a 32 bit computer to write this message. I've had to download the scanners 
here and copy them to the infected system to run logs. When I tried to run DDS, it told 
me it did not support an XP 64 bit environment, co I couldn't run it. I also ran 
Security Check and FRST scanners. The log files from these scans are attached below.
 
Thanks in advance for any help or insight you may be able to provide.
 
Mark
 

Results of screen317's Security Check version 0.99.79  
 Windows XP  x64   
 Out of date service pack!! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
avast! Antivirus    ... Read more

A:Internet Programs and Browsers are Infected

Please do not continue to post duplicate logs.I have sent you a Private Message, explaining why I have deleted the multiple duplicates, which you have not read yet. Please do so.Please be patient you will get a reply to your original log here: http://www.bleepingcomputer.com/forums/t/521982/all-internet-programs-browsers-are-infected/

Read other 1 answers
RELEVANCY SCORE 50

I'm rnning Win XP Professional 664-bit, Version 2003 w/ SP2.
 
Last weekend, half of my Chrome browser windows would not load (aw snap only). Some websites were unaffected. I tried IE and it had no issues initially. After a reboot, IE is frozen - an IE window will open but immediately hangs (Not Responding status in Task Mgr.). On Wed. and again Thurs. my internet connection thru DSL went down for several hours. I have now taken the system off-line and no further issues with the DSL connection.
 
I have done scans with both Avast and AVG a/v. No problems have been reported by either scanner.
 
I'm using my 32bit system to communicate with the internet. I downloaded DDS. When I moved this to the infected system, DDS said it was not supported in my Win XP 64 bit environment. I also downloaded Security  Check and FRST. Both of these scanners ran. I am attaching their scan results below.
 
Thanks in advance for any help you can provide.
 
Results of screen317's Security Check version 0.99.79  
 Windows XP  x64   
 Out of date service pack!! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
avast! Antivirus                  
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````... Read more

A:All Internet Programs & Browsers are Infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521982 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 78 answers
RELEVANCY SCORE 50

Hey there,

I have a problem with my internet programs. I have IE 8 and the latest firefox. Firefox is my default.

I never use IE. Recently IE has been popping up with random ads and stuff. Sometimes 2 windows and sometimes only one. It is very annoying.

While using Firefox some of the pages i regularly visit are taking ages to load and others are perfectly fine. Also when using google search in firefox, I would search for whatever, the results would come up then when i click on a link it would automatically redirect me to bigsalesfinder.com and the from that to some other site.

My antivirus also keeps popping up saying

An intrusion attempt by 91.213.29.250 was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGAM FILES\INTERNET EXPLORER\IEXPLORER.EXE

Advanced details

Risk name - HTTP fake scan webpage
Severity - high
Attacking Computer - 91.213.29.250.80
Attacker URL - inyfeba.cn/?wm=70159
Source Address - 91.213.29.250
Traffic Description - TCP, www-http

Im am running Vista and Norton Antivirus internet security.

Can someone please tell me how to fix this.

Thanks

A:Virus infected my internet programs

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 14 answers
RELEVANCY SCORE 49.6

Hello, about 1 wee ago my computer stop connecting to the internet. i do not now what's wrong with it, i was on google for about 2 hours trying to solve it myself. The thing is i can log on msn perfectly fine on the computer, and the laptops and my xbox 360 thats connected to the same router as my computer can connect very fine. what confuses me is that the msn can connect on the computer, but itunes, explorer wont fro some reason.

ive looked around for idears and found afew on some sites and tryed it nd still nothing works, instaled virus scanners the lot 2 see if it was 1 of them but still no joy. so im really frustrated now

Help me, what should i do plze

A:Internet explorer wont connect but other programs will

Hi skenny16,

There are many things that can cause the issue you are seeing. One of which is spyware (not to be confused with viruses). What happens when your computer is infected with an array of spyware is that it becomes increasingly difficult to access webpages (itunes store works in very much the same way a webpage does). Spyware opens and or uses many of the connections on your pc. Think of it like this, when your PC is infected with a lot of spyware it is like IE is working its way through a maze to get an avaliable connection. Often times is can not find one due to all the spyware. I would run two anti spyware programs. Spybot and AdAware. Both free.

If that doesnt help you I would try:

1. Click Start, control panel, internet options.
2. Switch to the Advanced tab.
3. Click the Reset Internet Explorer Settings button.
4. Click Reset to confirm the operation.
5. Click Close when the resetting process finished.
6. Uncheck Enable third-party browser extensions option in the Settings box.
7. Click Apply, click OK.

Let me know if you are still having issues after doing ALL of the above.

Read other 2 answers
RELEVANCY SCORE 49.6

Does anyone know of a utility/registery editor modification that I could download/perform that would enable me to set a list of programs, that I already have installed, to launch automatically at the same time that I start my web browser (Internet Explorer 6).
Any responces would be great.

Jelley
 

Read other answers
RELEVANCY SCORE 49.6

Somehow my machine has got corrupted and the Internet Explorer is missing from the ?Set Default Programs? menu. Every time I start IE it asks if I would like to set it as default even if I previously set it to yes.

I am using Vista Enterprise with IE version 7.0.6.

Can anyone help?

A:Internet Explorer missing from Default Programs

This tutorial will show you the proper way.

Internet Explorer - Restore or Remove from Default Programs

If you cannot do the above due to corruption try an sfc command. Run three times if errors are found

If that does not work try a system restore, from before the problem


System Files - SFC Command
System Restore - How to

Read other 1 answers