Over 1 million tech questions and answers.

Leftover virus causing my computer to act like this?

Q: Leftover virus causing my computer to act like this?

Hello! A few months ago my computer was infected with the Happili virus. It was incredibly difficult to get out, but with the help of one of the guys on here, I finally got rid of it. I noticed my computer still seemed to be running slower than usual, though, but I chalked it up to a high CPU usage. Unfortunately, just a few weeks ago my computer has started acting really funky. It takes about two to five minutes for it to pull up my desktop. Sometimes it will open Firefox; other times Firefox will never come up, no matter how many times I click the icon. Still other times, Firefox will work temporarily and then just stop loading websites out of the blue. Sometimes there is no volume - it claims that the audio mixing device is missing - and other times the volume is just fine. Most recently, I won't have volume and can't pull the volume adjuster up at all, or I can pull the volume adjuster up but have absolutely no sound. Sometimes it will open OpenOffice and WordPad, but most of the time it never pulls them up. The one thing that remains the same is that 90% of the time, I have to force it to shutdown, otherwise it just sits there with an iconless desktop background. Also, instead of going straight to the "Microsoft Windows" loading screen (the one before the "welcome" screen) it shows me a black screen that asks me if I want to boot up in Safe Mode, Safe Mode with Networking or Normal Mode. This screen always pops up every time I turn it on.
Could some of the happili virus could still be in the system, and if so how do I get rid of it? I ran a Malware Bytes scan a week before posting this, and it did find one infected object, but when I got rid of it I still kept having the same problems I described above.

Edit: Here are the hijack and Gumer program logs. I couldn't find DDS and the computer froze when I tried to run it again, so I'll attempt it again later and post it then.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:38 PM, on 10/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\IDAILY~1\iDD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melissa Mullen\My Documents\Downloads\MicrosoftFixit.AudioPlayback.Run.exe
C:\WINDOWS\TEMP\RunBoot-Temp_.ba7ef05d-f53f-4961-a3d4-4738c0fca840\MatsBoot.exe
C:\Documents and Settings\Melissa Mullen\Local Settings\Temp\MATS-Temp\WindowsXP-KB926139-v2-x86-ENU.exe
d:\0cdd0288b881ede19c7264b376\update\update.exe
C:\Documents and Settings\Melissa Mullen\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Melissa Mullen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [iDailyDiary] "C:\PROGRA~1\IDAILY~1\iDD.exe" /LOGMIN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1230602150906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1230602133859
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6082 bytes

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-02 20:23:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9120817AS rev.3.AAA
Running: 1ojjgwk8.exe; Driver: C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\pxtdypow.sys
---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3D1B
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A4608
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A4669
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A46D9
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A470C
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1052] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4872
.text C:\WINDOWS\System32\svchost.exe[1052] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A4848
.text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A456A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1832] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013F7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1832] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013F7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1832] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011C3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1832] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013F7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3256] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3256] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3256] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3256] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86F332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86F332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86F332E2

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Leftover virus causing my computer to act like this?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 53.6

my computer recently got a virus or worm or malware or something...anyways there was a huge amount of pop ups and executables going off, I shut down windows and they haven't reemerged, but there is about a 50% drop in speed.

Running Windows XP Pro SP3

Heres what I scans I ran(thorough scans)
-Avast
-Symantec Antivirus(installed after lag remained and removed avast)
-Spybot Search and Destroy
-A-Squared Free
-CCleaner

basically when I ran any of the above(excluding CCleaner) it turned off my computer...I booted up in Safemode and tried the scans again, and it shuts down at some point during the scan....im guessing its a virus that shuts down the computer when scanned....so any hints? I don't really want to reinstall Windows, since I got this CD Key cheaply from my school, but its only a one time install key supposedly....Im guessing this is possibly a bad worm, since my computer is semi-laggy...and I tried installing WoTLK and it took 2 hours to do on a machine I bought 1 year ago which was considered high end then

HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:03 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEn... Read more

Read other answers
RELEVANCY SCORE 52.8

I am reparing a machine for a friend. After installing and updating Mcafee, I found and removed multiple viruses. However, the desktop still has a long message on a black background that reads: WARNING You Are In Danger All that you ever do on your computer...... Can anyone tell me how to get this off the Desktop? Thanks.
 

A:Desktop Virus Leftover

http://www.processlibrary.com/processscan/ this may help once you reach desktop,however i would run all the anti spy you have make sure you have spybot,adaware etc,download iobit v2 free install run then go to tools start up and look through the registry entries which are starting with windows,also microsoft malicious removal tool may be usefull
http://www.iobit.com/AdvancedWindowsCarePersonal/download.htm
http://www.microsoft.com/security/malwareremove/default.mspx
 

Read other 1 answers
RELEVANCY SCORE 52

This computer was infected (we are pretty sure) with the "Security Protection" virus. A well meaning person ran "ComboFix" without any supervision and managed to get it somewhat usable. Then he ran the "Security Protection" Uninstall. This helped a lot, but when I try to download Avast, the download link gets hijacked, so I'm following the forum's step by step process to try and straighten things out. There is a "Nero Express Essentials" icon on my desktop, I think this is part of the problem. Thanks for your time!
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:13:06 on 2011-06-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.2578 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPE... Read more

A:"Security Protection" leftover virus(s)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 19 answers
RELEVANCY SCORE 52

Good eveningSeveral weeks back I was hit by AV Anti-virus. I ran Rkill and MalwareBytes seemed solve the problem - all the fake Windows security pop-ups stopped. However, I still have internet redirects (usually from google searches, but sometimes at random times) to mostly harmless looking websites - caranddriver.com for instance. Lately though, things are getting worse. I cannot load windows update, keep getting win32 errors, my Windows theme has reverted to classic, Windows firewall will not load, my volume icon in the systray no longer works, and I cannot boot in safe mode without the blue screen etc etc etc. There's a host of other oddities that keep occurring - I can go on if you need.MalwareBytes, AVG Free, Adaware, Avira, and Windows Defender can't fix the problem (MBAB does find something each time I update definitions but the issues described above do not go away, the others find nothing). MBAB has identified qnlka.sys as a trojan in the past, and GMER has it lit up in red font too. But I cannot get rid of it, even when using KillBox.I just can't seem to shake this one, and really appreciate some help. ThanksDDS (Ver_10-03-17.01) - NTFSx86 Run by Chris Roberts at 19:36:29.35 on Tue 07/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.475 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC... Read more

A:AV Anti-Virus leftover? qnlka.sys?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 52

I am getting the following error reportGeneric Host Process for Win32 Services has encountered a problem and needs to close.C:DOCUME~1MELOCALS~1TempWER5602.dir00svchost.exe.mdmpC:DOCUME~1MELOCALS~1TempWER5602.dir00appcompat.txtWhen I first realized I had a problem, AVG stopped working so I unistalled it and downloaded Spybot and ran that in Safe Mode. This seemed to repair some of the problem as it found many infected files. I reinstalled AVG. Ran that and it to found infections. I then had problems running certain things like disk defragmenter and task manager. Unistalled Spybot and installed Malwarebytes. This corrected almost everything. AVG is now telling me that my atapi.sys is infected and it can't do anything to it. Here is a list of what is in my AVG virus vault."Infection";"Trojan horse SHeur3.ARI";"C:Documents and SettingsMemvhasyvimk.exe";"";"2/28/2010, 3:23:08 PM""Infection";"Trojan horse BackDoor.Generic12.AMHS";"C:lsass.exe";"";"2/28/2010, 3:29:17 PM""Infection";"Trojan horse SHeur3.ATW";"C:WINDOWSTempiufg.tmpsvchost.exe";"";"3/1/2010, 4:41:17 AM""Infection";"Trojan horse FakeAV.SL";"C:WINDOWSsystem32sshnas21.dll";"";"3/2/2010, 5:32:06 AM""Infection";"Trojan horse FakeAV.SY";"C:WINDOWSsystem32_VOIDkdkxcqwpwc.dll";""... Read more

A:Have leftover problems from either a virus or malware

Thank you Pandy for getting me in the right forum. I am having trouble getting the rest of my reports to post.

Read other 12 answers
RELEVANCY SCORE 52

Hi all,My computer had a virus until recently when I thought I removed it. Now the computer works fine ... for about 10 minutes before freezing. Is there anything in my logfile that shouldn't be there? Thanks in advance!ChadLogfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 4:27:23 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\System32\tabbtnu.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Common Files\Adobe Systems Shared\Service\... Read more

A:Random freezes, leftover virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Running Windows 10
Had a virus & did the following to remove it.
1. From safe Mode deleted a number of files that had been loaded in days related to the virus showing up.
2. Used Norton Virus tool to clean the bad files.
3. Used Norton Power Eraser as well to remove files.
4. Used Zemana Antimalware to remove some more files.
 
Remaining Issues.
1. Zemana Antimalware keeps finding "dnsapi.dll" as "MalwareWin64/Zelion!Rrkr" it does not repair this issue.
Location is C:\WINDOWS\System32\dnsapi.dll
2. Two RunDLL messages show up after login. "The specified modules could not be found" cvvlyy.dll & FollowComponent.dll.
3. Message window shows up after login *Validate Copy of Your Windows License!..." with a no. to call.
 
Computer seems to be working fine other than the listed items.
 
 
Thanks for helping. 
Jeff

A:Need help to fix leftover issues after attempt to remove virus.

It seems that your pc is infected with a virus / malware which is going to take some work and a deeper look. No sense running a bunch of tools first.Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

Read other 3 answers
RELEVANCY SCORE 51.6

Thanks to the great writeup on this site I was able to get the Smart HDD virus off of my machine. There are however a few leftover issues that I cannot sort out.

Mainly it's the windows 7 x64 pro taskbar. But first, fyi, the unhide routine did not restore those, or the start menu icons that come with windows 7 which include things like Control Panel, printers, help - those are in a separate vertical bar to the right of All Programs and the Start list. I was able to recover most of that by resetting to defaults.

The taskbar behavior is not like it was before and I have not been able to find any info on getting it back to 'normal'.

Before, all of my pinned items where steadily huddled on the left hand side of the taskbar. If I opened a program via one of those taskbar pinned icons, and then hovered the mouse of the icon, I'd see a preview/thumbnail of the open app, or several thumbnails if I had several word documents open. Any app that opened which was not related to the pinned apps would open with a much larger buttuon in the baskbar with both icon and text on the right/center side of the taskbar (icon and text like the name of the word document).

Now as I open pinned apps, the small pinned icon converts into one of the much larger buttons with icon and document name. It makes finding things in the taskbar chaotic. Right now my taskbar is a big button with icon and text for IE, a tiny firefox icon, a bit button with icon and text, three more small pinned ... Read more

A:Leftover issues from Smart HDD virus resolution

Press Windows+R key and copy this line%appdata%\Microsoft\Internet ExplorerClick okRight click on quick launch folder and select restore previous versionsSelect a previous date to restore the itemsNote:C:\users\username\appdata\roaming\Microsoft\Internet Explorer\Quick LaunchC:\users\username\appdata\roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBarThis is the location of your quick launch iconsgood luck

Read other 3 answers
RELEVANCY SCORE 51.2

Hello.

A few days ago, I was infected with a virus. I went through a lot of processes to detect the virus, and a while later I found out what it was.
I used a lot of programs, included were:

-Spybot
-Adaware
-McAfee
-Malawarebytes
-RootRepeal
-SuperAntiSpyware
-HijackThis

I wasn?t able to scan my computer in regular mode due to the virus, so I resorted to Safe Mode. Everything worked fine in Safe Mode, and I was able to locate where, and what it was. I was then later able to remove the files; there was about 14 of them, all located in the System32 folder, most of which were .dlls. Two of them were .dat files, I had 1 .sys file, and two .tmp files in my C:\WINDOWS\temp folder. They all had really long names, and had no particular sense to them at all, just a bunch of letters. I was unable to deleted them manually as they were hidden, so I had to use RootRepeal to remove them (they were definitely the virus, they weren't any key files for windows, as I've never seen them in there before. I made sure they weren't anything important before deleting them).

After that, I was able to run anti-virus programs in regular mode. So I ran everything I had in regular mode, and they all checked out clean. I looked at the scan logs, and everything looked fine. However, a while into this, my computer froze. I thought it was just a glitch, so I rebooted and went into Firefox. About 10 minutes later, my computer froze again (I tried it a couple more times, doing ... Read more

A:Virus causing computer to freeze

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 51.2

Hi everyone, no doubt this has come up before but thought I'd just start a new post.
Firstly I'm not a complete computer expert so if you could keep your answers as simple as possible that would be greatly appreciated!
Basically I've got a virus on my laptop. I've worked out that its called backdoor.rustock.b and basically it's causing my computer to act ridiculously slow and freeze up during scans.
I've tried norton 360 (which is completely useless) mcafee, spyhunter 4 and iobit advanced system care all with the same results.
Obviously this is quite annoying. I've thought of maybe restoring the laptop to its original factory settings but to do this I'd lose a lot of files and photos that haven't been backed up and the computer won't let me write these files to a disc or USB stick so ideally I don't want to have to do this.
Any help on this would be greatly appreciated. The computer is less than 2 years old and I simply can't afford a new one at the minute so need this one up and running again.
Thanks.
 
Mod Edit: Moved topic from Windows 7 to a more appropriate forum. ~bloopie

A:Virus causing computer to freeze

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 7 answers
RELEVANCY SCORE 50.8

Before when I was not as smart, I downloaded junk from not legit websites
the worst was STOP!zilla from Piratebay.
It gave me a rakyat kelaperan and brontok virus.
It took me short time to be rid of it luckily because i had CCleaner .
I downloaded AVG from Cnet and it found 1000+ worms I know now not to download bad things, but i still have leftover weird files and folders from the viruses
(and i dont have Stop!zilla it was never there in the 1st place only a virus)

AVG 2011, Ccleaner
TDSSkiller by kaspersky( has never found anything ever)
just downloaded Hijackthis

Please look at my computer specs 1st
here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:47 PM, on 9/13/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://combatarms.nexon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page ... Read more

Read other answers
RELEVANCY SCORE 50.4

Hello
I have noticed that i have a folder called xerox,and a subfolder called nwwia.Both folder are empty,and antivirus and antispyware detect nothing.However,what got me worried was that i coudnt delete the folder(being used) and i when i deleted it in safe mode,it came miraculously back.Enlighten me please,i have no idea what this is or what i should do

A:Virus Leftover,or Undercover Virus?

"Ask Leo" says not to worry. http://ask-leo.com/what_is_program_filesxe..._rid_of_it.html

Read other 2 answers
RELEVANCY SCORE 50.4

I have a virus similar to W32/IRCBot.worm which causes a computer to continually restart on it's own (3-5x/day). Have done several scans with McAfee A.V. 10 (and other programs) in and out of "safe mode" and cannot find anything. However, computer continues to restart.

I use Win2000 Pro with SP4
Use and have all the following:
McAfee A.V. 10
AdAware SE Plus (incl AdWatch)
SpyBlaster
Spy Bot
Panda Security Scan (done via internet)
House Calls (done via internet)
Ewido
Killbox
HiJack This

Have not provided a HJT log yet not sure how or where you might want me to start. This is a very frustrating problem. Any help would be appreciated, thank you.
 

A:Virus causing computer to restart; can't find

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 50.4

A couple of days ago, my Dell laptop computer wouldn't connect to the Internet. (I my computer connects to the Internet via a cable and not WiFi.) I call my ISP and the computer guy said it had nothing to do with the modum or the signal, and it was probably my computer. I have a mini computer (the one I am using now) and hooked it up to the cable and all appeared to be working well. I took my computer to a computer repair shop, and the guy said it was a virus. He also said that I had to back-up my computer, basically wipe-out the hard-drive, reinstall Windows 7 and then re-install everything back.

My questions are: 1. Can a virus cause a computer not to connect to the Internet and 2. If so, is there anything that I can do to get rid of the virus other than back everything up, wipe-out the hard drive, reinstall Windows and then put everything back? I use EST NOD32 virus protection and feel that this is a good program. If there is a virus on my other computer, I wonder why EST NOD32 didn't pick it up?

Thanks for any and all suggestions.
 

A:Virus Causing Computer Not To Connect to the Internet?

Read other 9 answers
RELEVANCY SCORE 50.4

Hello!

I think a virus is causing my computer to run very slow. The mouse is constantly turning to an hourglass symbol. Some applications aren't functioning like adobe acrobat. I also can hardly restart, the computer keeps going into start-up repair and failing. It took me 12-15 times to do my last boot. Also note that there are over 20 windows updates ready to install as a result of me doing a system restore. At first I thought that maybe there was a corrupt update but now I think it's a virus. I'm not sure how to proceed, can anyone help me? Here's my info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 4
RAM: 8190 Mb
Graphics Card: NVIDIA GeForce 8400GS, 1024 Mb
Hard Drives: C: Total - 129999 MB, Free - 18148 MB; D: Total - 823765 MB, Free - 150592 MB; F: Total - 1430795 MB, Free - 368379 MB;
Motherboard: Gigabyte Technology Co., Ltd., EP45-UD3P
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:54 PM, on 3/24/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\... Read more

A:Virus causing slow computer, can't restart

bump
 

Read other 2 answers
RELEVANCY SCORE 50.4

I have a friends computer that I scanned with Trendmicro Housecall. It showed that there were 15 viruses and 1 worm present. At the end of the scan, I chose the option of deleting the viruses and worms. However, one virus and the one worm were unable to be deleted. The only thing I can recall about the virus and worm was that one was "TROJ SPYAGENT.P2" Since that time, the computer has been crashing on a frequent basis - regardless if I'm in safe mode or regular mode. One time it stated that there was a problem with lsass.exe file. I was able to get HiJack This on and ran a log file which follows. If you have any advice on how to get this computer up and running again, it would be greatly appreciated! Thanks for your time in advance!

Ryan



Logfile of HijackThis v1.99.1
Scan saved at 8:56:02 PM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.... Read more

A:Virus and Worm causing computer to crash

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads(make sure to save these in a permanent location)
dsrfix.zip by Attribune- Unzip it to it's own folder on your desktop.
Cleanup! (Alternate Link)- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Ad-aware-Install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also download the VX2 plugin to download the plug-in for fixing VX2 variants. To run this tool, go into... Read more

Read other 13 answers
RELEVANCY SCORE 50.4

hi guys
i ran hijack this and will post log below
if anyone could help i'd appreciate it
i need someone to interpret the log file and instruct me which files are bad boys

i did a system restore and it helped somewhat but computer is still dragging so i suspect problem is still there

amazingly i feel i got it when i tried to download a xp service pack 2 and network drivers for another computer from what i believe is a dell support site

if anyone knows where i can get the files safely i'd appreciate it
it seems many of these sites purporting help are shams

here's the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:36 PM, on 4/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program ... Read more

A:redirect virus causing slow computer

Steve,

I'm going to close this since you've already been helped at TSF

Read other 2 answers
RELEVANCY SCORE 50

Computer takes forever to startup and the wireless internet wont find any connections. This all happened after a program i tried to install said MSVCP90.dll was missing and couldnt install. So i downloaded a dll fixer program and when i restarted my computer things were wrong. At first when i restarted the screen was just black besides the mouse cursor..Please Help
THanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:49 PM, on 1/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Max\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,L... Read more

Read other answers
RELEVANCY SCORE 50

Hi all, over the last week or so I've noticed my internet connection speed drop to below 2.2Mbps Down and .9Mbps Up where I'm supposed to be 50Mbps Down and 3Mbps Up via cable. I've monitored the network traffic when running the speed tests and there doesn't seem to be anything else running affecting it. I'm cabled into my network via Linksys Router and the Shaw Modem and I've connected a laptop to the same set up and I get 44.62Mbps/2.94Mbps. I've run Spybot and Avast checks everyday with no luck. I'm really stuck as to why my connection speed is so slow, the only thing I can think of is a hacker/trojan. Twice over the last week I had explorer.exe crashes that at one point were so frequent I had to reboot. Thankfully this does not occur all the time. I've run the tests using IE9, Firefox and Chrome. I've plugged directly into the Modem and I get the same results. I'm not really sure where to turn next so any help will be most appreciated. Thanks.
Here's my Hijackthis log file:

Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
K:\Program Files (x86)\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
K:\Program Files (x86)\AI Suite II\AsRoutineController.exe
K:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe
K:\Program Files (x86)\AI Suite II\AI Suite II.exe
K:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
K:\Program Files (x86)\AI Suite II\Network iControl\NetSvc... Read more

A:Possible Virus/hacker causing computer/network slowdowns - please help

Aha! It was some software from Asus that came with my motherboard that's been causing the issues. Program is called Asus Network iControl. Network speeds are back to normal after uninstalling it.

Read other 1 answers
RELEVANCY SCORE 49.6

Hello;

Starting yesterday after receiving a Windows update, my computer has begun to run very slow, and I am getting random IE popups despite being in Firefox. I see a lot of people keep posting Hijack This logs so I tried to download it and now, my computer won't even let me download anything. It prompts me to "Save File" but nothing happens after I click that.

I ran VundoFix and it said it deleted the trojan, but I am still getting the popups.

Right now, my On-Access Scan from McAfee just notified me that it has deleted 4 trojans (BCBX1T5J.EXE, 00004060.EXE, B3K1Q4KQ.EXE, and 00004060.EXE) as well as 4 RemAdm-ProcLaunch!171, whatever that is.

I have done McAfee scans, AdAware, and Spybot and it hasn't helped.

Someone please help me because I have had two computers in the past crash (not virus related, just randomly) and I cannot stand to lose all my pictures, music, and past homework from college again for the third time

additionally, i received a warning that my virtual memory was low and i have never received that warning before....please someone help me i'm on the brink of tears here

I am also now hearing random sound effects in the background.
 

A:PLEASE help; random trojans/virus causing IE popups and slowing computer

Hey,

Alright, so for 6 hours last night, I was finally able to rid my computer of the iexplore.exe virus by running several virus scans/adware/malware scans you name it, and I was able to get rid of it by finding the programs it was hidden under and deleting them from system32 and prefetch. However, something that recently began as of two days ago is that whenever I start up my computer or restart it, once I get past the welcome screen, I see my desktop background by itself for a good 3-4 minutes before any of my desktop items or taskbar appear. During the time of my virus, I performed many different scans, a defragment, and also experienced at one point several warning messages of "low virtual memory"

I have cut down the number of startup programs, this has not helped.
Ran Advanced WindowCare, this has not helped.
Turned off system restore and then turned it back on to get rid of any traces of the virus I had, did not help.
Set my virtual memory so that the my system itself decides what the min. and max. should be, this has not helped.

I have run all of my scans under Safe Mode also to ensure I catch everything.

I have no idea what to do next to speed my boot up back to normal, any ideas? Please help, I feel like I've come so far, I don't want to give up now and give in to a reformatting! I'm proud of myself so far haha
 

Read other 1 answers
RELEVANCY SCORE 49.6

Hello people as you probably guessed I have recently received a computer virus which is causing me the following problems.

- Really slow start-up that sometimes does not get passed the login screen
- Bluescreens on shutdown
- More random bluescreens occasionally
- Preventing me from doing windows update ( error code 0x80072efe)
- Some Administrative privileges of mine have been taken away.
- Its also changing the theme (windows and task bart etc..) to a older looking windows
- Explorer.exe crashes
- And just general slowness

At the time of infection I was using AVG but as it seems it didnt do much.

I have done scans with Malwarebytes, Spybot, AVG, Avast, Windows defender and they have removed some threats but there still seems to be a problem so here are my logs as requested

Also I don't have access to a Windows Install disc.

System specs are

Windows Vista Home Premium 32 bit
Intel Quad Core 2.4ghz
4gb ram
Nvidia GTX 260
-------------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe at 11:41:00.60 on 04/05/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3326.1658 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
. ... Read more

A:Computer Virus causing Bluescreen and failing Windows Update

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follo... Read more

Read other 19 answers
RELEVANCY SCORE 49.6

Hello, I have owned my Dell Inspiron 6000 laptop since August '05. I have kept good care of it, frequently using programs like Ad-Aware, Registry Mechanic, McAfee Anti-Virus, and Disckeeper. However, none of those programs seem to help this problem. Let me explain the problem: Initially, when opening up Counter-Strike: Source, between 20-40 minutes of play, my steam program (the program that runs CS:S) shuts down, then immediately following my computer automatically shuts down without any notice or any keys the user touches to prompt such a shutdown. This has been an absolute menace, and twice now my computer has seemingly been so corrupted that when I try to reboot my computer after letting it shutdown, passing an unusually slow Dell Inspiron introductory screen, I get a black screen with a small flashing white type cursor in the top left...this is the last straw...I do not even get a windows screen prompting, and I'm forced to cold boot my hardrive. Doing so at least 20 times in a short span, miraculously the windows screen loads then everything runs fine...until the next time when I play CS:S. Even then...just now in typing this to you (for a second time, since my computer restarted without even opening CS:S) my computer auto shutdown in the middle of running an Ad-Aware scan. To further help you with my problems, I have been noticing some bizzarre activity in my run/msconfig/startup command screen. For example, the files "dumpprep 0-u" and "dumppr... Read more

A:Devestating virus causing automatic shutdowns and computer blackouts

Hello RedGrant,

Busy forum with many requests, though your sense of emergency is understood by all the folks who help. No infection showing here though. The dumprep you keep seeing are the result of those errors - you will have most likely seen those "Send report to MS" messages about the same time on some. These are dumps of information to be made available for assessment to determine the problems, but require special tools and skills to use in any meaningful manner. Although no infection the log shows startups disabled through msconfig, so as this is not a "complete picture" let's take a different look here. If you have problems running this scan try doing it in Safe Mode (at startup tap F8 and select that from the list), but normal mode is the preferred mode for it.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar.
4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner).

Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.
 

Read other 1 answers
RELEVANCY SCORE 49.6

Hi,

My computer installed Spywarebot and Virus Protect Pro which I understand are rogue Spyware. I have tried and apparently successfully removed them using by scanning with SpyHunter, Spybot Search & Destroy, Adaware, Registry Mechanic, Spyware Doctor, AVG Anti Malware and my MacAfee Virus scanner.

However, everytime I turn off or restart my computer, it starts up to the windows XP welcome screen, hangs there then reboots and continues to do this cycle. Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:34:50 AM, on 9/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\www\Apache22\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS... Read more

Read other answers
RELEVANCY SCORE 49.6

My computer has a virus or some type of malware, but I am unsure what it is. Virus scanner doesn't seem to locate it, and Ad-Aware lists several 'unknown' items. My browser runs very slowly, and I have a hard time accessing certain websites associated with virus/malware scanners, such as Malwarebytes, so it is very difficult to get any anti-virus software. It also takes me very many tries to get into this forum. I occasionally get pop-ups as well. Please advise on what I can do, any help would be appreciated.

DDS log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Nick at 13:53:15.57 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1189 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:&#... Read more

A:Computer seems to be infected with virus or malware causing pop-ups and browser issues

Hi there,Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.Link 1 Link 2 Link 3 IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on Combo-Fix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt i... Read more

Read other 19 answers
RELEVANCY SCORE 48.8

Popups, slow operations, you name it. It's bad here.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:36:47 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Gateway User\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/... Read more

A:Solved: Pls help: HT log posted - Nasty virus / malware causing me & my computer pain

Read other 12 answers
RELEVANCY SCORE 48.8

Hello wonderful computer geniuses I was reading the comments on the download quality of a movie on isohunt.com and all of a sudden my computer started beeping and everything froze. I immediately turned it off with the power key because I have had viruses before and was weary. Upon reboot, as soon as I put my password in as administrator the computer rebooted itself before I could do anything (and did this again, ever time I tried to boot-up in Normal Mode) . I was able to log-in to safe mode. I ran Malwarebytes to no avail. I then ran AVG and Spybot Search and Destroy. AVG did not find anything because the log showed all the files as locked. Spybot found a few files which it deleted but the problem persisted. I also ran CCleaner to no avail. I then ran Spyware Doctor which found some files and an alleged Trojan but it did not seem to be the one that was affecting the re-boot. I tried to run SDFix but the virus has prevented it from loading. I am also not able to do a system restore or turn on any firewalls or internet security. I have also heard Dr. Web is good but it will not let me run it in SAFE mode and I can not do anything in Normal Mode. I am weary to do anything with the Registry seeing as I am not a pro. I ran 'Hijack This' and the log is below:Please, please help me out in anyway you can! I have my files backed up but can not afford a new PC! Thank you so much in advance!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:36:54 PM, on 19/09/... Read more

A:Virus/Trojan causing Computer to re-boot everytime I log in to Normal Mode

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

Hi Tech Guys,

I don&#8217;t usually have problems using my laptop but recently I&#8217;m experiencing this weird case where at some point of the anti-virus scan, my laptop will unexpectedly shutdown thus not completing the scan. I&#8217;m also experiencing frequent random shutdowns over the last month.

A week ago I noticed that my AVG free 8.5 scheduled everyday scan was not being completed. I usually leave my laptop open and running before I go to work in the morning. The everyday scan is scheduled at 12noon and upon returning home, I&#8217;m always surprised to see my laptop shutdown-ed. When I hit the power button, the screen will say something like the system experienced unexpected shutdown and I will just choose the start windows normally option.

I then decided to change my anti-virus program to ESET Smart Security 4 free trial (and will eventually buy it depending on its performance) but I&#8217;m still experiencing the same problem.

Earlier today, I also decided just to run nothing but the anti-virus program and at around 86% of the scan, my laptop suddenly shutdown. So I&#8217;m guessing it is something being detected by the anti-virus program but cannot be cured/removed just by a normal scan.

By the way my laptop is HP Pavilion dv6000, Windows Vista Home Premium 32-bit OS, Intel Core 2 1.60 GHz and 1G RAM. Below please see the HJThis! Log.

Any help would be greatly appreciated on this very annoying and troublesome bug. Thank you very muc... Read more

Read other answers
RELEVANCY SCORE 42

Hello

First of all i need to let you guys know that i am not very computer literate. So any technical computer talk may stump me. When i start my computer and log on to my account, i get a message saying that the module c:\windows\system32\guserohu.dll couldn't be found, i scanned my computer with ad aware and managed to detect one by the name of win32.adware.virtumonde/c.

After i removed it and restarted my computer, i get the same kind of message but this time it isn't guserohu, it's now c:\windows\system32\himesuvo.dll And another thing, my anti-virus software, windows live onecare, keeps turning off it's automatic update and after repeated turning the auto update on and on again for like 2 hours, the program closes. After that i can't manually start it. It says to restart my computer and i did, still keeps closing automatically. I'm fully convinced that it is a virus. i get pop ups on my internet browsers too, whether i am using internet explorer or google chrome.

But it is my fault, i was er.... downloading some ummmm "things" and my computer got infected :( . Also, i do not have a boot cd or windows installer disc. 1 more thing i have to add, when i first realised that something was wrong, i immediately scanned with windows live onecare (strangely it was working then) and removed 2 viruses, i can't find records of it in my onecare program and i don't remember the names. I did this before what i stated in the above paragraphs

Here are th... Read more

A:My anti virus keeps shutting down, convinced it is a virus causing it

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Right click system tray icon > on main page click Change Settings > click Viruses and Spyware Tab > Tick "Off" radio button > Apply and OK.

Also either have to disable Firewall, or approve one of CF's files, or RC won't install for XP

Firewall Tab > Off > OK

------------------------------------------------------

Please post the C:\Combo... Read more

Read other 11 answers
RELEVANCY SCORE 41.6

Can you help me disinfect my computer? Here is the main.txt. I attached the extra.txt from the dss.exe. I also attached the log from the Panda free online scan:

Thank you in advance for all your help.
Rolewine

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-11-16 16:16:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-11-16 21:16:41 UTC - RP327 - Deckard's System Scanner Restore Point
92: 2007-11-16 09:21:37 UTC - RP326 - System Checkpoint
91: 2007-11-15 08:17:15 UTC - RP325 - System Checkpoint
90: 2007-11-14 08:00:51 UTC - RP324 - Software Distribution Service 3.0
89: 2007-11-13 12:54:13 UTC - RP323 - System Checkpoint


-- First Restore Point --
1: 2007-08-18 1613 UTC - RP235 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-16 16:18:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.ex... Read more

A:Troy Ball Virus infected my computer causing signature Troy Ball to appear in email

Can you help me remove the Troy Ball virus from my PC?

Read other 3 answers
RELEVANCY SCORE 40.4

When i booted up a client's computer, i noticed that it displayed a screen about the C:\WINDOWS\System32\config\system being corrupt thinking hat it was a computer he just bought at a shop like Futureshop, i replaced the corrupt registry file with a generic one. HOwever, aparently he bought his computer from the place he works at. Now, when the computer starts, lsass.exe displays the error "When trying to update a password, this return status indicates that the value provided as the current password is not correct." Some help please? Thanks
 

Read other answers
RELEVANCY SCORE 39.6

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

A:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 4 answers
RELEVANCY SCORE 39.6

the other day I was downloading something from sharebee.com when i got a popup from the site. the popup's address was a sketchy looking ".info" site and the page was blank except for a small box in the middle. I figured that this was an infected page so i did a google search on it and it showed up as containing "antivirus2008" virus on some diagnostic site that i do not remember... shortly after this page loaded my computer became really sluggish to the point where i couldnt do anything. so i restarted it.

then i saw somethin i've never seen before. a red window showed up on screen before windows loaded saying that "Trend Chipaway Virus has detected a boot virus on your hard disk" and won't let me load up windows. I tried to boot anyway, but when i click on my username it just logs me right back off. I tried to boot it in safe mode, and it also logged me right off immediately. It tells me to insert a bootable floppy disk, which i do not have. I do however have an xp disk. I put that in my disk drive and tried to reinstall windows. I chose to do a repair installation, and it went through the first part of the installation and rebooted. then the setup screen came up and it went through the "collecting information" "dynamic update" and "preparing installation" portions, however once it got to the installing windows section i recieved a fatal error saying "An error has been encountered that prevents Setup from co... Read more

A:boot virus causing "trend chipaway virus" message. can't log on, reinstall hangs AH!!

nothing huh.

Read other 3 answers
RELEVANCY SCORE 39.6

hey guys. I have peerguardian 2 and everytime i start my computer someone called offeroptimizer.com/static.callinghome.biz[spy], st. also i was looking with spysweeper at my items that startup with windows and i noticed there is something called ShowWnd.exe and i googeld it and some things said it was malicious and some said it was not. Maybe you could help me out. Heres my Hijackthis log. Thanks.Logfile of HijackThis v1.99.1Scan saved at 4:20:18 PM, on 5/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files&#... Read more

A:HJT-Leftover

Welcome leftover to Bleeping Computer.*Restart the computer.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.*Use the arrow keys to select the Safe mode menu item*press Enter.***We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.***Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeClick on Fix Checked when finished and exit HijackThis.***Open Windows Explorer.Find and delete this file:C:\Windows\System32\ShowWnd.exe***Reboot the computer to normal mode.Please post back in this topic with a fresh log using HijackThis.

Read other 16 answers
RELEVANCY SCORE 39.6

Hi. Um, I have a virus that's causing lag, but it only happens in games, like counter strike and world of warcraft, ms in wow is going over 300, even more, and usually it was 40 - 60 and latency in counter strike is changing all the time, it goes from 20 - 800 and back, it's annoying. I possibly have another virus, since I was getting some messages, like when I start a program, little window pops out and it says "This is not valid win32 application" and program doesn't open, I'll tell you what does it say exactly when it happens again. I'm also getting blue screen of death, something like this: http://jmobley123.files.wordpress.com/2008/10/blue-screen-of-death1.jpg
It doesn't happen a lot, but it does, at least 3 times in 24 hours. Note: That bsod screenshot isn't mine, dunno, maybe there's some difference. I didn't really read the whole thing when it happened to me, but I'm guessing it's the same...

My system:
Windows Xp Professional, 2002
Service Pack 3

I don't know if this is needed for this to be fixed, but here's the hjt log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:22 PM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WIN... Read more

A:Virus causing lag :|

Read other 8 answers
RELEVANCY SCORE 39.6

Hi Everyone-

I believe I've picked up some sort of virus that is forcing new advertising pop ups every time I am using Internet Explorer (ver 10). Each time I click on a link, a new window opens with a random ad. Also, websites I normally frequent now have links in certain areas which will bring me to an ad if I click on it (see below).

I believe I picked up the virus after being directed to an add on site while using a program called Audacity.

I also ran Avast with no luck.

Thoughts?

A:Virus causing new pop up ads in IE?

iPaul626, You might want to take a look at your tools in IE, Select Manage Add-On's and your browser highjacker might be there.
Or you could download the free Malwarebytes at https://www.malwarebytes.org/
and run it in the full scan mode.
It might not be what they call a Virus but in reality a browser hijacker..

Rich

Read other 9 answers
RELEVANCY SCORE 39.6

Hi folks,

I've been running this harddrive on my pc for a few years ... i installed the win98se OS from my licensed cd, a few months after xp came out, i bought an xp upgrade and upgraded my pc to xp. I went through the validation process and everything. Now all of a sudden, I replace the batteries in my keyboard, reboot my pc and get a msg saying 'You may be a victim of software counterfeiting' ... I've searched here to see if there was a new virus and noticed each time you see those words, the thread is closed. I don't know who else to ask, I KNOW this is a legal version of windows, I've bought and installed everything from the windows cds and validated it. It has been a legal copy from the time I installed it. How can this happen (what could have changed it?) and what can I do to fix it? Please post here or msg me. Thanks for any help you might be able to provide.

Btw, I'm currently in the process of running a virus scan just to check the pc out.

Edit: AVG has finished a complete scan with no threats found. Ran AdAware and Spybot as well, everything appears to be clean.
 

A:Can a virus be causing ... ?

Just wanted to let you know in case you ever run across this yourself.

While making coffee this morning, I was going over the sequence of events when switching the batteries on my keyboard. I remembered that the button I have to push on the keyboard to sync it to the wireless controller had the letters ch1 and ch2. I re-sync'd the keyboard hoping it would choose the original ch setting, booted up the pc and now I have no windows validation problem at all!

Thanks for looking at this though.
 

Read other 1 answers
RELEVANCY SCORE 39.2

HI, i removed a security program,and i now find that i have leftover files, i went into task manager found file location, but when i try to delete them, a popup say's i need permission. i am the only user on the pc and also administrater how do i obtain permision or is the another way to delete. i have vista premium 32-bit...thanks

A:Get rid of leftover files

Hi patch41, Take ownership of that file and then delete it.

Read other 5 answers
RELEVANCY SCORE 39.2

I got some kind of malware last week. I kept getting tons of pop-ups, which never bothered me before, and other things. One of those fake anti-spyware sites that took over my computer till I shut it down, etc.

So in the past week I have done the following:

I ran Stinger, Ad-Aware, Malicious Removal Tool, CC Cleaner, Housecall, HS Remove, cwshredder, Kill2Me, all of which found nothing, and did a System Restore which had no effect..

Then I ran Malwarebytes and Stopzilla both of which found some Trojans, Malwares, Ad cookies etc and deleted them. (No worms that I could see.)

Since then I still have the following problems:

When I load Firefox - before the page loads in the upper left hand corner I get the following box:

"Java Application Type Error: spElement is null." (A search of "spElement is null" on Google turns up nothing.)

When I click OK, the message box disappears and Firefox loads. Sometimes a few different pages load, Ask.Com, My * 10.Com, etc. A couple pages sometime try to load but there is a message box that says the locations couldn't be found. I click off those pages, I seem to be able to use Firefox without any further problems.

If I try and load Internet Explorer, a bunch pf pages try to load, all with the same internet address with numbers, letters, and symbols that I have never seen before (not a foreign language, but symbols which aren't on my keyboard, letters, etc) Luckily for each page that tries to loa... Read more

A:A few leftover's that I can't seem to shake??

I would do the following.....Use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....LINK 1LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.After running Rkill update and run MBAM. Next I would install AFT Cleaner check the box for select all and then run it. Finally, I would run SUPERAntiSpyware. If you have more than one username then you will need to scan each user account seperately with this.

Read other 1 answers
RELEVANCY SCORE 39.2

thank you for helping me,

Here is where we were working on Internet Explorer issues before I was told there was leftover malware items> http://forums.techguy.org/windows-xp/949714-internet-explorer-problem.html#post7597460

i ran the uninstaller then did the hijack this scan again.
i didn't see the two items you said i should check mark on the list.. so i looked back at the first log and they are listed, but now after the uninstall they are gone. because im not sure what to do, i didn't do the Norton uninstaller part yet.. this it the latest file after the uninstall.

i also noticed that when i would open any file the Search Settings v1.2.3 tried to open every time, and i had to hit the cancel button several times to close it. now that I've done the uninstall, it no longer does this. im guessing they are related somehow and i hope that this new information doesn't come too late..
thank you again for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:46, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\... Read more

A:Leftover infection

Search Settings seems to be gone alright.

As for Norton, it should be removed since you should never run more than one antivirus software at the time. They will work one against the other (Avira and Norton), cause your system to be slow and even freeze. Your computer will be even more vulnerable.

Your log is showing traces of past or present infection. After we're done here, we'll need to get you transfered to the Virus & Other Malware Removal forum.
 

Read other 1 answers
RELEVANCY SCORE 39.2

Can anyone tell me if there is such a progamme that can detect leftover programmes on the pc. By that I mean, when you have installed a programme and then decide you don't want it, you delete it from the add/remove control but it always seems to leave some file behind.

Is there anything that would clean all those files up? Hope I am making sense.

Thanks
 

A:Leftover files?

Read other 14 answers
RELEVANCY SCORE 39.2

After finally getting the Windows 10 Anniversary Update to install, as expected, I had a WIndows.0ld file. Following instructions posted here and elsewhere, I used Disc Cleanup to remove most of that file.

There are still two folders remaining in Windows.old from System32, one in Drivers (IntcDaud.sys) and one in DriverStore (intcdaud.info.amd64xxxxx.) When I go directly to System32, both drivers appear in the same folders where they show in Wndows.old. Disc Cleanup no longer even recognizes Windows.old, so I cannot run it again to remove what appear to me to be extraneous entries.

Can I safely use Unlocker to try to remove the remaining Windows.old file, which likely would only work after a reboot? If not, is there some other method, short of using the Jaws of Life or a ten-pound sledge hammer to remove the leftover Windows.old file?

A:Windows.old leftover

Hello Not Myself,

Unlocker should work for you. If you like, OPTION THREE below should work as well.

Windows.old Folder - Delete in Windows 10

Read other answers
RELEVANCY SCORE 39.2

Hi I need help getting rid of some trojan/malware remains. Malwarebytes and tdsskiller don't find anything but I am still getting internet explorer redirects, windows firewall turned off & will not turn on and need help because it looks like I may have a rootkit hiding somewhere. I have included my dds files. Also avast is showing alot of "malicious URL blocked" messages and the process is C:\Windows\System32\ping.exe. I have ESAT, MBAM, SAS & HiJackThis logs. I have combofix, aswMBR & minitoolbox dl'd & ready to run but don't want to use them without your direction. I have windows 7 32 Thanks!

A:Win7Antispyware leftover fix

Update......running eset fixed the redirects but I wonder if I still have the rootkit. Eset said I had a variant of the Win32/Sirefef.DN trojan.

Read other 19 answers
RELEVANCY SCORE 39.2

I seem to have some virus or malware that has hi-jacked my outlook address books and is sending out e-mails. They do not appear in my sent file in outlook. I discover it has happened when it finds several addresses that are bad and they get returned to me. I have tried Avast, Norton security, malwarebytes and spybot S&D. They don't not find anything. Any ideas?

A:Virus causing e-mails to be sent out

Welcome aboard They do not appear in my sent file in outlookHow do you know, some bad email had been sent then?

Read other 1 answers
RELEVANCY SCORE 39.2

Once I have started up my harddrive I have an opening error message not once but twice stating file efcbxy.dll can not be found. I already have Hijack this version 2.0.0.2 but this message will not go away. I have AVG 9.0 installed and just a minute ago had a file blocked by AVG beijan.in/capt/index.php

This .dll file, (I have no idea if this is the route cause) but my harddrive is crashing. Internet Explorer is locking up and anything I do is in trutle speed at best. I have run full system scans with Hijackthis and AVG Neither have found this file nor have the problem been corrected.

Any ther ideas are more then welcomed. Working on an HP compaq, P4, windows XP, Hijack this version 2.0.0.2, AVG version 9.0 & Threatfire.
Thanks
P.
 

A:DLL virus causing issues

Read other 10 answers
RELEVANCY SCORE 39.2

Hi All

A contact on IM sent me a link to view a pic and like an idiot I clicked on it.... now it is sending to my contacts with a link.... something like foto http://myspace.com/view.php or something........ this results in msn dialogue screens flashing up or disappearing....

this is the hijack this log .... I ran antispyware and a virus scan but it still does it.

Logfile of HijackThis v1.99.1
Scan saved at 19:25:19, on 10/12/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\fxstaller.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Progr... Read more

Read other answers