Over 1 million tech questions and answers.

Some sort of malware (Mail.ru) is begin downloaded using cmds

Q: Some sort of malware (Mail.ru) is begin downloaded using cmds

I recently downloaded a malware by accident it was 'Mail.ru' but using Malwarebytes and avast I removed it quickly.
 
Every 3 hours or so command prompt open and tries to download malware or virus, but Malwarebytes stop it before damage is done.
 
Is there any way to stop this.

RELEVANCY SCORE 200
Preferred Solution: Some sort of malware (Mail.ru) is begin downloaded using cmds

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Some sort of malware (Mail.ru) is begin downloaded using cmds

Hello Computa and welcome to the Bleeping Computer forum.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Note: Please run these in the order given in the instructions.
===================================================Download and run AdwCleaner
Download AdwCleaner from here and save it to your desktop.
run AdwCleaner by clicking on Scan
when it has finished, leave everything that was found checked, (ticked), then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================Run RogueKillerIMPORTANT: Please remove any usb or external drives from the computer before you run this scan!
Close all running programs.
Download RogueKiller to your desktop
close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.
===================================================Run Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
press Scan button
it will produce a log called Frst.txt in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.
Logs to include with next post:AdwCleaner log
RKreport.txt
Frst.txt
Addition.txt
Thanks
Satchfan
 

Read other 18 answers
RELEVANCY SCORE 63.6

I have Windows XP 2005 which had the Norton Security pack with McAfee Firewall and McAfee Anitivirus. The antivirus expired. Oops on my part. I purchased and downloaded The Shield Deluxe 2008. Immediately I had windows popping up that stated - Detected: Riskware: Invader and messages of processes trying to inject into other processes. I have no clue what this means or the action to take. Is anyone familiar with this? I uninstalled the McAfee antivirus from Add/Remove. I don't know if I should uninstall The Shield or if it is actually working. Is there hope?
ritap

A:Downloaded New Antivirus Program And Can't Begin To Figure Out What's Going On

http://www.siteadvisor.com/sites/pcsecurityshield.comyou have been taken advantage of, now we need to see what they put on your computer

Read other 3 answers
RELEVANCY SCORE 62

Hi my computer is super slow, I accidentally download something from email and everytime i restart my computer it pop up windows couldn't find .....someting someting .vbs .
Also i download ed some software to remove start-up program and its slow the computer even more.
I use lavasoftusa adware removal program.
And i use spyblaster too clean spyware.
Anyway this is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:26 AM, on 9/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
... Read more

A:HELP! Computer super slow, too much malware and junk software downloaded from e-mail

Read other 7 answers
RELEVANCY SCORE 57.6

And the worst of it is, it's all my fault. But, though I surely deserve what I'm getting for my stupidity, I'd still like to remove it and fix the damage it's caused... Anyway, I don't know much about this virus, and I'm not exatly sure what all it's done, but I'll tell what happened and hope someone else has an idea.

It was in an AIM profile. That is, it was linked to in an AIM profile, with a devious "pics from my trip" title. Which was unfortunate for me, because this profile happened to belong to a pretty girl who actually had just gone on a trip... The "it" in question was an .exe (pics.exe), which should've warned me, but it claimed to be a slideshow and I foolishly trusted it. I downloaded and ran it; nothing much obvious happened. Maybe an hourglass by my mous for a second, but that's about it. It was about then that I began to realize how stupid I'd been... I looked at the rest of the profile:

"www.g00ns.com is the best site ever!"

or something like that. Oh dear; I've seen that site mentioned before. I asked her about it, and nope - she had no idea that that was in her profile. I immediately ran to delete it - no luck, it won't let me. I found a "pics.exe" process running and ended it, scanned with Norton (which found nothing), then went into Safe Mode (with networking, if that makes any difference). In Safe Mode, I deleted it, then searched for "pics&... Read more

A:Downloaded some sort of virus.

Read other 16 answers
RELEVANCY SCORE 57.6

bump...
my sister downloaded this virus from some random guys aim profile...
i've tried everything that has been said here....but the little bugger still pops up....
help!!

Logfile of HijackThis v1.99.1
Scan saved at 9:32:18 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Windows\SYSTEM32\Rpcnet.exe
C:\Windows\System32\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Windows\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.324\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimho... Read more

A:Downloaded some sort of virus.

Read other 6 answers
RELEVANCY SCORE 57.2

Hi!

My Sony VAIO laptop computer is not feeling well.

I have Windows Vista 32 bit, which i have (presumably) upgraded to at least SP1.
As for Service Pack 2, i can not install it due to the problems i am about to describe.

When i first log into Windows, i log in as my only user account (named "Lizard"), which is also my administrator account.

Among the very first messages i get is an error from RunDLL stating that "Error loading C:\Users\Lizard\AppData\Local\Temp\ddcAsqpO.dll".

After closing that alert - everything works just fine for between 2 to 20 minutes.

Then, i get another message that says "Host process for Windows services stopped working and was closed.".
After this error message, my beloved laptop goes through a Dr. Jekyll/Mr. Hyde tranformation.
Everything related to Windows Explorer goes in slow motion, if i - for instance, want to save an image i have created - i have to wait for several minutes before the computer unfreezes. That is, if i'm lucky enough to get it back in the first place.
I have tried to get relevant updates for Windows; apart from Service Pack 2 i have also tried to use Windows Update, but i get an error message during the download procedure and then nothing is installed.

The same applies to Spyware Doctor, a program that used to run regular scans of my computer earlier, but now has been paralyzed by something.
Beeing a happy amateur, my investigations have produced very little.

I have, however... Read more

A:CMDS malware, blocked Windows Update and "Host process stopped working"

Read other 8 answers
RELEVANCY SCORE 57.2

hi,
when i download photos from my canon camera, they are all put in a folder that is named according to the DOWNLOAD DATE. i'd like the photos to go into folders that are named according to the SHOOTING DATES. this was the behavior of windows in the past and for some reason it changed.
can you tell me how to change this and to get the photos sorted according to the date they were taken?

can you also tell me how to number the photos continuously, instead of numbering from 1 on each new date? i'd like the photos from day one numbered 1 to 14, from day two 15 to 23, and so on.

A:Sort downloaded photos by date taken

Hi tamirhoresh

I use the following free application to organize my images as part of my workflow.

cam2pc - Image Viewer and fully featured Digital Imaging software to Download, Organize, Modify and Share your photos

It has a down loader that should work with your camera and will allow much finer control than any of the manufacturers offerings. It will even re-name your existing structure to what you decide to go with

It can actually create folders and image filenames from the files own internal MetaData.

There is a Paid version but have found that the freeware does everything I need.

It is compatible with MS photo programs but actually contains a good set of display options so may even replace them

Read other 1 answers
RELEVANCY SCORE 54.4

In Vista Windows Mail is it possible to sort mail using different parameters in different folders? Some email clients allow you to do that, e.g. Saved Folder: sort by Received/Descending, Inbox: sort by Received/Ascending.... and so on.
I find that currently if you set one, it sets them all.
The reason I'm asking this "so late in the day" is that I've just switched to (a hacked) VWM in my Windows 7 and 10 OS's from Incredimail, which was driving me batty.
This is not that important but thought I would ask.

..

Read other answers
RELEVANCY SCORE 54.4

In Win XP, the contacts selection called up the contact name and e-mail in separate columns, so that you could sort the list by name or by e-mail address.
Is there any way of doing that in Win 7?
Occasionally I get an e-mail with just the e-mail address, but not a contact name, and I'd like to be able to find out who it is.
All suggestions appreciated.

A:How can I sort e-mail contacts in Windows Live Mail?

Under the Home tab in Contacts Click on View there is a Sort By with an arrow. Click there and you have a choice of how to sort, last or first name.
Also if you click on Mail- the same thing- Under the Home Tab-View- there is also a way to sort the emails

Read other 3 answers
RELEVANCY SCORE 54.4

In Vista Windows Mail is it possible to sort mail using different parameters in different folders?
Some email clients allow you to do that, e.g:
Saved Folder: sort by Received/Descending,
Inbox: sort by Received/Ascending.... and so on.
I find that currently if you set one, it sets them all.
The reason I'm asking this so late in the day so to speak is that I've just switched to (a hacked) VWM in my Windows 7 and 10 OS's from Incredimail, which was driving me batty but did have that one redeeming feature. Folders all could be sorted differently.
This is not that important but thought I would ask.

Read other answers
RELEVANCY SCORE 54

I've been reading until my head is spinning. How to remove AntiMalware 2009 (Uninstall Instructions)Posted by Grinler on September 19, 2008 @ 08:53 AM This is the closest I could find to my Antimalware-Doctor infection, but it was posted two years ago. No doubt the newer version of the malware has changed... so are there any changes to the recommended uninstall?I was first infected with Win32:Oliga &/or Vitro, then followed by Antimalware Dr. and lastly Win32:Delf-HWS.AVG free alerted me, but didn't prevent the Oliga/Vitro infection. While surfing for info on these, I entered a website where I was infected with Antimalware-Doctor. That was a scary experience as I could not prevent or stop the scan or exit the site. The last one... Delf-HWS is the most annoying as it continuously creates new .exe files that are intercepted by Avast! (sounding an audible alert) during the quarantine process. No sooner is one file disposed of... than another one is created.Seems to me that Avast! is better at locating the bad files and locking them up than AVG. However, the constant beeping alert drives me crazy. I shut down my Dimension 4100 running XP-SP2 fearing that I would continue to be attacked. I have only started it in Safe Mode since. I have a laptop & downloaded various anti-virus programs to a cd, as well as a thumb drive. Is it possible to run these from the external devices with PC in safe mode? MBAM is among the ones I downloaded and I notice y... Read more

A:3 Malware Infections in 3 days: Where do I begin?

I'm afraid I have very bad news.Win32:Vitro is the name (used by avast) for the Win32:Virut family of malware.Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. See Threat aliases for Win32.Virtob.Gen.12.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary. The virus disables Windows File Protection by injecting code into the ... Read more

Read other 5 answers
RELEVANCY SCORE 53.6

I upgraded to Windows Live Mail and now am unable to view my previous e-mails in my hot mail account that i have had for years. How do i retrieve these e-mails that i believe are still on the server?
Thanks all,
Mike
 

A:Downloaded Windows Mail Live - Lost All E-Mails In Hot Mail

Open live mail,click tools and click syncronize all.
 

Read other 3 answers
RELEVANCY SCORE 53.2

My aunt let me borrow her PC to see if I can fix it. For some reason, I have gotten this reputation in the family as an IT genius for fixing slow PCs. Whatever. Anyway, it is a Windows XP Home PC, and it has a couple questionable applications like "Security Master AV," "Security Suite Platinum," "SpamSubtract Spam Manager," and of course the dreaded "WeatherBug." On startup it has tons of virus alerts from something called "Security Suite." Whatever. I need to fix it, and I have all the time in the world. Luckily, I appear to have a solid Internet connection and can download any kind of spyware/virus removal tool. Plus, I also have three other PCs in my house, so I can easily post to this messageboard when I'm working on it. So, where do I start?

A:So many malware/spyware/virus problems I don't know where to begin

D'oh!! Shoulda read before I posted! Downloading DDS right now.

Read other 7 answers
RELEVANCY SCORE 52.8

ok i have a few problems.
i opened a zip file which installed a program called "ultimate cleaner".
i uninstalled it(but there is still a file in my C:\Program Files folder that i cant delete.
i installed AVG anti-virus and anti-spyware to make sure my computer was ok.
when i ran avg said programs viruses were found
Torjan horse Downloader.Generic6.KOR
Trojan horse SHeur.SRQ
Trojan horse Downloader.Generic4.1QO
and a virus called "Lop"?
after each scan more and more viruses and trojans are found.
on top of that everytime i log onto windows i get and an alert in my system tray(its a white exclamation mark in a red circle overlapping a green circle) displaying a message "Security Warning:...your computer...infected...malware...click to find out more" then i can either close it or open it. if i click inside the open window it takes me to some antimalware sites. also my internet explorer is completely unusable, after a minute or two of use i get advertising for antimalware sites along with some other random popups.
i apologize if i wrote too much. any help would be greatly appreciated!

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:30:17 AM, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svc... Read more

Read other answers
RELEVANCY SCORE 50

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

A:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

Read other 1 answers
RELEVANCY SCORE 49.6

My laptop was going through a file reset but then suddenly turns off. After it says other user and I wasn't able to get in. I found a YouTube video that helped me get it to a trouble shoot and then reset it to safe enable. When I got in the whole screen
was black! I was able to get it the cmds but not sure how the cmds work. It states C: \Users\Administrator> right now and now I am stuck here.

Read other answers
RELEVANCY SCORE 49.2

I have multiple e-mail addresses. I check them all through Outlook.

When I am at work, I would prefer not to even sort thru my personal e-mails to get to my business e-mails but they are all in the same In box.

Is there someway to have them automatically got into different In boxes depending on which one of my e-mails the messages were sent to?

Thanks in advance.
 

Read other answers
RELEVANCY SCORE 48.4

I did a search but I coudln't find an answer for this.
I a mtrying to create a simple batch file that offers a user a choice it would simply do an ECHO prompting the user to select either choice 1 or 2, if the user selects choice 1 it would process the xcopy cmd with the /D flag, if the user selects option 2 it would use the same xcopy cmd but without the d flag.

What I am trying to do is simply create a small backup method, the /D being the one that backs up the files tha thave only changed while the straight xcopy cmd would be considered a full backup.

Option 1 - xcopy c:\QUICKB~1 F:\MumBackup\QUICKB~1 /D /E
Option 2 - xcopy c:\QUICKB~1 F:\MumBackup\QUICKB~1 /E

I did some reading on how to do this ,but I am still puzzzled.
 

A:If Cmds & Batch File

tripped said:

I did a search but I coudln't find an answer for this.
I a mtrying to create a simple batch file that offers a user a choice it would simply do an ECHO prompting the user to select either choice 1 or 2, if the user selects choice 1 it would process the xcopy cmd with the /D flag, if the user selects option 2 it would use the same xcopy cmd but without the d flag.
Click to expand...

not going to code the whole batch for you, but some suggestions.
you can use set /p to get your user input. for more info on set, type set /? on your prompt.
also, for if statements, if /?. If you are on older OS, there is a choice command you can use to get user input.
 

Read other 1 answers
RELEVANCY SCORE 48.4

Respected Person,
Whenever I am switching on my computer, I find the display- CMDS TIME/ DATE NOT SET. thereaffter I need to go to Adjust Date/Time section. why this problem arise and how to solve it?

A:CMDS TIME/DATE not set

Boot into Setup (Bios or CMOS) and adjust the time and date Save and Exit. When you boot into Windows make sure you are in the right time zone. If your computer continues to loose time, you will need to change the CMOS battery on the motherboard. .

Read other 1 answers
RELEVANCY SCORE 48.4

Hi guys,

I'd be eternally grateful if you could help me in any way!

OS: Windows Vista
Machine: Acer Aspire 5715Z laptop

Unfortunately a family member used my machine, and since then the machine has become infected with a virus (or two...). They used Firefox, and downloaded some software that they subsequently deleted, so I can't be sure what it was.

Symptoms:

Open an IE window > extra tabs are opened with a random IP address in the address bar (all beginning 8).
Try to close IE > other IE windows are spawned.
Open Windows Explorer > Task bar disappears and Windows Explorer immediately closes

The symptoms can be temporarily relieved by disabling the processes in the Startup tab of MSConfig (named cmds and BM1fa22c55), and deleting the Registry entries at HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/Run. The virus is creating a couple of obvious dlls in the following locations (although I know next to nothing about dlls/viruses etc.!):

Rundll32.exe "C:\Users\Emily\AppData\Local\Temp\myqxuect.dll",s
rundll32.exe C:\Users\Emily\AppData\Local\Temp\wvuSjgDW.dll,c

I cannot delete the files as I get the old "the file is open in another program". When deleted from the registry, the two main culprit dlls reappear immediately. I've seen the name "MS Juan" in the registry, and also in autoruns/processexplorer - is this the actual virus? Lavasoft Ad Aware SE Personal reported a total of 5 other viruses/trojans that I marked t... Read more

A:Solved: cmds and MS Juan

Read other 16 answers
RELEVANCY SCORE 48.4

I have Internet Explorer 6, have all the new patches and upgrades. My problem is this. In Outlook Express, under VIEW, SORT BY, I have Ascending, which means mail comes in - in order according to date and time, right? Mine does not. My incoming mail is going everywhere. I have to search my inbox for new mail, since it's not coming in in the correct order, and it's driving me crazy!

I've tried changing the settings to descending, restart, then re-set to ascending, restart. I tried IE Repair under Add/Remove Programs. Nothing makes it work correctly.

Any suggestions? Thanks!
 

A:{RESOLVED}OUTLOOK EXPRESS won't sort my mail!!!

Well, I fixed my own problem. A friend suggested right-clicking on "Received" right in the incoming email box. Then click on ascending. It worked. Duh! So, problem solved!!!!
 

Read other 1 answers
RELEVANCY SCORE 48

When I Add a New Contact to a Contact Group in Windows Mail, a list of all contacts is displayed in Name order, i.e., in first name order. This is very difficult to use. How can convert the list to Last Name order? I have done this with the main Contact list displayed by Windows Contact by adjusting the items and their order in the Details list. But this does seem possible with the Add New Contact list.

Read other answers
RELEVANCY SCORE 48

what needs to be done to have specific emails sorted by account?

A:sort email to specific account in windows mail

Is your e-mail server hosted by another site? You would need them to create a user account for each user and then you have each user log in with username and password to get their mail.

Read other 3 answers
RELEVANCY SCORE 47.6

Hi all,

I have something on my PC that prevents me from openeing websites in either Firefox nor IE. Google for example will finally load after about 13-14 minutes.

I ran Adaware with updates and it found a few things but the problem still persists. Spybot will not even start up. It seems intelligent.

I am attaching the DDS.txt log and a zipped version of attach.txt per the instructions.

Thank you if you can assist me with this. I have 8 hours invested so far.

A:Malware of some sort

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Definitely have some sort of issue. When I perform searches, I get redirected to site that have nothing to do with what I was trying to find. Also have tons of pop ups to broken links. Something is certainly amiss.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Daniel Getson at 21:29:43.09 on Mon 12/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\S... Read more

A:Some sort of AD/Malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 9 answers
RELEVANCY SCORE 47.6

I installed the " know your system app from store on rt " and its showing me this as CPU is this normal ? also I have ipv6 disabled on all adapters why does it say ACPI for processor and why does it start with \\ asif it was virtual machine here is the screen shot of it

A:Does this look like some sort of malware?!

It simply looks to me like this is the way the designers of this app have chosen to display the information.

If you don't trust an app, don't install it.

Read other 2 answers
RELEVANCY SCORE 47.6

I think I have some sort of malware because my internet speeds have fallen drastically in the past week and i've changed out my network card and tried a couple different usb adapters to wifi and all of the other pc's in my house work fine..
 
Here's the log from DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.25.2
Run by Carson at 22:50:48 on 2013-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2222 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Wind... Read more

A:I think I have some sort of malware..

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it gives you a warning about rootkit activity and asks if you want... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Please help! I have some sort of malware or virus, and I have no idea how to get rid of it!

In IE I am being taken to different search pages. I tried to use my Malwarebytes but it will not run and I think the .exe file was deleted. I also can not access my hard drives anymore and receive a message saying "RECYCLER\S-3-968-100000564-1000004326-1000010247-6037.com" and I am stuck. I am going to post the logs like the instructions said to do. thanks for your help. i hope this works.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:30:40.46 on Thu 05/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1103 [GMT -5:00]

AV: *On-access scanning disabled* (Outdated)
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\WINDOWS\system32&#... Read more

A:Have some sort of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

When I start the Firefox browser I have in the bottom left corner some activity that is displaying that Babylon.com and mywebsearch.com is trying to access the internet. Also my home site address keeps getting replaced by mywebsearch.com (followed by some characters in the web site address.
The activity happens so fast in displaying messages in the bottom left of the screen that I don't know what its trying to do.

Is this some type of malware or just something that has gone wrong with Firefox?

I don't know how to correct this and have tried running a malware scanner but with no reports of any malware its detected in Firefox. I suspect the only way is o reinstall Firefox again in hope that it this problem does not repeat itself.

A:Is this some sort of malware?

Hello and welcome to TSF.

They are not malware per se, but unwanted extensions and/or toolbars that have been bundled with some downloaded application. The following tool will remove those unwanted search engines, extensions and toolbars. However, if you have further issues and suspect malware, please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs.

======================

Let's first search for them.

Please download AdwCleaner onto your DesktopDouble click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the scan number.

Read other 2 answers
RELEVANCY SCORE 47.6

I'm running XP and it's doing all kinds of craziness. It's my mom's PC so only God knows what she downloaded or viewed online to get this.

Some symptoms:

*desktop background changed to "Your system is infected...buy our software blah blah blah"
*task manager is not accessible to user including administrator
*web browser redirects almost every request to a random url with some scam products

**I'm not sure why but DDS wouldn't compile a log. I don't know if the malware is script blocking or not but I'm fairly certain I didn't have any script blockers running

Any help you have to offer is greatly appreciated.
Thanks so much!

A:Some sort of malware on my PC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Problem description: IE closes randomly, random popups advertising all sorts of things. Also seems to disallow downloading. I had to end the process "ati2evxx.exe" before I could download anything so I assume thats the problem source. I read around a bit but can't seem to find a way to get rid of it, just sites describing the symptoms I already have.Deckard's System Scanner v20071014.68Run by Adamant on 2008-04-25 19:55:39Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --58: 2008-04-25 09:55:48 UTC - RP157 - Deckard's System Scanner Restore Point57: 2008-04-25 03:40:23 UTC - RP156 - System Checkpoint56: 2008-04-23 21:45:33 UTC - RP155 - System Checkpoint55: 2008-04-20 00:16:52 UTC - RP154 - System Checkpoint54: 2008-04-17 23:55:01 UTC - RP153 - System Checkpoint-- First Restore Point -- 1: 2008-01-27 00:33:14 UTC - RP100 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Adamant.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:57:40 PM, on 4/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\Sys... Read more

A:Some Sort Of Malware

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At1.job
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move&... Read more

Read other 8 answers
RELEVANCY SCORE 47.6

My other computer's been acting a bit screwy lately. For some reason or another, it cannot connect to the internet and it won't allow me to access my hard drives via My Computer.When I do try to connect to the internet using a browser, PeerGuardian gives me a Malware Exploits message in its running log. However, if I run an online game or a P2P program, they work perfectly fine. Not entirely sure if this is related, but when I try to run Spybot Search & Destroy, the process begins running, but the window never shows up. I'm running an AVG virus scan currently to see if that finds the problem, but given my luck today, I doubt it. I've attached my HijackThis log. Any help with this matter would be much appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:19:37 PM, on 2/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Dev... Read more

A:Some sort of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Sorry for reviving this topic, I just found it while looking through the internet for solution. Please forgive me.It seems that I'm infected with a similar malware of sort on my other computer and I need help fixing it. I tried system restore but it says the only good restore point is, from my guess, when the computer got infected and I can't move to previous month or anything before that. I'm just wondering if anyone willing to help me out in providing me an alternative solution. I don't think I have my Window XP installation CD, if I do it is probably hidden somewhere in my room so I'll try looking for it. So I hope you guys can help me. Many thanks.{Mod Edit: Split away to new topic,PM~~boopme}

A:malware of sort

Hello Valtiel and welcome to BC

What is your operating system: Windows XP, Vista etc.?

Do you have any security programs on your computer, if so what are they?

Have you run any of them, if so, can you post the logs please?

Orange Blossom

Read other 3 answers
RELEVANCY SCORE 47.6

I am new to programming and am starting with Java. It is all going ok but it is becoming time consuming typing the "cd" command to change the directory of the CMD to the locations of my Java programs every time I want to compile or execute my program as it defaults to C:\Users\Mike every time I restart CMD.

To save time, I want to be able to double-click an icon on my desktop to run a command which will change the default directory to my programming folder. I then want to click another icon on my desktop to change it back to the original.

Can somebody please give me the basic CMD code for changing the default directory (if there is one)? I will insert my directories afterwards.

GreenLightPC

A:How can the CMDs directory be changed using a batch file?

Hello GreenLightPC

I don't know about a *.bat file. But, I think I may have an easier way.

Create a shortcut to Command Prompt anywhere you like. In the Shortcut properties, change the Start In: to your desired directory.

Hope this is what you wanted.

Cheers!

Read other 6 answers
RELEVANCY SCORE 47.2

Winows XP, Outlook Express, Comcast.net E-mail server.

After I download my e-mail via outlook express, I get an error message - "This file cannot be deleted"

I cleaned out my delete file to assure that it was not the problem. I tried to clean my sent file, but none of the sent e-mails can be deleted. If I transfer the e-mails to a temporary file, then that file can be deleted.

I suspect that I have a corrupted index file, but I don't know how to find it or fix it. This may not be the problem.

Can anyone help??

Thanks
 

A:Solved: Can't delete downloaded e-mail

Read other 10 answers
RELEVANCY SCORE 47.2

I'm using Microsoft Office Outlook 2003. I have web mail which had about 8,000 emails in the inbox. Somehow I downloaded the same messages twice or more. Possibly I re-installed Outlook 2003 or imported a pst file, I don't remember. But now I have deleted them from the server. So the server only has 189 messages in my inbox. But I need to know how to delete these duplicate emails from my Outlook 2003 inbox before I start putting my emails in Outlook 2003 inbox in sub-folders by my chosen categories in Outlook 2003 so I may back them up by drag-n-drop from Outlook to My Documents\EMAIL folder I made which will have corresponding folders with Outlook 2003.

Now Outlook 2003 has 11,000 emails in it, possibly just in the inbox.
 

Read other answers
RELEVANCY SCORE 47.2

How do I clear 'none downloaded mail' in order to free up allocated ISP space please.

I seem to have accumulated hundreds of names on my blocked senders list, think it's time I cleared them off the server before the list increases.
 

A:Clear none downloaded mail from server

Have you tried logging on to your mailbox online via your ISP's homepage and deleting the mails there?
 

Read other 3 answers
RELEVANCY SCORE 47.2

We have a hotmail id.  Today morning mails not downloaded on cell phone.  We are using samsung galaxy mobile phone.

Please suggest.

Best Regards,

Purva

Read other answers
RELEVANCY SCORE 47.2

so, here are all the logs like the topic said to post....DSSDeckard's System Scanner v20071014.68Run by Tayler on 2008-06-25 21:38:37Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --8: 2008-06-26 00:48:06 UTC - RP64 - Device Driver Package Install: Trend Micro Network Service7: 2008-06-26 00:46:06 UTC - RP63 - Installed Trend Micro Internet Security6: 2008-06-25 09:01:24 UTC - RP62 - Windows Update5: 2008-06-25 05:20:29 UTC - RP61 - Restore Operation4: 2008-06-25 03:25:18 UTC - RP60 - Installed Ad-Aware-- First Restore Point -- 1: 2008-06-24 05:14:33 UTC - RP57 - Windows BackupBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Tayler.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:45:05 PM, on 6/25/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnoti... Read more

A:Some Sort Of Malware Or Something On My Computer

BUMP, someone plz help me!

Read other 3 answers
RELEVANCY SCORE 47.2

When I try to open search results from google, I recieve a pop-up which first directs to an address containing many numbers (ex. 7.0004.188 or something like that) then goes to a fake search results page. Based on my research, it is some sort of malware or adware. I ran norton, it didn't fix it. I ran malwarebytes and it found two adware things which it eliminated, but the problem still occurs. Please help!
 
Also, another problem I could use help with, sometimes if I am online on youtube or sites which display media using flash, my screen will flash black, the video screen will turn green, I recieve a message saying my display driver stopped working, and my computer shuts down. Any ideas?
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.7.2
Run by Rachel at 22:18:16 on 2013-03-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3693.1197 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.ex... Read more

A:Some sort of malware or adware

Hello RacSta Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at you... Read more

Read other 20 answers
RELEVANCY SCORE 47.2

Hi. Both FireFox 3.5.5 and IE (?) do this. They arbitrarily open new tabs and windows with multiple new tabs, all with going to spam sites such as buy Dish TV or some sites that cannot even be found. I've seen popups and FF does pretty good controlling them, but recently this behavior started, which seems very different. I can just open the browser, and it takes off starting all these new tabs and windows. I have to browse with one hand on ALT+F4 to kill 'em. <g> I scanned with ESET, then dumped that because it was a month expired and got AVG and scanned. I also scanned with S&D and BitDefender, but nothing was found. Hopefully you guys can help me.

-Lenny
DDS (Ver_09-12-01.01) - NTFSx86
Run by Lenny at 13:54:14.26 on Wed 12/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.472 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\syste... Read more

A:Some sort of browser malware

Now this has gotten more crazy. It's closing tabs in succession and then closing my browser. So, now it's not just opening new tabs and windows, it's now closing tabs and browsers I am using. Thanks and I'm eagerly waiting to hear back for insight on this.Thanks.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someo... Read more

Read other 7 answers
RELEVANCY SCORE 47.2

Was downloading a program for a game and thought the ad with the ADL Uncompressor was it, so I installed the program and all that but realized shortly after I just installed malware or a virus, not really sure as I didn't find very much information on the program itself.But after some troubleshooting and numerous google searches I got rid of the program through the control panel and all the utilities it installed, but there seems to be one remaining. It's called Claro search and it's hijacking I guess the browser's homepage every time I start it up, Internet Explorer's fine but Google Chrome keeps getting it even though it's been removed.I've scanned with Malwarebytes and AVG and they say they've found nothing.So how do I get rid of this thing permanately?Link to the file I was downloading (if needed}: hxxp://filesmelt.com/dl/remote.7z

A:Got some sort of redirection malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 47.2

Hi everyone. I recently contracted a browser hyjacker...i dont think it is the CW shredder, I had that one years ago, i think this is different. I downloaded and ran HJT, I guess I need to watch what I "fix". Here is my log file, any help is very appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:51 PM, on 2/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Mic... Read more

A:Help with HJT & some sort of spyware/malware

Hello christineandpat Welcome to TSF.

Please follow our pre-posting process outlined here:


http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 47.2

Hi,

A couple of days ago, my computer seemed to become infected with some sort of Malware. It has resulted in the computer freezing regularly and when it does, the fan inside the computer runs really fast (sounds like it's going to either take off or explode!!). I have tried to run the McAfee (it scans but finds nothing), Malwarebytes (will only run for 3 seconds before closing), Spybot (won't run off the PC installed version) and Adaware (won't run at all).

Yesterday we were able to run Spybot from a disk onto the computer, it found that we were infected with fraud.sysguard & winspywareprotect. It doesn't seem to be removing these issues as today we have the same problems again.

I have also tried changing the file name & extension of Malwarebytes, but it still won't run. Even in safe mode.

This morning when I logged on, I received an error message stating that Win32 had closed to protect my computer.

I'm totally stuck as to where to go from here, so here I am. I'm far from a computer expert, but am able to follow instructions and am hoping someone might be able to help me!!!

I am running Windows XP.

Cheers,

Kim

A:I think I am infected with some sort of Malware

Hello please run RKill....(you may need to run it a few times) then immediately try MBAm.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwar... Read more

Read other 12 answers
RELEVANCY SCORE 47.2

Some sort of malware. The log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:24:40 PM, on 10/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\Co... Read more

A:Some sort of malware from bad torrent

Hello gutiniWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 1 answers
RELEVANCY SCORE 47.2

.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Run by NickStadmiller at 1:26:49 on 2011-05-29Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.996 [GMT -4:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\WUDFHost.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Fil... Read more

A:Some sort of malware, help is appreciated.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 9 answers