Over 1 million tech questions and answers.

Keep Getting Reinfected When My Teen Uses Myspace

Q: Keep Getting Reinfected When My Teen Uses Myspace

Hello, folks.
My teen can't get enough of MySpace, YouTube and associated activities. The more she uses them, the more I have to keep cleaning out Virtumonde, Smitfraude, etc. malware that keep repeatingly placed on my PC. I'm tired of the junk! How can she keep using her favorite sites without junking up the PC with malware? I am running Win XP, antivirus is Panda Internet Security (which I love 10x better than Norton or McAfee) plus I also clean out with Spybot often (probably need to do this more often). What guidelines can I give my teen to help prevent malware? She also IM's a lot, and I'm gonna tell her about not clicking on IM links.
Frustrated Mom

RELEVANCY SCORE 200
Preferred Solution: Keep Getting Reinfected When My Teen Uses Myspace

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Keep Getting Reinfected When My Teen Uses Myspace

Do you use the Firefox browser? That will definitely help. You're more likely to get infected on myspace using Internet Explorer.

Spybot is pretty ineffective these days. It was decent several years ago, but now I'd recommend Malwarebytes or SuperAntiSpyware.

Read other 4 answers
RELEVANCY SCORE 45.2

I'm having the same problem as many others are. Teen biz defaults when i open IE and win min comes up when shutting down. I've included the hijack info that I scanned off of my machine.

Thanks in advance for your help

Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 1/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\McAfee\QuickCl... Read more

A:teen biz and win min

Get the CoolWebShredder from this site, update and run it with the browser closed. Then reboot and check and "fix" any of these entries which remain in HijackThis:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teen-biz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\winlogon.exe

O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

hey guys, everytime i start my computer my home page has been changed to teen-biz. also websites have been added to my favourites list. when i shutdown iget a window come up that says Win Min not responding. and sometimes it says NVIDEA twinwindow not responding. I have tried Spy-bot, adaware 6, cwshredder they get things sometimes but when i reboot its all backthere again. i tried Hijack this and this is what i got.
Logfile of HijackThis v1.97.7
Scan saved at 2:02:16 PM, on 28/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSv... Read more

RELEVANCY SCORE 45.2

I have had trouble recently with my homepage and serch engines. They have all changed to some teen-biz page, and I am continually getting new sites in my favourites list, and all my sites are deleted. I have run Hijack this and CWShredder. I was wanting to know if there is anything else I need to do.
Thanks

Here is the log:
 

A:teen-biz bug

log posted so we can see it
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\NVIDIA\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wynnumvikings.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com
F1 - win.ini: load=C:\NVIDIA\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

teen-biz has taken over the search engine; the home page, etc on Internet Explorer.

The log is shown
Logfile of HijackThis v1.97.7
Scan saved at 8:53:08 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\Local Settings\Temp\Temporary Directory 1 for hijac... Read more

A:teen-biz

I would appreciate your help
 

Read other 2 answers
RELEVANCY SCORE 44.8

I have an almost 13 year old granddaughter that is very good with logic puzzles and loves the computer and stated an interest in learning how to program games.
While I know my way around the PC, I've never done much in the line of programming. I am considering on buying her for Christmas a beginners guide to C++. My thinking is if she's going to learn she might as well gain some real life experience she can use as opposed to getting her a book on basic or something like that.
My question is two fold to you programmers. Is C++ going to be too difficult for a kid her age? And secondly any other recommendations for a simple C++ book or other suggestions if I'm not on the right path thinking about C++. I did find the MS visual C++ compiler that I downloaded for her and a beginners video from the MS website to supplement the book.
Any help will really be a appreciated.
Floyd
 

A:Help for my teen granddaughter

Read other 9 answers
RELEVANCY SCORE 44.8

i am posting on behalf of a friend who, unfortunately, due to being to occupied with family concerns, is unable to log on and post for herself. therefore, i am trying to find out whatever i can for her. her problem (or at least the most bothersome thereof) is being constantly & frequently bombarded by pop-ups & redirects apparently associated with http://teen-biz.com

she has already downloaded, installed and regularly updated and run spybot, adaware as well as hijack this. unfortunately she is still being tormented by having her children be subjected to the extremely profane visual & text attacks that teen-biz seems to feel compelled to launch at every opportunity. as you can see from the following hijack log, teen-biz was found:

Logfile of HijackThis v1.97.7
Scan saved at 11:43:52 AM, on 1/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.ex... Read more

A:teen-biz pop-ups & redirects

Read other 7 answers
RELEVANCY SCORE 44.8

From my teenage girl's computer, though I don't know what I'm looking at, I can see a huge difference in these logs between my computer and hers. It's acting really funny, as well!

Logfile of HijackThis v1.99.1
Scan saved at 2:29:53 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net//...SOLoI9VCx.html
R0 - HKCU\Softwar... Read more

A:Hijackthis-what has my teen done?!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.




How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a T... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

I have run Hjt and saved the log. I have also red the other posts I could find regarding this issue. It seems my problem is a bit different than the others.

I do have winlogon.exe in my startup folder, but I can not delete it. It says the file is in use. There are multiple user accounts on this PC, 3 to be exact. The log file from Hjt is below...

TIA
Vince

Logfile of HijackThis v1.97.7
Scan saved at 3:23:20 PM, on 12/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WIN... Read more

A:New Win Min problem with teen-biz.com

Read other 11 answers
RELEVANCY SCORE 44.8

My daughter is wanting a new laptop that will run the game Star Wars The Old Republic.
The system requirements are :
Processor: AMD Athlon 64 X2 Dual Core 4000+ / Intel Core 2 Duo 2.0 GHz or better
Operating System: Windows XP or later
RAM: 2gb
Video Card: min256 MB on-board RAM and support for Shader 3.0

I am looking at HP 17.3" HD+ Notebook 17-x047cl, Intel Core i3-6006U DC Processor, 8GB Memory, 1TB Hard Drive, Backlit Keyboard, Optical and need to know if it fits the requirements
 

Read other answers
RELEVANCY SCORE 44.4

Hi. Im brandnew to the forrum but i have a good question. I am an avid pc gamer but im only aloud to play teen rated games. Are there any decent teen shooters out? If so, are they recent with good graphics? Thanks!
 

A:Teen First Person Shooter

i play counterstrike source, thats rated mature, i realize thats your problem. I hope im wrong but there may not be any teen rated fps out there. Good Luck to you.
 

Read other 2 answers
RELEVANCY SCORE 44.4

OK. I will attach the HJT log for my son's computer. It is running really slow and is constantly running low on disc space. He was using his computer in safe mode until I found out. I removed some of the crap that he had but have no clue what else there may be. Please help. Computer is only a few months old and should not have too many problems. Thanks....

Here is the LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:57 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:HJT Log for my Teen Son's Computer. ARRGG!

Why hasnt anyone replied? This computer is driving me nuts.
 

Read other 1 answers
RELEVANCY SCORE 44.4

Hi, when I start my computer and run my IE, the startpage changes to teen-biz.com and a bunch of porn sites are added to my Favorites folder. IE will also open on its own periodically to some porn-site. Lastly, when I shut my computer down, I receive a Winn Min error ("can't end program . . . ").

I've run Ad-Aware, Spybot, SpyHunter and CWShredder but still the above garbage occurs. Can anyone please help? I appreciate any comments. Below is my Hijackthis output. Thank you in advance.

Running processes:
C:\WINNT\Explorer.EXE
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Jeremy\HijackThis.exe
C:\WINNT\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-495... Read more

A:Teen-biz.com IE Hijack/ Win Min Problem

Read other 7 answers
RELEVANCY SCORE 44.4

http://www.amazon.com/Lenovo-15-6-Inch-Touchscreen-Laptop-59426255/dp/B00K6ZIFFG/ref=sr_1_1?ie=UTF8&qid=undefined&sr=8-1&keywords=lenovo++i7-4700hq+y50

It's actually over his budget... until his next paycheck, at which point it'll wipe out his savings account.
So before he blows everything he's earned this summer taking orders at a fast-food joint, thought I'd ask if this will be a great choice. It's a Lenovo Y50 laptop sold on Amazon. He looked at it in a Best Buy store where it costs nearly a hundred dollars more. He's a junior in high school this year, so use will be for any school related study/research rolleyes, facebook, Minecraft and he wants to get Skyrim/Elder Scrolls downloaded once he makes his purchase. I think the salesman said that this could be linked to his PS4 - I'm not a techie at all so I don't know that this is hugely important but my son seemed impressed.

I've read reviews dissing the screen. But we saw it in store and didn't think it looked as... unpleasant as some reviewers thought. The other negative thing I've read is something about having to press two keys on the keyboard to control the sound. Again, I don't think that that sounds like a big deal either.

I guess I'm wondering if there's something better for his money or is this actually dang good for $1250 plus tax from Best Buy? (I know Amazon's price is cheaper but hesitate to have to handle any troubles we ... Read more

A:My teen wants to buy this gaming laptop...

Read other 7 answers
RELEVANCY SCORE 44.4

Toshiba 1.8Ghz laptop
4 GB RAM (recent upgrade to memory 2x1GB, machine only sees 3GB, I can't find the cause, any advice most welcome)
160 GB HDD
Windows XP Media Center sp3

I recently 'cleaned' this computer and upgraded the memory. I left it with Eset running and it seemed fine until a 14 yr old nephew spent one session on it. When I heard about it, the browser was hanging without connecting. System control soon degraded to the point where Windows loads but that is it. Task mgr, file explorer, start button, browser... nothing works. Disk activity is evident but 'it' will not release the machine even after sitting off the ethernet wire for a substantial time after loading the OS. Safe mode available but 'it' blocks the run of Malwarebytes (though the app will load into memory). The only scans I could run were from within safe mode. not sure how useful that may be but RSIT outputs attached. I have DDS scan from safe mode I will place under separate post.

Best advice about next step please. Thank you for taking this under advisement.

A:Toshiba trashed by teen

here is the DDS scan outputs

thank you for helping with this problem.

Read other 2 answers
RELEVANCY SCORE 44.4

Hello,
I hope you can help me.
My daughter is experiencing problems with her Windows ME machine. I've cleaned off what I could with Spybot and Adaware. I've also run Norton 2002 and the Micro trend on-line virus scan (although I'm not confident that the on-line scan made it to completion).

I'm seeing alot of modem activity, even when nothing else is running on her PC. She's getting icons on her desktop, pop-ups and spyware. Her machine is running very slowly and locks up on a regular basis.

I've run hijackthis and Hijackthis analyzer. The analyzer log is posted below:
Thanks in advance.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:41:39 PM, on 3/8/2005
Platform: Window... Read more

A:Parent of Teen needs help! HiJack log

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 43.6

Hi:
Not even sure if this is the right place. My pre-teen cousin installed WINAMP on my mother's computer.
1. Is this a legal program? Is it any good? Does it cost anything monthly?

2. Now The sound on her computer doesn't work. I get an error message from NullSoft. "bad direct sound driver. PLEASE INSTALL Proper drivers OR SELECT another device in configuration." Error Code 887800A

Anything yu can tell me about this or how to fix will be deeply appreciated.

Thanks. wildbill
 

A:Pre-teen installed unknown program?

Read other 8 answers
RELEVANCY SCORE 43.6

It seems my PC has been reinfected with the svchost.exe trojan virus. I successfully removed it previously via the instructions I was given here: My link. My questions is, can I to follow the exact same steps and post the new logs here?

A:Help, I am reinfected

Hi there, a moderator or someone on the security team may/will take over at any time but until there, i will assist you if you wish.Please start with answering a few questions for me to understand what is on your computer.What are you currently using for an antivirus? What is your operating system?What symptoms are you experiencing? Read this I suggest for now you only do steps: 1-6.Once you have completed steps 1-6, please download DDS and run it then post the logs here then come back here and provide a link to the post.You may also of course use Pastebin and post the logs here. DownloadMini ToolboxCheckmark following boxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesClick Go and post the result. As narenxp stated in the last post...DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG reportSkip all the findings, warning if you have daemon tools or other software related to that some issues may pop up, ignore everything hit "Skip" and just post the LOG here. Remember the DDS log must be on the other forum (link is above).

Read other 4 answers
RELEVANCY SCORE 43.6

Hello. I am new here. Thank you for your service and reading my log.I have never posted a hijackthis log but I'm fed up and am now going to do so.Recently I reinstalled windows xp home edition (about 3 days ago) and yesterday I some how got infected again with what my comp had in the first place. I have not gone to any porn sites and all I have downloaded in the way of programs are:1.Pctools. spyware doctor (my antivirus program)2. my Ati drivers.3. .netframework 3.54. a sound driver bundle from Xceed Software Inc. called5. the game Unreal tournament 2004.yesterday I downloaded some pictures from facebook onto my hard drive.Symptoms:Task manager has been disabled by your administrater.Registry editing has been disabled by your administrater.Also my spyware doctor has picked up 2 ip addresses trying to connect to my computer which i chose to blockthose Ip's are:1195.24.77.224, 72.232.11.26Here is my hijack this log:ogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:49:00 PM, on 1/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\... Read more

A:reinfected

When I posted the above post my spyware doctor popped up saying HIGH RISK THREAT DETECTED. Trojan. downloader.small!sd6. I cliked on block

Read other 26 answers
RELEVANCY SCORE 43.6

My computer was infected a few months ago by Vundo and my internet and video files have been acting very slow. When ever I start up explorer, the pages take up to 30 seconds to just load. Also, When ever I start up the computer, the modem goes down. I am attaching a copy of the Kaspersky log and the next reply will include the Hijackthis log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 6:17:46 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 662292
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 138227
Number of viruses found: 3
Number of infected objects: 58
Number of suspicious objects: 0
Duration of the scan process: 01:51:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data... Read more

A:Reinfected

bump (4 days)
please help :(
would really appreciate it

Read other 19 answers
RELEVANCY SCORE 43.6

After using Autoruns program to see if I could tune up the startup on the laptop, I have downloaded Avast anti virus, installed it, and performed a boot time scan which has detected a threat (the Zone Alarm security suite/anti virus program previously installed did not find anything).

It found win32 Chancrypt virus/worm. C:System Volume Information_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}RP112.

The name in the Avast "virus chest" was: A0145871.exe. Last changed 8/4/2004 (not sure if that was needed info) Transfer time 10/1/2007 ( Day I found it and quarantined it)

I do not know what this is. I assume that it infected a restore point. I only quarantined it because I was not sure if deleting it was the best course of action.

I have repeated all the steps you had mentioned earlier (except Smitfraudfix and the installer cleanup utility)

What should I do?

Thanks again for your help very much appreciated.

A:Reinfected?

Since you are already receiving help here, this thread is closed. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.

Read other 1 answers
RELEVANCY SCORE 43.6

i am infeted [again] with someting called project1 and it seems to slow down my computer and i am seeing popups on my desktop and when i surf the internet. this is my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 7:11:07 PM, on 10/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\rundll32.exec:\dfndrff_e38.exec:\kybrdff_e38.exec:\nwnmff_e38.exeC:\WINDOWS\SmFtYWwgTWFra291aw\command.exeC:\Program Files\Network Monitor\netmon.exeC:\DOCUME~1\JAMALX~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software ... Read more

A:Reinfected

Hello jamal56783, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please take note of the following: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Charles

Read other 15 answers
RELEVANCY SCORE 43.6

Ok from last few months I am having continous attacks on my computer. I am getting reinfected again and again. I have used all kind of software from bitdefender, malwarebytes, partizan unhack me, even combofix, but the reinfection keeps occuring. Recently  a new virus completely removed my startmenu programs list and by mistake i used atf cleaner to remove the temp files. It also blocked my  internet by disrupting winsock2 I had to use combofix to remove the infection and superantispyware to fix the lsp. Here are recent otl scan few particualr entries keep reoccuring, especially this one [2012/04/28 08:21:42 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污[2012/04/28 08:18:58 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 unhackme used to catch it as infection but after its demo is over it cannot catch this also. So something is reinfecting my workstation It has 12 gb ram, but only 9 gb is available and a particualr file partlogn is being recreated everytime i login. When I relaized my bitdefender was hacked, i removed it and found my proxy connection in browser was switched on, when i never started it. any help will be appreciated OTL logfile created on: 3/4/2013 8:28:06 PM - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wick... Read more

A:Getting reinfected again and again

I also used show hidden and it showed me these. any help will be appreciated.
 
Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.
Program started at: 03/05/2013 05:37:34 PM
Windows Version: Windows 7
Please be patient while your hard drives are scanned.
Scanning the C:\ drive
 * C:\$RECYCLE.BIN\S-1-5-21-46887703-388321113-1566937506-1000
 * C:\$RECYCLE.BIN\S-1-5-21-46887703-388321113-1566937506-1012
 * C:\autorun.inf
 * C:\comment.htt
 * C:\desktop.ini
 * C:\found.000
 * C:\found.000\dir0000.chk\Windows\DRM
 * C:\found.000\dir0000.chk\Windows\DRM\Cache
 * C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\%APPDATA%
 * C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\%APPDATA%\Microsoft
 * C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\%APPDATA%\Microsoft\Windows
 * C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\%APPDATA%\Microsoft\Windows\IETldCache
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\Recovery\ae493936-2ab7-11e0-8de7-ec4a7d26d596
 * C:\System Volume Information
 * C:\System Volume Information\Chkdsk
 * C:\System Volume Information\SPP
 * C:\System Volume Information\SPP\OnlineMetadataCache
 * C:\System Volume Information\... Read more

Read other 30 answers
RELEVANCY SCORE 43.6

posting per
http://www.bleepingcomputer.com/forums/topic446922.html/page__gopid__2638618#entry2638618
GMER opens but only services / registry and /files are available for check marking

holy cow.
i had done some banking on this and now i need to change all of that again ?!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by websitewendy at 9:29:05 on 2012-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5696 [GMT -7:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Window... Read more

A:reinfected with a bot

i forgot to note that i have HIPS alerts enabled in ESET smart security pro 5 .. and i noticed ~internat.exe on startup was allowed ..
2 different paths .. i didn't copy them.. i turned the machine off .. but one was ~\Run\internat.exe and one was an internet explorer path \internat.exe
crazy crazy crazy

i need a couple files off of the remote drive which was attached to this pc and don't know if i can trust it.

Read other 7 answers
RELEVANCY SCORE 43.6

hiive been reinfected. I was infected about 2 weeks ago and the problem was fixed with help from this website. Now ive been reinfected again. ive got plenty of anti spyware software and i have run that but the problem remains. Here is my HJT log. I appreciate any help as always.Logfile of HijackThis v1.99.1Scan saved at 21:39:34, on 19/08/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\ATI-CPanel\atiptaxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Rea... Read more

A:reinfected

Hello,It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!?Download AboutBuster. Unzip AboutBuster in an own folder such as C:\AboutBuster. Start AboutBuster.exe. Click OK, Update, Check For Update and download the updates if present. Close aboutbuster now, because you may not run it yet, that's for later. If You are getting an error when updating, please let me know first before you proceed with the next steps.* Download and install CCleanerDo not use it yet.* Download CWShredder. Don't let it run yet!* Download this regfix: HSfixUnzip it and place it on your desktop, don't use it yet!* Please download the trial version of Ewido Security Suite here:http://www.ewido.net/en/downloadInstall it, and update the definitions to the newest files. Do NOT run a scan yet.*Please reboot your system into SAFE MODE. ?To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.*Start hijackthis and click scan and put a checkmark next to the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\syste... Read more

Read other 7 answers
RELEVANCY SCORE 43.2

Help please. I have a tech savvy 16 year old son that has to use his computer to do his homework, but is abusing it. I need to be able to see how he is using it (sites/time/things he's doing) and ideally restrict the site "affimatively" to just the sites he needs to do his homework. I check history, but he's savvy enuf' to clear individual entries as he goes..... I've reat about Webwatcher adn SpectrePro but have no idea what's good and what he couldn't detect and remove... I'm not that technical.... help please!
 

A:Parent Control S/W for tech savvy teen

Read other 7 answers
RELEVANCY SCORE 43.2

Hello. I am new here but have been following these forums for a couple of weeks. I think the people [??] who create viruses should be treated like any other terrorist.

I have AVG and today when I opened my e-mail, I noticed a message labeled "Teen poll results" above a couple of other entries. So I used Shift and selected all three so I could delete them all at once. However Delete didn't work.

The AVG [Griswold] screen popped up and said it detected a virus. So I pressed "n" and even enter. Meanwhile, behind the AVG box, there was another box showing a file being downloaded. So I quickly clicked the Close X button for Outlook Express. I hope that cut it off at the pass.

So I have some questions:

1) Is there some way to select and delete something from my inbox without it starting to download?

2) Why didn't AVG stop this thing from down loading?

3) Assuming part of the virus downloaded, how do I find it and get rid of it?

That's enough for now. You guys are great.

-Peter
 

A:Teen poll results virus[?] + AVG + Outlook

Read other 7 answers
RELEVANCY SCORE 43.2

Valis sent me for help. I have Windows 7. I have an administrator account. My son uses a standard account and does not know the password for the administrator account. My son has been visiting unwanted web sites. I need to find the easiest way to block him from visiting this type of site.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 635 Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 5886 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 939685 MB, Free - 745733 MB;
Motherboard: Dell Inc., 04GJJT
Antivirus: GFI Software VIPRE, Updated and Enabled
 

A:Solved: teen and unwanted web sites Valis sent me

Read other 7 answers
RELEVANCY SCORE 43.2

This website keeps popping up and I have run Adware and Spybot. It was also charging calls to my phone. I have put a block on my phone with the phone company and now have to send a letter an a email to dispute these charges. I have never been to that web site and it keeps popping up. I did read whre the average person can go remove this with help so Help. This is the information I get when I run spyware.

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-1078145449-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includ... Read more

A:Solved: Hard Core Teen Sex website

Read other 9 answers
RELEVANCY SCORE 43.2

 
My original thread is http://www.bleepingcomputer.com/forums/t/552011/invalid-bootini/page-2#entry3518036
 
Thank you in advance for any assistance. 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Norman at 13:59:49 on 2014-10-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.484 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Microsoft Office\Of... Read more

A:Keep being reinfected according Hitmanpro

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553559 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 16 answers
RELEVANCY SCORE 43.2

I keep getting infected. I installed adaware and spybot, did the updates, disabled system restore (per Symantec instructions) , booted into safe mode, and ran them plus Norton and removed all the bad stuff. Am I clean now? This is my hijack log. If anyone recognizes anything in here and can help me I'd really appreciate it. I'm hoping I've fixed this on my own. My symptoms before I started were major popups in internet explorer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:53 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DE... Read more

Read other answers
RELEVANCY SCORE 43.2

originally i had gotten this and read over someone elses post on ping.exe followed the instructions with combofix and deleted the virus, about a week ago. Today avg starts popping up around 10pm often saying so and so is infected, inaccessible or undeletable etc.

and I notice Ping.exe is running again and slowing my computer down dramatically. I hate to bother you guys once again with my problems, but it seems I will need the pros on this one.

~Xanatos

A:ping.exe reinfected me

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 3 answers
RELEVANCY SCORE 43.2

Just ran malwarebytes again today. new virus-----
Files Infected:
c:\Users\Mackie19\Desktop\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
It said it fixed it.

A:reinfected---bloop me

haha I've been blooped!!You need to follow the instructions here as that is the only way we can clean this.http://www.bleepingcomputer.com/forums/ind...p;#entry1319459I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 43.2

I got help removing some viruses (myosprotect) and I downloaded all the antimalware stuff suggested. I have only been on it a few times since its been cleared of infection. It's been super slow and I've been trying to get help with that. I ran a Malewarebytes scan and it came up with some pup files.
 

A:My computer reinfected

You've been to this forum before so you should know the drill.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

Read other 1 answers
RELEVANCY SCORE 43.2

NAV is detecting spyware but continuously stalls before showing the resulting name of the infection. I had attempted a system restore after it first detected it as ZeroAccess! C, but it must still be there. I ran TDSSKiller but no threats were detected.The
 attach.txt   5.23KB
  1 downloads GMER tool is unable to complete. Thank you for your help.DDS LogDDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2Run by Jenny at 9:06:50 on 2012-11-16Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.213 [GMT -6:00].AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ================.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system32\taskhost.exeC:\Windows\System32\AsusService.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponde... Read more

A:Reinfected with zeroaccess

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 42.8

Hi

I am a dad who wants to give his rebellious pre-teen daughter some control on her laptop, like update iTunes or install games, but she cannot do such as a Standard User.

I initially setup her laptop with both of us (dad and daughter) as admin users. I wanted to be an admin user to help install updates, backup, and check for viruses, etc... Dad as "Home IT guy".

However, in her rebellious attitude over the last couple of months, she removed me as an admin; so, I had no way for login. Pissed IT dad.

IT dad took her laptop away for a week, demanded her password, created IT dad as admin and changed frustrated daughter into standard user.

All fine. No. Daughter wants to upgrade iTunes (admin login required), install games (admin login required), etc... (admin login required). Non-IT mom does not want to do IT stuff (i.e. "admin login required" stuff).

Is there a way to allow my daughter (degraded to Standard User) to have some admin privileges (to perform upgrades and downloads without "admin login required"), but without having the permissions from removing other administrators (i.e. IT dad)?

In other words, IT parents as Uber-Administrators and User children as Limited-Adminstrators (i.e., cannot remove a Uber-Adminstrator but can upgrade and download software)?

IT Dad wants to know, thx

jeff in seattle

A:Windows 7 Pro: Parent adminstration control and rebellious pre-teen

Sorry, I dont have an answer for you, but I'm in exactly the same boat. because I have three sons that install programs and updates like your daughter, that required me to intervene on a multiple-times-per-days basis I gave my kids administrative accounts on their own computers.

BIG MISTAKE!!

I use OpenDNS to prevent access to undesirable web stuff, and so I can have some semblence of knowledge of what is going on. But they hack, and they crack and they circumvent every bit of security I add.

Now I am considering setting them to standard users. And that means non-stop whining, negatively charged atmosphere, and daily interventions by me to install, update, remove and configure things on their PCs.

I feel for you. I hope someone here will be able to offer some guidance to us frustrated parents.

Tanya

Read other 4 answers
RELEVANCY SCORE 42.8

I have a couple of older Dell laptops here of the Windows 98 vintage. They have more than ample hard disks and 64 megs of RAM. I'm thinking of turning them into NetBooks for a couple of 10- and 12-year-olds. The laptops both have good batteries USB ports and PCMCIA slots so wireless will be an easy task.

Here's the question: How practical a job is this and what OS would be best?

I know just a very little about NetBooks, mostly what I've learned by looking at them on the store shelves.
 

A:Turn an old Win98 laptop into a NetBook for pre-teen child?

Read other 6 answers
RELEVANCY SCORE 42.4

My computer was first infected with Antivir Solution Pro 4 days ago (Wednesday), and after using RKill(iExplore) and MalwareBytes after each infection, I've been reinfected three more times, about once every day.About 2 days ago, I made the switch from Safari to Firefox, but I don't think that has changed anything for this problem.Did all the requested logs 3 hrs before quarantining the virus with MalwareBytes for the last time.I have all the MalwareBytes logs and everything still quarantined, by the way.While using GMER, I got a blue screen caused by a file that started with "pwli", although the file name was 3x as long.After starting back up in Safe Mode with Networking, GMER had a problem and was closed by Windows; I ran Defogger again (1st time after the reboot), regardless of the warning. When I tried to open GMER again, my computer blue-screened without a specified reason.Rebooted this time in Normal Mode and AntiVir Solution Pro opened up once again, so I used RKill(iExplore), MalwareBytes, and rebooted the computer.GMER was closed because of some problem by Windows, I ran Defogger, tried GMER again, and I blue-screened with no specific reason once again...So I'm sorry that I can't attach a GMER log.I realize that I have to change all of my passwords on a secure computer ASAP, but am confused on whether the computer I used to put the RKill/MalwareBytes on a USB flash drive is still considered safe.I'm also wondering what how to deal with m... Read more

A:Reinfected w/ Antivir Solution Pro

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding ... Read more

Read other 22 answers
RELEVANCY SCORE 42.4

Here is my DDS Log: .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Owner at 8:14:59 on 2012-02-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2536 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C... Read more

A:Reinfected with svchost.exe trojan

Sorry, did not realize I did not attach report.

Read other 25 answers
RELEVANCY SCORE 42.4

Hello, it seems I am in need of assistance yet again. This one surprised me. I was visiting livejournal, a website I have been visiting for years without any problems, when suddenly my Ad-Aware Ad-Watch started popping up, notifying me that multiple registry changes were being made to my computer (some by votojoye.dll). I received over 1,000 registry changes. I ran a Malwarebytes scan and it didn't pick up anything. The last time I posted here I had McAfee but I have since deleted it and I currently have Norton 360. Norton detected quite a few trojans, quarantined, and 'fixed' them but Ad-Watch continued to go nuts with registry changes and I ended up just removing it for the time being. I also downloaded PCTools Anti-virus and it picked up one threat and quarantined it. I cleaned up my computer and ran Kaspersky and it didn't detect anything but after running a HijackThis scan, votojoye.dll seems to show up in the scan, along with old McAfee files.I guess I just want to make sure the virus is completely gone. My computer continues to work wonderfully although the only change I noticed was that it takes longer to load up than usual (the screen is black for a minute or two and then windows resumes to load my settings). I am attaching a DDS log and my HijackThis log.Thank you for your time. reiraDDS (Ver_09-12-01.01) - NTFSx86 Run by Schmidt at 16:06:42.81 on Fri 02/12/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edit... Read more

A:Reinfected with new virus: votojoye.dll

Hi reiraWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.I'm looking over your logs now.maranatha

Read other 17 answers
RELEVANCY SCORE 42.4

This is insane, i dont know how or why it happened but i am now fuly reinfected after almost a weeklong cleaning session. Please help me out by reviewing my hijack this log! I NEED TO GET THIS RESOLVED!!

When i restarted my comp this afternoon it was playing what sounded like circuc music, and getting major pop-ups. Heres both my hijackthis log and my ewido log. Please let me know what direction to go in. Thanks - Bolen

Logfile of HijackThis v1.99.1
Scan saved at 5:26:12 PM, on 10/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\IA\command.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\kbotyui.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - ... Read more

A:REINFECTED! Please review my hijackthis log!!

Read other 16 answers
RELEVANCY SCORE 42.4

We currently have the trojan, wscsvc.exe, on our laptop. This is my mother's laptop and there are constantly trojans infecting the computer. Right before this trojan was detected we removed the fake "Vista Antispyware 2012" virus. The computer is a Lenovo computer from 2007 with Windows Vista Home Premium, Service Pack 1. Intel 2.16 Ghz processor, 3 GB of RAM, 32-bit OS. I am having to post this in safe mode because in the normal mode a 1 second task takes ~10 minutes. However, I did run HijackThis in normal mode to generate the log file. Here is our HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:43 PM, on 12/28/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\aol\1239333554\ee\aolsoftware.exe
C:\Windows\System32\igfxt... Read more

A:Chronically Reinfected Laptop

Hope everyone had a nice holiday. Just posting to make sure this didn't get lost in the flood of messages that came in between then and now.

Read other 23 answers
RELEVANCY SCORE 42.4

I followed the uninstall guide instructions on this site about a week ago and I thought I had removed Windows System Suite but now my computer shuts down and I can only start it in Safe Mode. It won't even stay on when I start in Safe Mode with Networking. I was able to keep it going long enough to update Malwarebytes (which was still on there from removing Windows System Suite last week) so I ran it and it came back with 83 items all named Security.Hijack. I removed them but every time I boot it up it does the same thing (shuts down) and when I run Malwarebytes again (in Safe MOde) it comes back with the same 83 items.

I have not seen Windows System Suite pop up since I removed it but I still have Gala Search the browser redirector on there.

I have tried to use system restore which did not solve the problem and I also tried selecting "boot to last working configuration" or whatever the verbiage is on the same screen where I start it in Safe Mode. That also did not work. The computer just went to a black screen (shut down) like it always does.

Thanks in advance for your help!

A:My computer shuts down and gets reinfected

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

Symantec reported infection of a download.trojan file on one of our PC's.A closer look informed us that the problems were bigger than to just have Symantec scan and cure the disk. A file "6fdlypvj493.dll" couldn't be deleted.Using Ad-Aware tells me that the PC is infected with CoolWebSearch, but running the latest CWShredder just turn out as if there are no infections.Using Microsoft AntiSpy Beta tells me that the PC is infected with a lot of things that the others did not tell me. Everything was removed, but "SuperSpider" keeps reinfecting the PC. I keep getting AppInit_DLLs in the registry pointing to the above dll-file, removing it just keeps it coming back.Windows restore disabled. Booted up in protected mode.The dll-file seems to have infected winlogon, SMAgent.exe and a third file. Killed the two last processes with a sysinternal product, but the dll is still locked be winlogon.This is my hijackthis.log. Can anyone help me getting the malware removed:Logfile of HijackThis v1.99.1Scan saved at 15:05:57, on 22-08-2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA... Read more

A:Gets reinfected with "SuperSpider", Melcosoft among others

Hello,Download swap.zip from next location:http://forums.skads.org/index.php?showtopic=81(you'll find swap.zip as an attachement there)Unzip the folder, but make sure all those files are still present in the same folder swap!!Doubleclick swap.bat.Don't worry, your computer will reboot by itself, so let it finish the job.When rebooted...Download the latest version of Ad-Aware:http://www.lavasoft.de/support/download/After installing AAW, and before running the program.Please be sure to update the reference file following the instructions here:http://www.lavahelp.net/howto/updref/Reconfigure Ad-Aware for Full Scan:Launch the program, and click on the Gear at the top of the start screen.Click the 'Scanning' button.Under Drives, Folders and Files, select 'Scan within Archives'.Click 'Click here to select Drives + folders' and select your installed hard drives.Under Memory & Registry, select all options.Click the 'Advanced' button.Under 'Log-file detail level', select all options.Click the 'Tweaks' button.Under 'Scanning Engine', select the following:'Unload recognized processes during scanning.'Under 'Cleaning Engine', select the following:'Let Windows remove files in use after reboot.'Click on 'Proceed' to save these Preferences.Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT to allow it to finish. Post a new hijackthislog.By the way, can you tell me what next is? : c:\program files\timbuktu pro ??

Read other 14 answers
RELEVANCY SCORE 42.4

Recently, using one of this sites tutorials, I rid myself of Win 7 Virus. Great!! Used the Dell Mini for two days and now its reinfected. Its suppose to have an updated Trend Micro Internet Suite on it - Why is this happening??? Was there pieces of the first virus still on - or was it reinfected? I only used malwarebytes on it the first time - should I use another anti malware software to double check it?? Any help would be great appreciated! Thanks!

A:Reinfected with Win 7 Home Security

You can still get infected even if you have a good anti-virus. See this:

http://www.bleepingcomputer.com/forums/topic2520.html

Read other 1 answers
RELEVANCY SCORE 42.4

Hello.
1. I removed XP AntiSpyware by changing the mbam.exe to mbam.com
2. I restarted the computer. No pop-ups for about 10 hours.
3. When I restarted the computer today morning, the pop-up came back + it stops any .exe files (Firefox, Chrome) to open. So, the problem remains. I also hear a popping sound in the background (probably due to this XP antispyware virus)
4. Should I follow the advice given in this link?
http://www.bleepingcomputer.com/forums/topic299504.html

Thank you very much. Your website is very useful. Thanks a lot.

A:Got reinfected with XP Anti-Spyware

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers