Over 1 million tech questions and answers.

Multiple problems from an infection that has popups, warnings across top of webpage with too many viruses, and not loading cert...

Q: Multiple problems from an infection that has popups, warnings across top of webpage with too many viruses, and not loading cert...

Hello,I am having multiple problems from what I believe is some sort of virus. I am getting random advertisement popups, warnings across the top of webpages with viruses found and need to scan, as well as the inability to load profiles including the administrator.I have gone through all the steps prior to posting here and nothing has seemed to work. I was not able to turn on the firewall because when I tried to load the admin profile in safe mode, I just got the black screen with safe mode in the corners. Below is my txt document.DDS (Ver_09-01-07.01) - NTFSx86 Run by Brian at 22:25:43.14 on Wed 01/07/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1528 [GMT -5:00]AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Brian\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywayBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: {f704c48c-c6f6-575a-4f94-b764fe462cff}: {ffc264ef-467b-49f4-a575-6f6cc84c407f} - c:\windows\system32\kptdil.dllTB: {BA52B914-B692-46c4-B683-905236F6F655} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/WirelessmRun: [WinampAgent] c:\program files\winamp\winampa.exemRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -umRun: [DIGStream] c:\program files\digstream\digstream.exemRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [DIGServices] c:\program files\espnruntime\DIGServices.exe /brand=ESPN /priority=0 /poll=24mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exemRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenterdPolicies-explorer: NoSetActiveDesktop = 1 (0x1)dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllLSP: c:\docume~1\admini~1\locals~1\temp\ntdll64.dllNotify: igfxcui - igfxsrvc.dllNotify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dllAppInit_DLLs: kptdil.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\ip3s6ic5.default\FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: XUL Cache: {055EA3B0-FD57-49CA-9447-7C16CF051533} - c:\windows\system32\config\systemprofile\local settings\application data\{055ea3b0-fd57-49ca-9447-7c16cf051533}\============= SERVICES / DRIVERS ===============R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-6 111184]R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-6 254040]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-6 352920]R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-6 20560]R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-6 155160]R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]=============== Created Last 30 ================2009-01-07 11:42 73,216 a------- c:\windows\system32\ffkuz.dll2009-01-07 07:38 <DIR> --d----- c:\program files\Cobian Backup 82009-01-06 21:29 <DIR> --d----- c:\program files\SpywareBlaster2009-01-05 20:18 502 a------- c:\windows\system32\win32hlp.cnf2009-01-05 20:18 111,616 a------- c:\windows\system32\dllcache\userinit.exe2009-01-05 20:17 1 a------- c:\windows\system32\uniq.tll2009-01-05 20:17 1 a------- c:\windows\system32\test.ttt2009-01-05 20:17 24,576 a------- c:\windows\system32\pcload.exe2009-01-05 07:44 1,306,326 ---sh--- c:\windows\system32\ymcjqghr.ini2009-01-05 07:44 133,632 a------- c:\windows\system32\kptdil.dll2009-01-05 07:44 133,632 a------- c:\windows\system32\byaoehdg.dll2009-01-05 07:42 50,176 a------- c:\windows\system32\efcDSLdc.dll2008-12-30 21:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk2008-12-30 07:51 87,608 a------- c:\docume~1\brian\applic~1\inst.exe2008-12-30 07:51 217,127 a------- c:\windows\system32\drv43260.dll2008-12-30 07:51 208,935 a------- c:\windows\system32\drv33260.dll2008-12-30 07:51 176,165 a------- c:\windows\system32\drv23260.dll2008-12-30 07:51 102,439 a------- c:\windows\system32\sipr3260.dll2008-12-30 07:51 65,602 a------- c:\windows\system32\cook3260.dll2008-12-30 07:51 1,184,984 a------- c:\windows\system32\wvc1dmod.dll2008-12-30 07:51 626,688 a------- c:\windows\system32\vp7vfw.dll2008-12-29 12:04 110 a------- c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini2008-12-29 12:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard2008-12-29 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Leapfrog2008-12-29 12:01 <DIR> --d----- c:\program files\LeapFrog2008-12-28 13:56 <DIR> --d----- C:\P90X2008-12-28 13:52 <DIR> --d----- c:\program files\DVD Shrink2008-12-14 13:56 <DIR> --d----- c:\program files\BatchPhoto==================== Find3M ====================2009-01-05 20:18 111,616 a------- c:\windows\system32\userinit.exe2008-12-30 07:51 47,360 a------- c:\windows\system32\drivers\pcouffin.sys2008-12-30 07:51 47,360 a------- c:\docume~1\brian\applic~1\pcouffin.sys2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll2008-12-07 13:12 80,597,918 a------- C:\SYM_REGISTRY_BACKUP.reg2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll2007-03-22 19:01 81,920 a------- c:\docume~1\brian\applic~1\ezpinst.exe============= FINISH: 22:26:35.90 ===============Thank you for any help,Brian

RELEVANCY SCORE 200
Preferred Solution: Multiple problems from an infection that has popups, warnings across top of webpage with too many viruses, and not loading cert...

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Multiple problems from an infection that has popups, warnings across top of webpage with too many viruses, and not loading cert...

Hello Brian and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Download LSPFix and extract it to your desktop.Don't use it yet.A tutorial on the use of thsi tool can be found here : http://www.bleepingcomputer.com/tutorials/using-lsp-fix-to-remove-spyware/3. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!4. Run LSPFix.Close all windows on your computer.Double click on Lspfix to run it. Put a checkmark in the 'I know what I'm doing' checkbox.Now move any instances of "ntdll64.dll" into the remove box using the >> button. Press the Finish button.Greetings,Thunder

Read other 7 answers
RELEVANCY SCORE 71.2

"Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-22 04:41:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-12-22 09:41:59 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-12-22 09:40:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:57 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C... Read more

A:Popups, Multiple unknown processes, Multiple viruses and malware found...

TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
In the File menu click Exit to exit Spybot Search & Destroy.

Download http://www.techsupportforum.com/sect...etTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


----------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\That This.exe
O4 - HKCU\..\Run: [CreativeWeb] C:\DOCUME~1\Owner\APPLIC~1\LITEPL~1\Defy bias plus.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Ignore any prompts for a reboot


---------------


www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3... Read more

Read other 6 answers
RELEVANCY SCORE 70.4

During normal operation of my newer HP Pavilion dv6500 Notebook, I started receiving symantec virus infection warnings. It started off with one new trojan at a time. I checked the symantec history and the viruses were in quarantine. Eventually, over a series of days I started getting multiple infection warnings a day and each warning consisted of multiple and increasing trojans.
After googling several of the trojan titles and finding no results, I started reporting these trojans to symantec. About 10 days after I started receiving these warnings I decided to delete the viruses out of my quarantine since symantec couldn't figure out what to do with them. Immediately I stopped getting virus infection warnings but my CPU usage started creeping up from a standard 6-20% to a consistent 75%+. My symantec is running normal daily scans with no results but the scans used to take less than 90 minutes but now take more than 250 but don't find any infections.
I have completed your '5 things to do before posting' in turn and the following are the results.

Step 1:
I am using no 'cracked' software and found none of the programs listed on the site on my system.

Step 2:
I ran the Panda Online Scan and have attached the report titled "PandaActiveScan.txt"

Step 3:
I already have SpywareBlaster installed and up to date. I installed IE-Spyad/ZonedOut V3.5 and updated all applicable files.

Step 4:
I download and install all updates as released my Micros... Read more

A:Received multiple Symantec infection warnings

Forgot to include PandaActiveScan.txt. Included now.

Read other 3 answers
RELEVANCY SCORE 69.6

I am unable to run any programs, including HJT, so can't get a security log.
The screen gets multiple fake security alert windows, saying it is infected and do I want to activate my antivirus software, and then unwanted websites start popping up. Any program that I try to run shuts down right away, or doesn't respond, and then I get another warning that the program file is infected.

I think I got malwarebytes to scan, but it said only one item was found, and then it froze and I couldn't do any more with it.
Never had a problem like this before on this computer, but it is dead in the water now and we're a bit frantic. Any help would be Very Much appreciated!
 

A:Attack of false virus infection warnings, popups, basically disabled Please Help

Read other 16 answers
RELEVANCY SCORE 66.4

I am helping my fiancee's sister out. She was having multiple issues with virus/trojans, and popups. I have done what I can to clean most of it up and hopefully some of you will see some things that I have missed, or are being reapplied during startup. Thanks in advance. If you need anything else just ask.

Update i did upgrade to windows sp3, after and took care of windows media player update exploit thing after I ran the panda online virus checker. so the ms06-006 thingy is now closed

A:multiple viruses/trojans popups

bump* i know you guys are busy.

and adding files

Read other 1 answers
RELEVANCY SCORE 66.4

One week ago, I started getting popup windows whenever I used Internet Explorer, so I ran AVG virus scan and got five virus which AVG healed. I wish I could tell you the name of the viruses but I did not save the report. Sorry! Since then, AVG Virus scan shows that I am virus free; however, I still get multiple popups. These popups open a new Internet Explorer window each time I open a new internet page and are always ads related to the web page I am viewing. Every time I run the AVG spyware scanner, my cookies are infected with at least five tracker cookies. I can post the most recent AVG virus scan log if you need it. Thanks in advance for your time!

Deckard's System Scanner v20071014.68
Run by jbridges on 2008-06-17 17:23:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2008-06-17 22:23:49 UTC - RP490 - Deckard's System Scanner Restore Point
55: 2008-06-17 14:37:56 UTC - RP489 - Removed Ad-Aware 2007
54: 2008-06-17 14:25:07 UTC - RP488 - Software Distribution Service 3.0
53: 2008-05-28 17:28:53 UTC - RP487 - System Checkpoint
52: 2008-05-27 13:18:17 UTC - RP486 - System Checkpoint


-- First Restore Point --
1: 2008-03-24 16:58:22 UTC - RP435 - System Checkpoint


Backed up registry hives.
Perform... Read more

A:Constant popups - multiple viruses

Bump - please

Read other 16 answers
RELEVANCY SCORE 66.4

Here is my Sys info:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 9
Processor Count: 2
RAM: 1014 Mb
Graphics Card: Intel(R) 82915G/GV/910GL Express Chipset Family, 128 Mb
Hard Drives: C: Total - 109662 MB, Free - 2763 MB; H: Total - 38130 MB, Free - 37670 MB;
Motherboard: Dell Inc., 0JC474
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled

I have scanned using Avast which has found nothing. (of course) I also frequently get the message that my shockwave is busy. I am going to post the Hijack this log also.:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:52 PM, on 9/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.... Read more

Read other answers
RELEVANCY SCORE 66.4

hi i have done the 5 steps and have resulted with the following logs, but before that i wanted to tell u guys that this has been happening for a couple days, and its getting a bit annoying, i have ran somescans to find out that i do have a keylogger in my system, and i do realize what that means but my main concern here is the popups, i believe there all linked here are all the logs:

i have also attached all these to this thread so if u guys want to download them feel free to


hijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:19 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Softwa... Read more

A:CiD: prefix popups + multiple viruses

Quote:




O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\KGB Keylogger\winlogons.exe




Is this something you installed?

Read other 12 answers
RELEVANCY SCORE 65.6

Hi,

I would appreciate any help anyone could provide with the following issue I have recently encountered.

I scanned my computer with SUPERAntiSpyware and it found multiple trojans including:
Trojan.Vundo-Variant/Small-GEN
Trojan.Unclassified/Packed-Win
Unclassified.Unknown Origin
Trojan.Vundo-Variant/NextGen
Trojan.Vundo-Variant/NextGen-Six
Browser Hijacker.Internet Explorer Zone Hijack
Trojan.Unknown Origin
Adware.Vundo Variant/Rel

I quarantined these and my system seemed to be fine again.

However, now I am constantly getting popups, including one which is from hxxp://pro-anti-virus-scan.com telling me to scan my computer from malware and trying to get me to download anti-virus software, and I keep having to close Firefox via the task manager to get rid of it.

Here is my log:



DDS (Version 1.0) - NTFSx86
Run by Helen Fraser at 21:46:31.56 on 10/12/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.276 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\p... Read more

A:Think I'm infected with multiple viruses/trojans - keep getting popups

Hi hfraser

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We need to disable your TeaTimer as it may interfere with the fixes that we need ... Read more

Read other 7 answers
RELEVANCY SCORE 64.8

Hello I cannot login into Facebook, hotmail or fantasysports.yahoo.com I get and error while loading with all of them after trying to login....I can log in fine on other computersany help would be great....thanks! I use Firefox but IE has same problemsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:21:39 AM, on 2/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\WINDOWS\System32\svchost.exec:\program files\mcafee.com\vso\mcvsshld.exec:\progra... Read more

A:Webpage Loading Problems

Hello slothiel Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience.

Read other 1 answers
RELEVANCY SCORE 64.4

Hi,

I downloaded Ilivid / bamoo / searchqu in error and am having trouble removing them. Since then I have had trojan and keylogging threats.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by User at 9:31:03 on 2012-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2098 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software&#... Read more

A:Problems since downloading ilivid - multiple security warnings

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 35 answers
RELEVANCY SCORE 63.6

Initially had a problem with Google results getting hijacked and now random windows will pop up in IE and Firefox without prompting. New processes running and some under rundll32.exe in the TaskManager. New things appearing in prefetch. Generic Host Process for win32 consistently needs to close. Then shuts downs the PC within a minute.

Attempted SpyBot early on, then AVG, and SDFix. Now trying HijackThis as a possible solution.

Please help.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Damian at 12:11:15.14 on Wed 02/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.71 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG... Read more

A:Unknown Infection - Multiple Trojans and Viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

Hi

I opened some webages and the links had been replaced with usercash links and the other site keeps loading different sites/popups at the bottom bar and froze. So worried there is a virus I have run Malware, AVG and no problems detected.

Still doing it so I ran DDS.

Then GMER, but this crashes when it gets to :
\device\HardiskVolumeShadowCopy1

CAN ANYONE HELP?

Below are DDS data:



DDS Scan:

DDS (Ver_09-10-26.01) - NTFSx86
Run by udesmeister at 1500.52 on 21/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2045.937 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkSer... Read more

A:Links replaced and multiple popups loading malware/spyware?

Hi,

Please try running GMER in safe mode. make sure all your security programs are disabled.

If it still will not run, please run the following program instead:
Download RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)Primary Mirror
Secondary Mirror
Secondary Mirror

Rar Mirrors - Only if you know what a RAR is and can extract it.Primary Mirror
Secondary Mirror
Secondary Mirror
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 16 answers
RELEVANCY SCORE 62

Please delete this post as I have someone else to fix it for me.

Thanks!

Read other answers
RELEVANCY SCORE 62

hello, i keep getting multiple popups and would like some help in removing them. thanks in advance for any help offered.posted below are the resit/hjt and kaspersky reports Logfile of random's system information tool 1.05 (written by random/random)Run by bigdadie at 2008-12-21 22:42:52Microsoft Windows XP Professional Service Pack 2System drive C: has 74 GB (64%) free of 114 GBTotal RAM: 1023 MB (58% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:54 PM, on 12/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Sys... Read more

A:Virtumonde infection i think, multiple popups

Hello Bigdadie,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 10 answers
RELEVANCY SCORE 62

Hello to all who can hopefully help me!was referred to this forum from my previous posts:http://www.bleepingcomputer.com/forums/top...ml#entry1566837I downloaded the dds.scr and rootrepeal.exe files but was unable to get them to run. It might be the thing with the disable script blocking, which I have no idea how to do. I also tried running the programs in safe mode, but that didn't help anything.The dds.scr opens to a black screen saying it's going to run, but then simply closesthe rootrepeal gave me this error:16:10:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)16:10:49: DeviceIoControl Error! Error Code = 0x1e716:10:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)I've tried downloading both programs several times as well as renaming the .exe extension, but that didn't help.After my last bootup, my regular user account is now being overwhelmed with IE popups so I am now using my administrative account which is even allowing me to log in here [couldn't log into anything online in any browser without crashing]. I'm getting several "IE has stopped working" [even though I am using Firefox and IE is closed] but no IE window redirect popups.I've also received a windows warning saying I have a problem with malware and that it's UACD.sys, but can't find that.Windows alsol wants me to update with windows vista service pack 1. I thought I had done this awhile back, but honestly, this situation right now has me... Read more

A:rootkit infection / multiple IE popups

Hello and welcome to the BleepingComputer.com! I will be helping you today. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.For now please try to run the following tools:Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own ... Read more

Read other 18 answers
RELEVANCY SCORE 62

Hi,My computer is infected with something but I don't know what it is as scans via Spyware Doctor and McAfee have showed up nothing. Tried the Kaspersky scanner and it found 8 items but I was unable to save the report. However, some of those items were trusted programs such as IRC so...In any case, here's the problem.When I start up my browser, either IE or FF, there would be popups in other tabs or via a new window. They seem to be different websites everytime, and below are some of them:- <http://antispywaresuite.com/data/index.php?02005c5f570e6b100d025701574c3909036f084e0a665356073a43053a5c596e020451501f04580b591f550a565748020d5d455e5e5f095a5b3a0157570e03023a040703015556510556525b0c0957050608540f5d08010601510301035f5157033e56500d5102530003025a5b0e525755065a5d5b0b06010f5d5356500c55085151130555060953420109570a1e01095f01531f5f53090510065d5f541f5a453a085b04565e015556576b52660952595b04460a790c0105003a003d510b0204431257060452>- <http://joybuyjoy.com/hobbies_games.html>- <http://http://82.98.235.210/go//?cmp=impressions_se_juan&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&lid=http> (x)- <http://82.98.235.210/go//?cmp=vm_cmp793_xt&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=152743&rid=ccnt_ha&lid=http> (x)- <http://83.149.75.33/info.png?cmp=ghrnc&uid=E2A86B3A0F9511DD876E152743CFFFFF&guid=C24261DE68B646769DC22598C455B940&affid=15... Read more

A:Unknown Infection With Multiple Popups

Hello Cloud_D and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 8 answers
RELEVANCY SCORE 60

I have an HP dv6 1355dx laptop running a 64bit version of Windows 7.

I didn't deviate from any normal day-to-day internet activities, but got really worried when IE started opening up popups. I NEVER use Internet Explorer, so I was instantly on alert. The popups close easily, but are becoming more frequent. I also learned that whenever I try to search using Google on any of my broswers, about 80% of the time I get redirected to random, shady looking sites.

I have run all of my virus programs multiple times regularly and in safe mode. Microsoft Security Essentials would not open normally, and did not detect anything when I ran it in Safe Mode. In safe mode, it tells me that Malwarebytes picked up four different trojans, but successfully removed them and is now coming up clean.

Any help would be so greatly appreciated.

I ran one of the DDS logs, which gave me the following:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Teddi at 22:36:44 on 2011-06-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1823 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows&#... Read more

A:Unknown Infection causing multiple popups and Google redirect.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 60

Hi, got loads of duplicate files, bulk http:\\\ syntax error popups and new viruses found every 3/4 mins by mcafee - Hijack this log below if anyone can help:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:37:51, on 23/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeF:\WINDOWS\system32\spoolsv.exeF:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeF:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeF:\PROGRA~1\McAfee\MSC\mcmscsvc.exef:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exef:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeF:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeF:\Program Files\McAfee\MPF\MPFSrv.exeF:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeF:\WINDOWS\system32\nvsvc32.exeF:\Program Files\SiteAdvisor\6172\SAService.exeF:\Program Files\NETGEAR\WG111T\wlan111t.exeF:... Read more

A:Spyware/viruses/popups Problems

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 1 answers
RELEVANCY SCORE 60

Ok im living a nightmare right now with this computer and I have no clue what happened. Im gonna try and make this short but A LOT has happened since last night. Some background:Bought this computer brand new from Staples (warranties have long since lapsed) in 07. Was one of the first with Vista. After my antivirus expired and I ran through a few free ones I just never got antivirus again. (I know, I know)...Ive been without antivirus software since 09 and my computers been ok. I download tons of stuff, play online games, spend plenty of time on the net and Ive never had a problem. Recently I just got a virus. My computer has been acting crazy slow and freezing and yesterday this new thing happened where everytime I would Google antivirus software, it would redirect me to another website to download some software. Im assuming this is the virus, and that this other website is bogus. I finally got avast downloaded on my computer and i did a boot scan (I had to reinstall avast about 3 times btw. It kept saying UNSECURED; avast has stopped) The scan found a ton of stuff with the same name in all types of different locations. The names were win32 patched and winamp--- (didnt catch the rest) now I selected the option to delete all, but when it finished the next morning and I was at the main page, it said this copy of windows is not genuine. I googled, it seems that avast is usually the root of this problem, so i uninstalled it and it went away.Now basically this is where I'm at... Read more

A:Multiple Viruses, Multiple Problems

star feeds mixer is the website it keeps directing me to by the way...

Read other 6 answers
RELEVANCY SCORE 59.2

Where to begin??? Suddenly I am getting all kinds of strange behavior from my pc. First I notice 2 icons on the desktop this afternoon. One says "Help and Support" (looks like a green shield) and the other says Windows Update and looks far too legit, but checking the properties I was able to see that these icons will direct me to storageprotector.com. Next I rebooted to see what, if any, errors may occur at start up. Sure enough, I received the following message:
"IMPORTANT - Potential Errors found in the system
During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff00024
NT_Kernal error 1256
KMODE_EXCEPTION_NOT_HANDLED"

In my attempt to search for possible answers to these problems, I see that every webpage that I go to now has an ad stating "Your system could be saving dangerous adult files to your computer" with a DELETE DANGEROUS FILES NOW button. Another ad displays as though a scan is being run and reporting XXXX errors Also, the page acts as though it is always "transferring data" and I have to use the STOP button to speed things up and stop the continuous loading.
Just now had a warning pop up from my system tray, the icon is a red circle with an X:
"A Critical error could occur. ***STOP: 0x0000007B (0xF20184, 0x000000, 0xCC0034)***
Inaccessible handler or device.
Click this balloon to fix the problem"
One more thing to mention; McAffe is blocking ... Read more

A:Warnings of dangerous files on every webpage

Read other 12 answers
RELEVANCY SCORE 58.8

All of a sudden my computer started acting real funky. Here's a list of all the strange things happening.Random IE popups (usually suggesting I have a virus, and I need to use so and so to clean it up, not gonna fall for that though!)Whenever I use google and try to click on one of the found search links it never takes me to the website, but some searchsweetbearx.com URL.At random times the color vibrance will turn down to where it's almost black and whiteWhenever windows first starts up. Something about Damage Execution Prevention comes up and says windows won't run "Run DLL as an app" or something like that.One time, yesterday, I strange random sound clip would play even when nothing was opened up (Think it was taken from one of my video files)And tons of .dll errors would show up some times. Almost to the point where I would have to do a hard restart.Oh and here is the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:00:03 PM, on 4/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32... Read more

A:Various problems (viruses most likely, Google acting strange, DEP, IE popups)

Hello.Unfortunately you have the file infector Virut infection. The only way to proceed is to Format the whole computer and start over.Virut File Infector WarningYour system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files t... Read more

Read other 2 answers
RELEVANCY SCORE 58.8

Im at a loss for what to do ... I've scanned every part of the comp imaginable.. Ive used Avast/Trend Micro/Trojan Remover/and tried recently using a-squared but still im getting alerts of viruses and showing trojans... Here is the Hijack This log... Any help would be great before I pull my hair out Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:42 PM, on 11/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\1144543121\ee\AOLSoftware.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\PROGRA~1\AL... Read more

A:Plz Help... Multiple Viruses/Trojans/Problems :(

hi, ok first we will use hjt then boot computer into safe mode to do some stuff. you should copy/paste the safe mode part into notepad and save it so you can find it in safe mode.first hjt:start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"O4 - HKLM\..\Run: [Microsoft Update Machine] svohost.exeO4 - HKLM\..\RunServices: [Microsoft Update Machine] svohost.exebefore safe mode do this to help show all files;FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then okok time for safe mode. to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list:safe mode, once at the safe mode desktop;navigate to the C: \windows\system 32 dir.you are looking for:svohost.exeNOTE: this one is ok svchost.exe, notice spelling.delete it if found. you can also do this in safe mode;Click Start>Run then type %temp%Hit OK. Delete all the files you can.click Start>Run then type %windir%\temphit ok. delete all the files you can Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:Temporary File... Read more

Read other 1 answers
RELEVANCY SCORE 58.8

Hi,
I am using my grandmothers computer for the week and already there are viruses on the computer.
Some of the stuff I don't even know what it is.
Every 15 mins or so, Norton says 'Detected Dialer.iDialer. Blocked. You are secure' Or something like that, but then it just comes up again and I don't think It's doing anything!

Norton has detected the following viruses:
Dialer.iDialer
Dialer.Generic
Trojan.Vundo
Trojan.Zlob (which is not removed, according to Norton)

This is REALLY annoying because I have no idea what's going on or how they got there!

I have read the 'READ THIS BEFORE POSTING' thread, and I tried everything there-but none of those things worked.

Now-the main problem.
Constantly there are popups from anti-virus products that are asking me to download it, but I don't need it!
They show my details and stuff, for example:
YOUR COMPUTER IS INFECTED!!
Your I.P Address: 130.43.34.54
Your Country: New Zealand
Etc.
The most notable site the advertisements come from are amaena.com
The antivirus products demanding me to buy/download them are listed:
WinAntiVirusPro2006 (which popped up just now-again )
ErrorSafe
DriveCleaner
and Others which I forgot

This is incredibly annoying and time consuming trying to close these popups. But the thing is, sometimes it changes which website i'm on! It's soo annoying!

I scanned my computer with Norton, and those anti-spyware programs ON SAFE MODE. That didn't work one bit. It still detected the same ... Read more

A:Multiple Viruses & Internet Problems

Hi *Ty

Before proceeding any further, please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory

======================

I'd like you to rename HijackThis.exe to Ty.exe. Navigate to C:\PROGRAM FILES\HIJACKTHIS\
Right click on HijackThis.exe
Select 'Rename'
Type in Ty.exe
Press Enter.

======================

Please Run a scan with HiJackThis and post the log Here

Read other 1 answers
RELEVANCY SCORE 58

I think spybot is detecting viruses on my computer, but when the scan finishes it says there are no threats. For example, when it is scanning, names of viruses will come up next to the item it is scanning. There were hundreds coming up throughout the scan. However, when it is done, it will say no threats were found. Is this a virus that is preventing Spybot from showing the report, or are those names coming up just the virus that the program is looking for? I just found out that it was bad to have more than one anti-virus program installed on my computer, and I uninstalled a few. I had Ad-Aware, Malware Bytes, AVG, and Spybot, but now I only have Ad-Aware. I'm not sure if I have viruses or not...



Run by thessaly at 21:16:59 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1790 [GMT -6:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\winini... Read more

A:[SOLVED] Problems with Spybot-think I have multiple viruses?

Hello and welcome to TSF.

The title of your topic is marked as [SOLVED]. Please confirm if that is indeed the case, so that the thread can be archived.

Read other 2 answers
RELEVANCY SCORE 57.2

Hey, Im not sure where to start with this because usually i can keep my computer pretty clean, but awhile back we got Trojan.Virtumonde and i got some help from people that i know and it was ok for awhile but now everything just started up again the other day and today its the worse its ever been, my computer wont run in normal startup, it just freezes, i constantly get the pop up boubles telling me these four names of Viruses etc. on the computer. When i click the System Alerts to download what is supose to fix them it gives me a crital error, runtime error etc. What keeps coming up is - PSW.X-Virtojan, [email protected], [email protected], and [email protected] trojan - Help with fixing my computer will be greatly appreciated, Thanks In Advance.
 

A:Solved: Multiple Problems (concerning Tojans, Viruses, and Worms)

Read other 16 answers
RELEVANCY SCORE 57.2

Well Its pretty bad, It starts out alright, but the long I leave my computer on, the more troubles I seem to have. I already have a program that prevents most of my scans from updating, and I know for a fact that the Recycler Virus is on my computer. Google did redirect to different pages once or twice, but that seemed to stop somehow, but whenever i type in a URL wrong i get redirected to "Open DNS" or something like that. I've gotten a DDS and attach log, hijackthis log, and Gmer log (all done today). Hopefully someone can solve my problem.

Heres the DDS


DDS (Ver_09-03-16.01) - NTFSx86
Run by Adam at 16:11:55.51 on Fri 05/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1485 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\sys... Read more

A:Multiple Problems/Viruses, Recycler, Firefox Crashing

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know yo... Read more

Read other 19 answers
RELEVANCY SCORE 56.8

Hello,
About a month ago I got the antivirusxp. I ran malwarebytes and multiple virus scanners ( free online scanners from kaspersky, panda) and from my installed AVG to get rid of malware/viruses. I taught everything got cleaned up, but every time I restarted windows I occasionally got an AVG virus alert. When I ran Kaspersky online scanner it found many virus ( this was like 2 weeks or more ago) that I couldn't find manually. I had tons of school work etc. so I didn't get a chance to clean up until about 4 days ago when I completely lost access to "normal mode". I can only access safe mode + laptop is speed/performance is cut in half.

It takes about 15 -20 minutes to load everything in safe mode and each time I run an app or even just a browser it takes 2-5 minutes. Windows also keeps freezing, even if I don't have alot of programs running in the back ground. I also found I cannot use the free online virus scanners anymore. I tried panda/kaspersky/eset and it keeps saying "error cannot load" or " java failed"...So that is why I cannot produce a virus log from online sources. could virus be doing this? The funny thing is I everytime I run AVG in safe mode it doesn't find anything..


anyway, here is my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:39 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

R... Read more

A:multiple problems- can only access safe mode, viruses, freezing etc.

bump, please

Read other 1 answers
RELEVANCY SCORE 56.8

Hi,

One of our computers was horribly infested with a teeming petri dish of viruses and other bugs - Vundo (two kinds), BHO (?), Trojan.Generic, MyWebSearchInstaller, Smitfraud/Bensorty, Fake-CATSRVPS and TDSSRV-Trace. I spent a good chunk of last week trying to clean it up, and thought I'd made some progress.... Unfortunately, I've been at work for the last four days and now the computer is in worse shape than it was before I started. If you want to see what I did last week, please see this thread. Sad isn't it? I spent two days talking to myself.

So, that's the history. At the end of that saga, it all looked good exept BitDefender kept popping up with a Trojan.Generic warning, which it said it deleted, but obviously didn't.

Here's where I'm at now:

Cannot Install Java
Realized that there was probably a Java issue (we were running something like 6.1?) so I followed other instructions found on this forum and uninstalled all old versions. My problem is that I can't install Java at all now. I've downloaded the most recent version from Sun's website. The online install downloads and then does nothing; when I try to install the offline download, it starts up and quickly dies with the following error:

Error 1330. A file that is required cannot be installed because the cabinet file C:\Documents and Settings\xxx\Application Data\Sun\Java\...\Data1.cab has an invalid digital signature. This may indicate the file is corrupt.
... Read more

A:Multiple Viruses/Trojans...Redirects, Java Problems...Second Request! PLEASE Help!!

Read other 7 answers
RELEVANCY SCORE 56

I keep having popup windows even though I updated my Webroot Spyware and Antivirus. Webroot has removed multiple viruses and adware but I'm still having popups.


Here are my Hijack this scan results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 55.6

I'm running Windows XP SP2. Here's what's going on:

- When I use Firefox, IE windows popup that start with urlurtbk.com, then redirect to a random advertisement
- I looked around for resolutions, there were people that solved their problem, but I couldn't use anything to totally help my situation
- My current antivirus is Sophos, there are things in its Quarantine like:

Troj/Virtum-Gen
Troj/PDFJs-A
Troj/JSRedir-M
Troj/Agent-GGQ
Mal/Packer (twice)
Mal/Heuri-E
Mal/Generic-A
Mal/FakeAV-BP
Mirar

... that I can't remove. It keeps saying can only complete with full scan and restart, which I've done many times.

- I downloaded the installation file for Malwarebytes' Anti-Malware, but it won't open, saying it can't find "mbam.exe"
- I've seen many people using HijackThis, which I don't know how to use (I'm hoping this forum would help me)
- Tried using System Restore, says it's unsuccessful for every date I use
- And of course, my computer is much slower than usual

Any help guys?

A:Multiple virus problems/IE popups while using Firefox

Hello and welcome JASE-ONE,I am moving this from XP to the Am I Infected forum as you are.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwa... Read more

Read other 16 answers
RELEVANCY SCORE 55.2

I have been having multiple issues that a variety of malware removal softwares have not been able to remove. 1) google redirect 2) unwanted pop up like registry cleaner, inability for aVast to conect to server to update
DDS (Ver_10-12-12.02) - NTFSx86
Run by John at 10:13:45.01 on Tue 03/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.262 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\h... Read more

A:multiple problems google redirect, unwanted popups

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

Read other 24 answers
RELEVANCY SCORE 54.8

Logfile of HijackThis v1.99.1Scan saved at 1:33:16 PM, on 02/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\... Read more

A:Pornographic Popups, Fake System Warnings, Fake Antivirus Download Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 6 answers
RELEVANCY SCORE 54.8

I recently got rid of an infection from Security Tool by using safe mode and Malwarbytes, but it did not get everything. I am still getting redirected to an ad websites. Furthermore somehow my sound card drivers have been damaged or removed. I tried using the Microsoft Fix It tool, it worked a few times, but now it doesn't and I can't get any sound. Also, Google Chrome no longer works on my computer, I have un- installed and re-installed it, but still it is mal functioning.Here are my logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by SheldonB at 21:35:54.67 on Mon 10/04/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.116 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\dlcxcoms.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exeC:\P... Read more

A:Multiple problems from infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 54.8

Hello all, first post!

6 weeks ago I bought a new Intel based PC from PCspecialist.co.uk. After 2 weeks the system failed to load, multiple attempts at loading gave varying outcomes, occasionally getting into safe mode but never Windows proper and all VERY SLOW - 30 mins say to get to safe mode.

I reinstalled from scratch. All was well for 2 weeks & then I had to use System restore to start. But was over in 10 mins & all OK.

But 2 hours ago it did not boot again. After one hour getting only to the pastel blue screen with a little plant life I gave up and used my system recovery disc aiming to recover to an image I made 6 days ago.

Problem is that using this disc it has taken 20 minutes to get to the System Recovery Options screen. There I was unable to select Restore using system image because of an 'egg timer'. After about 15 more mins while I was not looking up came a pop up "Searching for Windows Installation". I have been watching this search now for the last 30 mins....

BTW, on the option screen, Windows 7 Is listed with partition size 0mb on local disc E....

I am stuck now as to where to go. If this fails another clean install? I suspect that would get me back in action but it seems to me that there is an underlying issue.

Help much appreciated

Scott

A:Multiple Windows7 loading failures - now image restore problems

90 mins later and I have struggled through to the Select a System Image Backup screen. 5 mins after hitting Next it started scanning for system image disks....

It surely should not be this slow?

Read other 5 answers
RELEVANCY SCORE 54.4

Hello everyone, well this be my 1st problematic infection in 5 years and now i realise why i became so vigilant in the first place!

Basically, whenever i open IE (8) i get random windows openeing, pointing to urls i've never seen before. i've never let these popups fully load as i'm lightning fast with alt+F4 but i suspect that doesn't matter as the infections keep coming back (7 in total that i have found using Bullguard and all the various popular online scanners).

i've tried everything i can think of like safemode removal etc and even a AVC deep registry scan and nothing i try prevents them from coming back. So it is time to swallow my pride and ask the experts.

Using XP Pro SP3 with Bullguard and AVC Pro installed.

Thanks in advance for any help, i know you guys work hard to help us lesser beings

HJT log attached:
 

A:Recurring infection, random popups IE8, connection problems

bump
 

Read other 1 answers
RELEVANCY SCORE 54

I've been troubleshooting a laptop off and on for a while now and I hope I now have enough clues to diagnose the problem.

Trouble first started for the owner almost a year ago when Vista stopped loading automatically. It went into "Windows error recovery" screen with the options of repair or start windows normally. When he chose start normally it would load Vista just fine. Meanwhile, he had the hard drive loaded to the brim with movies and he thinks he remembers getting at least one warning at some point that the disc was getting full. I don't know if the first warning came before Vista stopped booting or after.

This error recovery option worked for him until this past January. Since then, when "load Windows normally" is selected it tries to, but then goes to a blue screen saying that loading has been stopped to prevent damage, suggests turning off memory caching, etc. and reports a memory dump. The latest log (1/19/2012) shows several attempts to download some Vuze plugins, recording "unknown host" errors. Vuze is a movie download service. It seems that it tried to download updates while there was no internet connection.

1.Since then I have removed several movies and freed up about 20 Gb of space.
2.The process log at X:\sources\recovery\tools reports:
Function init adapter failure, failed to initialize the RAID class. etc.
3.SFC/scannow reports no integrity problems.
4.Chkdsk finds no bad sectors.
5.Automatic startup r... Read more

A:Vista not loading, boot sector problem? BIOS? Multiple problems?

Its got to be the motherboard. Have you checked the internal CPU heatsink for contamination from dust and other debris?
 

Read other 3 answers
RELEVANCY SCORE 54

I really hope someone can help me here cos i'm at my wits end.

My computer is blighted by numerous popups which come with increasing frequency. At the moment the come about one every 2-3 mins. I have run numerous scans for spyware and the like and have found LOADS of stuff. Most of it was able to be removed. The problem still remains however and if anything, its getting worse. I know from scans that there are issues which can't be removed such as Zestyfind, Look2Me and a pesky trojan called browsela.dll and try as I might I can't remove these. I learnt of HijackThis and have run it to get my report. I include it at the end here.

If anyone has ANY help to offer at all I would be eternally greatful. The alternative is a full reformat and i'm not looking forward to that.

Sincerely yours, SidneyKidney


Logfile of HijackThis v1.99.1
Scan saved at 22:41:05, on 31/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT... Read more

A:Continuous popups and adware problems unresolved with multiple scanning tools

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.
Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

Read other 3 answers
RELEVANCY SCORE 54

once i got rid of a virus on my pc using help from tsg i started to get lots of popups warning me about problems with my registry and adware on my pc and that my pc's information is open to anybody. but when i run my NAV an windows defender they come up clean can anybody give me some advice please ?
 

A:lots of warnings about adware, spyware and viruses dont know what to do please help

Read other 7 answers
RELEVANCY SCORE 54

I keep getting constant warnings of trojans or viruses in my computer. Then it opens many web pages offering all sorts of software to fix my "problem". Scanned with Avast and AVG.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:10:35 PM, on 11/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Windows Defender\MSASCui.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC: ... Read more

A:Constant Fake Warnings Of Trojans, Spyware, And Viruses

Hello iramos,Welcome to Bleeping Computer First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (AVG and Avast!) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable the other one, and use it as an on demand only scan occasionally.Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O2 - BHO: (no name) - {0d93c2d8-a7e6-46a3-a01b-b06a985a3cc3} - C:\WINDOWS\system32\glwvove.dllO2 - BHO: {75b8f811-0c21-a4c8-a054-98884fc1ca33} - {33ac1cf4-8889-450a-8c4a-12c0118f8b57} - C:\WINDOWS\system32\xasaliav.dll (file missing)O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\awtrrst.dll (file missing)O2 - BHO: CoolBHO - {5C2A9795-B130-4622-B036-BDCAD28602DC} - C:\Program Files\Cool\Cool.dll (file missing)O2 - BHO: (no name) - {80929DCF-AC48-45D9-91A1-430D7F3D3076} - C:\Program Files\Messenger\mexobafimC:\WINDOWS\system32\h2\jumper83122.exe.dll (file missing)O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kbvdjgqs.dll (file missing)O2 - BHO: (no name) - {EE7F5020-0D30-4D0A-8354-975426797FF2} - C:\Program Files\Messenger\mexobafimC:\DOCUME... Read more

Read other 4 answers
RELEVANCY SCORE 53.6

Logfile of HijackThis v1.99.1Scan saved at 7:01:00 AM, on 6/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Documents and Settings\All Users\Application Data\jopkrcbs.exeC:\WINDOWS\system32\scchk32.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Hewlett-Packard ... Read more

A:Log - Popups, Warnings, Errors

Hi jEnNyMe,Download combofix from here**Save it directly to your desktop**Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next replyWarning: Do not mouseclick combofix's window whilst it's running. That may cause it to stallA log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply, along with a fresh HJT log

Read other 7 answers
RELEVANCY SCORE 53.6

Man, this seems to be a big problem for a LOT of people. So, I get popups, ads, warnings for spyware and viruses and porn sites and gambling sites. It started yesterday and it's driving me nuts. I ran McAfee, it found nothing, as I expected. I ran ewido last night and it found 545 items that were quarantined. I saved the log. I also ran hijackthis and saved the log from that as well since everyone on here is told to do so.

Also, the little yellow system's tray warning that tells me I may be infected forces me to double click on it to get it to go away, which opens an IE window. All of this is happening in IE. All of the popup windows and warnings and crap. I don't use IE. EVER. Unless I absolutely have to, which is once or twice a year. So that's doubly annoying. I use Netscape if that helps.

I have Windows XP.

Any help would be appreciated, thanks.
 

A:spyware warnings and ad popups

Read other 16 answers
RELEVANCY SCORE 53.2

Here is my log file from Hijack this. I recently caught a really bad trojan from Bitorrents that installed this program called AntivirusXP 2009 and a bunch of other trojans on my computer. I seemed to have gotten some of them off by using Malwarebytes and Spyware Doctor, but now when I startup my PC, explorer will not open, unless I pull up task manager and start explorer.exe as a new task. Any help on this would be much appreciated, I have been stuck for hours! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:29:42 PM, on 2/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Intel A... Read more

A:AntispywareXP 2009 Virus/Trojans Infection, Explorer.exe loading problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

Getting alot of windows security centre errors and alerts on this advert, i can try to 'bring out' another error, but i assumed you guys can tell a hell of a lot from just a HJT log, so here it is! thanks.

Heres the log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:02, on 07/01/1988
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
C:\Program Files\Common Files\Logitech\LComMgr\Commun... Read more

A:Wierd problems, popups, security centre spyware/infection alerts.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 52.8

I problems all started when I downloaded something and installed it (I forgot what I downloaded exactly since it was last week). Realizing it could have been a virus or something, I quickly uninstalled it. Even though my anti-virus (AVG Internet Security) was running fine, it didn't detect it. Thinking that I have deleted the virus, I just continued doing what I was doing before. After a while, I realized it could have been malware or something so I tried to launch Malwarebytes' Anti-Malware. I tried double clicking the icon on my desktop but nothing happened. I then tried right clicking it and it didn't show the Open, Run as... or scan with Malwarebytes' Anti-Malware button. Instead it showed Cut, Copy, Delete and Rename or something along those lines. I then thought that the shortcuts stopped working so I went to the Malwarebytes' Anti-Malware directory and launched that. Then windows said it Cannot open this file: mbam.exe and so on. I tried other applications and the same thing happened. Since I had Firefox on, I searched the web and fixed it with fixswen.inf. Right now, all the application icons are gone so then I searched the web to find out how to restore them I fixed it with http://www.dougknox.com/xp/file_assoc.htm . I then launched Malwarebytes' Anti-Malware and found one a registry item that was infected and deleted it. After that, i fixed some file associations and thought I fixed everything. Realizing that all the .dll file icon weren't shown I tried to fix it ... Read more

A:Multiple problems with my computer that's caused by an infection of some sort

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 19 answers
RELEVANCY SCORE 52.8

I've been trying to disinfect my computer for several days now but I'm not getting anywhere.

I've got the infected computer isolated from all networks and sitting next to my un-infected computer that I'm using to connect to the internet.

The infected computer has or had the following.

1) B
2) Braviax
3) Anti-Virsu Pro 2010
4) Total Security

It's running Windows XP Media Center...

I've been reading the threads here and tried a lot of the stuff, except ComboFix and Avenger, cause of the disclaimers not to run them without supervision, but nothing seems to work.

When running any of the stuff here, is it OK to transfer files back and forth between the infected and uninfected computer via a USB memory stick?

Please Help!!!

A:Massive infection by multiple problems MalwareBytes Shuts down

When running any of the stuff here, is it OK to transfer files back and forth between the infected and uninfected computer via a USB memory stick?Install this on the uninfected machine and attach the thumb drive:Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and ... Read more

Read other 7 answers