Over 1 million tech questions and answers.

Possible Security Malware Infection?/Permissions Issue?

Q: Possible Security Malware Infection?/Permissions Issue?

Hi gang,I have my neighbor's laptop because she said she downloaded that Security Tool malware. The problem I'm having is I can't seem to locate any issues, so I'm askling you fine people for help in determining whether or not there is an issue. To this date, I've cleaned up what I could using Avira, SpyBot, CCleaner and MalwareBytes, so following is the DDS log. Perhaps an associated issue: When I try to run GMER, I get this message: "C:\Windows\System\32\Cinfig\System: The system could not find the file specified" The file is actually there, and this user said she thought she had a duplicate user name previously, but I could not find that, either. Could this missing user/premissions issue be indicative of a larger issue?Please let me know, if you can, if there really is something I missed.Thanks for all the hard work.DDS:DDS (Ver_10-03-17.01) - NTFSX64 Run by Robin at 8:50:04.47 on Sat 04/24/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1760 [GMT -4:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exec:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\McAfee\MPF\MPFSrv.exeC:\Program Files (x86)\McAfee\MSK\MskSrver.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\PROGRA~2\McAfee\MSC\mcmscsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exec:\PROGRA~2\mcafee.com\agent\mcagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\igfxpers.exeC:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Program Files (x86)\iPod\bin\iPodService.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exec:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\msiexec.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exeC:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9507OTG\dds[1].scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig?hl=enuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmLocal Page = c:\windows\syswow64\blank.htmuInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dllBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUNuRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hiddenmRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /StartmRun: [UpdatePRCShortCut] "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exemRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkeymRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hidemRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /minuPolicies-system: WallpaperStyle = 2mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)dPolicies-system: WallpaperStyle = 2IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dllTrusted Zone: internetTrusted Zone: mcafee.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLLBHO-X64: McAfee Phishing Filter - No FileBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO-X64: scriptproxy - No FileBHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllTB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dllTB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exemRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun-x64: [Persistence] c:\windows\system32\igfxpers.exemRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exemRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"============= SERVICES / DRIVERS ===============R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-22 308296]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-4-21 135336]R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-4-21 267432]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-21 81072]R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-3-22 110312]R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-22 359952]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-22 155456]R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-4-21 1153368]R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-6-24 292864]R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-17 228408]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-26 138752]R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-10-22 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-22 102472]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-22 49480]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-28 215040]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-22 40904]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-17 216064]S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-27 1255736]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]=============== Created Last 30 ================2010-04-24 12:40:48 0 d-----w- c:\programdata\Sun2010-04-24 12:40:16 411368 ----a-w- c:\windows\syswow64\deployJava1.dll2010-04-24 12:40:16 153376 ----a-w- c:\windows\syswow64\javaws.exe2010-04-24 12:40:16 145184 ----a-w- c:\windows\syswow64\javaw.exe2010-04-24 12:40:16 145184 ----a-w- c:\windows\syswow64\java.exe2010-04-24 12:23:35 0 d-----w- c:\program files (x86)\CCleaner2010-04-23 13:15:59 0 d-----w- c:\program files (x86)\Trend Micro2010-04-21 13:30:34 0 d-----w- c:\users\robin\appdata\roaming\Avira2010-04-21 11:43:44 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys2010-04-21 11:43:42 0 d-----w- c:\programdata\Avira2010-04-21 11:43:42 0 d-----w- c:\program files (x86)\Avira2010-04-21 11:40:07 0 d-----w- c:\programdata\Spybot - Search & Destroy2010-04-21 11:40:07 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy2010-04-21 01:39:16 0 d-----w- c:\users\robin\appdata\roaming\Malwarebytes2010-04-21 01:39:08 24664 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-21 01:39:08 0 d-----w- c:\programdata\Malwarebytes2010-04-21 01:39:08 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2010-04-14 19:47:05 118 ----a-w- c:\windows\system32\MRT.INI2010-04-14 00:16:49 612352 ----a-w- c:\windows\system32\vbscript.dll2010-04-14 00:16:49 427520 ----a-w- c:\windows\syswow64\vbscript.dll2010-04-14 00:16:48 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2010-04-14 00:16:48 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-04-14 00:16:48 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2010-04-14 00:16:47 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe2010-04-14 00:16:46 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe2010-04-14 00:16:46 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe2010-04-13 20:06:12 220672 ----a-w- c:\windows\system32\wintrust.dll2010-04-13 20:06:12 172032 ----a-w- c:\windows\syswow64\wintrust.dll2010-04-13 20:06:11 139264 ----a-w- c:\windows\system32\cabview.dll2010-04-13 20:06:11 132608 ----a-w- c:\windows\syswow64\cabview.dll2010-03-27 14:40:47 0 d-----w- c:\windows\syswow64\Wat2010-03-27 14:40:47 0 d-----w- c:\windows\system32\Wat==================== Find3M ====================2010-04-04 01:35:20 298 ----a-w- c:\users\robin\appdata\roaming\wklnhst.dat2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2010-01-22 16:15:59 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 8:51:22.33 ===============

RELEVANCY SCORE 200
Preferred Solution: Possible Security Malware Infection?/Permissions Issue?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Possible Security Malware Infection?/Permissions Issue?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

Read other 2 answers
RELEVANCY SCORE 64.8

A while back I had a nasty set of viruses that required some extensive help to remove - that seemed to be completely effective but now I've got a new smaller concern.

I'm running Vista Home P 32 and have one user account with admin privileges that, despite Windows recommendations, I use exclusively. A few weeks back I turned off the UAC because I was having problems with the user account and specifically the network connections taskbar icon was saying I wasn't connected to networks when indeed I was, beyond this the only other noticeable symptom was HP updater reporting that "access is denied" when it would do it's weekly check for printer driver updates. The similar "Connection status: unknown - access is denied" is the message the network icon in the taskbar would provide.

At the time I disabled UAC and went on with life. This week my wifes computer got railroaded by a nasty virus that required reformatting which has prompted me to deal with my own small issue more carefully.

I read other posts with similar concerns to mine, ran MBAM and HiJackThis, then jumped the gun and following advice given to another user (I know... I know...) and ran RootRepeal. That caused a BSOD with the message Kernel Data Inpage Error, 0x0000007A and referenced the file volmgr.sys. I'm not a pro but had to run HiJack in the past and nothing stood out as especially odd.

Not an immediate concern - but something I'd like to resolve for my own... Read more

A:Permissions issue / infection

Hello, most likely a Hardware/software issue with that error. But before we send you to Vista to fix this run an online scan.did you do any next steps in Rootrepeal?This may help your permissions,Go to File association fixes for Windows VistaClick the exe boxInstructions:To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using ... Read more

Read other 13 answers
RELEVANCY SCORE 61.6

*Quote original post...
Running Win7 on a Dell Inspiron 1520 with upgraded RAM, otherwise the laptop is stock. Laptop came with WindowsXP installed, I upgraded to Vista, ran flawlessly for 3 years but had accumulated junk and system was running painfully slow. I decided to do some cleanup and went to cnet to find good cleanup utilities. I am assuming that is where I inadvertanly downloaded an infected program. The cleanup was going well, freed up a lot of space and the system seemed to run faster although boot up was still painfully long and it seemed the hd was running very hard in the background.

I first noticed a problem with my AV Webroot with SpySweeper. It was not loaded to actively scan and protect me, when I tried I got an error I never saw before that said webroot had to close and to restart the program, and a status bar showed a progress of closing the program. but after it finished and I clicked OK the program would not start at all nor could I run any scans.

Then I noticed Windows Defender was turned off, and I turned it on but a scan would not start. I tried Malwarebytes and it ran once, said it found something but needed to reboot to fix, I rebooted and malwarebytes did not load and run nor could I ever get it to run a scan after that and I could never find what it had found. The same scenario happened with AVG free and any other scanner I tried including kaspersky. I even tried donloading them from another computer to a flash drive and installing from it but... Read more

A:Unknown Malware Infection-changed permissions, corrupted program files

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 18 answers
RELEVANCY SCORE 54.8

Good afternoon,

The night before this occurred I installed SP3 for XP from the microsoft update server. But I don't think this is related.

A few days ago IE7 indicated a "program not responding error" while my wife was surfing. When she accepted to close the window the prompt said thank you and installed XP Security Center. This program immediately scanned the hard disk for malware, reported 34 infected files and then asked to register which was cancelled. Several persistent pop-ups during web browsing and then starte redirecting web pages. At this point my wife shut the computer down.

My research through Goolge etc indicates that it is indeed malware. So
1) I booted from CDROM repair disks and deleted all files associated with the XP Security Center install I could find.
2) Ran Stinger 3.9.9 V1000 (Virus defs 22 Apr 08) Clean.
3) Ran Adware 1.06r (Virus defs SE1R210 27 Dec 07) Clean.
4) Ran Windows Defender Windows Defender Version: 1.1.1593.0 Engine Version: 1.1.3604.0
Definition Version: 1.35.563.0) which found TEIntFile, XPSecurity Centre and Renos infections that it successfully removed.
5) Using Defender SW Explorer found instance of XP Security centre running in startup. Deleted it.
6) Ran Symantec Antivirsus 9.0.2.1000 (Virus defs 20 Jen 08 rev3). Clean.
7) Used Cleanmgr in both profiles to cleanse temp, internet files etc.
8) Ran Deckard's system scan. Logs enclosed.
9) Ran Kaspersky scan three times. Always aborted. Error screen enclosed.

Two su... Read more

A:Malware Infection: Xp Security Center

Hello Ogriels,Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please remove dss.exe from your desktop if you have downloaded it before and still have it on your desktop.Download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both... Read more

Read other 33 answers
RELEVANCY SCORE 54.8

It looks like I've been infected with the AV Security malware. Every few minutes I get a Windows security Alert popup from the system tray that says Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here to scan your computer now, it might be at risk.An AntiVirus Security window usually pops up and has two options, Activate V I've been clicking the "stay unprotected" to close the window. I've also been getting a popup with the Antivirus Security Alert, Infiltration Alert, says i'm being attacted by an internet virus...it ususally shows a threat of Bankerfox.A or Win32/Nuqul.E. Do you want to block this? This is usually followed by my browser opening to websites that I don't want to go to. I've tried to run superantispyware and malwarebyte's anti-malware. These have detected objects and show they are being removed, but they persist after the reboot. Any help would be appreciated.The first time I ran GMER, it crashed my computer giving me the blue screen of death. I'm running it again and if I get a log, I'll attach it. Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 19:13:26.09 on Thu 06/17/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.171 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system3... Read more

A:AV Security Suite malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello,I'm hoping you can help me. I have a similar problem as earlier experienced by others...see the following forum link...http://www.bleepingcomputer.com/forums/t/263016/cyber-security-malware/I logged into my computer last night and after a couple of hours on it, I was getting flashing virus warnings. I notice that there is a new Icon on my desktop called Cyber Security. I may have picked up this malware from a download I did the previous day for a media converter called "SUPER". Before I downloaded it I googled around to be sure it was safe as it is freeware, no reviews I read reported problems with this software. After downloading it, I attempted to launch it, but nothing occured. This raised my suspicions and fears, so I immediatley uninstalled it. Possibly the site I got it from was bogus, or maybe I picked up the malware somewhere else. Now, a day later, I am experiencing this Cyber Security malware which can't be uninstalled or disabled. When trying to disable it, I get the message:"This version of cyber security is for evaluating purposes only. The removal features are disabled." My laptop is an HP Pavilion dv6449us, and Im running Vista SP2...I was able to generate the DDS logs and Attach.txt, but the Root Repeal would not complete after 5 hours, so no report here. Is this normal? How long should it take to complete and generate a report? It seemed to lock up when scanning the c:/Windows/system32/Gather^1.VBS, showing a scan status of "Locked to the wind... Read more

A:Cyber Security malware infection

One addtional thing, after attempting to run the but the Root Repeal, which never finshed (it just idled for several hours), explorer.exe seems to have gotten corrupted. I now get the "Windows Explorer Has Stopped Working" message box, followed by "Windows Explorer is Restarting". These two pop ups loop endlessly and prevent ny command, even in Safe Mode. I tried to restore my laptop to a previous restore point, back to October 4, but the explorer launch errors still occur!

Read other 20 answers
RELEVANCY SCORE 54.8

Hello - I wonder if you can help please. I appear to have picked up the "AV Security Essentials" virus and am not able to remove this. I have downloaded and run "Malwarebytes" and tdss remover but haven't been able to solve it.

I've followed the instructions in the "Preparation Guide" and have managed to run the dds.scr utility and produce the necessary files. However, when running the gmer scan the computer went to a blue screen and would not continue - so am unable to provide a log for this.

I'd be grateful for any support or advice you can give.

Best regards and many thanks,

Tony
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Anthony at 11:42:38 on 2012-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1742 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: AV Security Essentials *Enabled/Updated* {6E8EE894-7BB6-45EC-8F57-C0D6C1DEB26C}
FW: AV Security Essentials *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/... Read more

A:AV Security Essentials Malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 15 answers
RELEVANCY SCORE 54

Hello my computer has been infected with some nasty malware suites that I have been able to remove using malwarebytes however the unwanted programs will reinstall themselves to correct the issue I've done the following1. Run Malwarebytes to remove unwanted malware2. Run Trend Micro Officescan client for viruses3. Activated Windows Firewall4. Run Hijackthis and saved LogYour help is appreciated I am still experiencing browser redirects, I believe my PC is still dirty

A:Malware Security Suite Infection + IE Redirects

Hello, my PC was exposed to alot of malware/viruses/trojans - I have used MBAM, SuperantiSpyware, Trend Office Scan to remove much of the problem however I am still experiencing redirectsAlso - My PC is running super sluggish, I believe much of the memory is tied up in operation - Please help me remove the unneccesary tasks because this is as much a problem as the malware infection - can you help me with this? I believe a HiJackThis scan + log can help - I just don't know what tasks and startup items I can safely remove and the best way to do thisThank You to any soul who finds it within themself to help! **edit Hey I need to also add that I successfully ran combofix on 7-16 - I'm sorry!! I know it says everywhere on bleepingcomputers not to do this unless directed... I'm not sure where the log is saved to***editx2 - I found the log and attached it****+1 - I attached Hijackthis logMerged topics moving result to log forum. Initial post appears to have had the logs edited in after moderator opened topic but before the topic was actually moved. ~ OB

Read other 35 answers
RELEVANCY SCORE 54

Hello and HELP!!
Am running an Acer Aspire laptop with Vist Home Premium / Intel Core2 CPU T5500 / 1.66GHz, 2.0 GB ram / Mobile Intel 945GM Express Chipset Family
I was googling and visiting sites trying to find information about why my Sim City 4 game keeps crashing. Suddenly...

? java icon in system tray popped up with a message that it stopped working

- my spybot search and destroy program alerted me to settdebugx.exe trying to run. I denied it

? window security alert appeared in tray saying security center is turned off; found I can't turn it back on. Attempting to start windows defender from left hand column causes blue screen [flashes too fast to read] and computer reboot.

- Spybot can no longer run

- AVG [8.5 free] says it has no active components; but quarantined in virus vault is: Infection: Trojan horse Generic 16.BVN in C:\users\topaze\AppData\Local\Temp\Installer.exe

? Occasional pop up saying ?google installer has stopped working and was closed?

? occasional pop up informing me of a potential internet redirect ? I've been denying it.

? occasionally hearing audio ads, even when no internet browser is open.

? There is no longer a restore point for my C drive [other drives created their normal restore points] Also can't create restore points for C drive. Trying to use system restore results in the message ?no restore points have been created on your computer's system disk. Open system protection.... Read more

A:malware infection / security center disabled

Rescan again with Malwarebytes Anti-Malware (Full Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-cl... Read more

Read other 15 answers
RELEVANCY SCORE 54

Hi folks,

Hope ya's can help me. Running Win7 and have got infected with a program that calls itself 'Security Tool'. I get constant pop up's telling me that i am infected. I have tried to run MBAM but dosent try to install, I get the UAC pop up to click ok on but then nothing. Have tried renaming to Com. pif. scr still no luck. Have also tried downloading it with another name, still no luck. McAfee I can see trying to bring somethin to my attention but it disappers and can't load it up. I can't seem to install anything it just disappears. Have tried that SuperAntiSpyware but can't install it either. Try to load up system process and ot flashes up and disappears. Also tried installing from flas drive, no luck. Also Rkill just flashes black and closes dosent do anythin either.

Any help be appreciated

Cheers Gareth

A:Security Tool Malware infection Win7

Can anyone help me out here, have I posted in the right forum. Please really need someones help with this.

Regards
Gareth Trainor

Read other 2 answers
RELEVANCY SCORE 54

Hi - I found this site looking to clean my infected system. I am actually on a different computer now as my infected system (desktop - wireless) can't access security sites.

The problem started Dec 2nd, 2008. I'm running XP SP 3. The system was set up to autodownload MS updates once per day, and AV every three hours. Somehow it got infected with a nasty malware program - I'm guessing via human interaction of a family member clicking something they shouldn't have. The system has TendMicro Internet Security 2008 running on it and had it running at the time of infection too. I've spent about 10 hours trying to clean it so far with little luck. I'd appreciate any help anyone can provide.

Symptoms:
-Running a little slow, to very slow at times, especially when downloading files. Not consistent though.

-Originally it wouldn't boot past the loading windows screen, but that has stopped now

-Trendmicro found GetModule, Adload, and Generic12.KAO but couldn't clean them. Adload and Generic aren't found anymore, and I cleaned GetModule via instructions on the TrendMicro site

-I cannot surf to any security sites (including this one) nor can I get to windowsupdate, but I can surf to msn, yahoo, etc

-tried loading AVGFree AV by downloading it to my clean laptop, burning it to cd, and then transfering it to the desktop, but it runs with errors and ends up doing nothing

-Also transferred over mbam-setup, HJTInstall, spybot, but they won'... Read more

A:Malware Infection on XP - can't run mbam or other security programs

I'm still discovering more information. I did a netstat -o while booted in normal running mode, without any network connections of my own open, and found many entries all mapped to a process ID of 1512. This PID lists in my task manager as svchost.exe. in the netstat - o results, http connections are open to the following:

207.68.173.231

205.128.73.126

206.33.45.124

8.12.222.126

65.55.239.188

a96-17-75-139.deploy.akamaitechnologies.com

204.160.99.125

65.55.197.247

198.78.200.124

65.55.197.254

199.93.63.124

192.221.114.124

8.12.222.126

65.55.21.250

89.188.16.36

hosted-by.xentronix.nl

89.188.16.36

62.4.83.195

-All are listed as CLOSE_WAIT at the moment. I doubt the IPs or domains will help in resolving my issue, but I thought I'd include them just in case. Also, if they aren't other unsuspecting infected computers, maybe this information will be read by someonw who can help add their info to security tools/scanners.

Read other 5 answers
RELEVANCY SCORE 54

No programs will run in 'Normal Mode'; therefore I restsarted and initiated 'Safe Mode'. It never boots into safe mode; before it even finishes loading the drivers it restarts.

Please Help!!

A:Security Protection Malware/Spyware Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424320 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 54

recently infected by the internet security 2010 spam program. I believe I've cleaned it using tutorials from this site. I've scanned with Malwarebytes, Spybot S&D, and my AVG virus scanner.Lingering Issues:1) System starts up and then after about 2 minutes starts a 60 second countdown timer saying that the system needs to restart. This happens only once usually after the computer has been sitting off for a few hours.2) I cannot reformat my computer. I put the boot disk into the drive, restart, and windows starts up as if everything were normal.Here is a hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:06:34 PM, on 3/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Progr... Read more

A:Lingering Malware from Internet Security Infection?

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer screen.SectionsIAT/EATFilesShow AllClick on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the conten... Read more

Read other 4 answers
RELEVANCY SCORE 53.6

Hello. I have been having a consistent issue for some time now, but am trying to figure out first whether it is a malware infection or a system-issue. My Laptop is only 1 year old and should have the requisite memory/processor to easily function with the applications I use it for. However, in the past few months, I've been encountering the following issue: My PC runs fine for a while, but after a bit of use, it reaches a point where the CPU usage reaches 100% (I might only be playing music in Windows Media Player, or browsing a regular internet page, for example - nothing intensive). Things come to a crawl and I am forced to re-boot.

I noticed in my resource usage when CPU usage hit 100% that an application called PING.exe was eating up things, and I used online guides to remove PING.EXE. However, while I no longer see PING.EXE show up in the CPU Usage screen, it still hits 100% after a bit and become unusable. I also noticed that after removing PING.EXE, I seem to have picked up a browser hijacker that re-directs me sometimes to search-fast-results. I have tried using applications such as Malwarebytes, SuperantiSpyware, TDSSKiller, etc...with no success in resolving this CPU Usage issue. I've tried identifying processes running as potential malware, but with no success - hence why I am here to get better expertise.

I would appreciate any advice/guidance. Thank You.

A:Malware Infection or Hardware Issue?

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 2 answers
RELEVANCY SCORE 53.6

I am not as experienced as I would like to be with resolving issues with my system, so please forgive me if I am not as well versed in terminology as some others may be. I will give as much information about my current problem as I can.

Started with XP Security Tool 2011
-Attempted to remove XP Security Tool and problem got worse

Symptoms:
-Google redirecting and random tabs open by themselves
-Notice received on startup: RUNDLL "The specified module could not be found C:\Windows\dwdmps.dll"
-svchost.exe running extremely high CPU usage and memory usage
*.exe files will not open (could not download Malwarebytes, HijackThis, GMER, or DDS until svchost.exe process stopped)
* even after ending process, it is back after a few minutes...running at 80-99% CPU usage
-Malwarebytes notifications every few minutes: Successfully blocked access to a potentially malicious website/ Type: outgoing
DeFogger downloaded and disabled CD Emulation programs

DDS Log:
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Run by Administrator at 14:11:50 on 2011-06-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.278 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\AVG\... Read more

A:Rootkit, malware infection began with XP Security Tool

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 26 answers
RELEVANCY SCORE 53.6

Hi,

I clicked a link in an email and now I believe the link sent me to a site which infected my laptop. I can no longer surf the web - IE and Mozilla both tell me it is unsafe to do so. A program called "XP Secuirty 2012" keeps popping up asking me to scan my laptop. I may also have other infections.

Here are my HIjackthis, DDS, and Gmer logs:

1. Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:09:05 AM, on 6/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancemen... Read more

A:System Infection - XP Security 2012 malware & other infections?

Read other 16 answers
RELEVANCY SCORE 53.2

I contracted this malware yesterday I think and every time I load mozilla firefox, or internet explorer it gives me this error message (see image)I put the "globalroot\systemroot\system32" part of the error message into google and found this site with someone who also had a .dll problem - I downloaded malwarebytes anti malware and followed what was posted but my computer will not load the malwarebytes anti malware program and i've tried every way I know how. AVGFree didn't pick up anything. Thanks for any help or insight.***LOGFILE***Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:40:50 PM, on 5/13/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Sony\AppMonUtil\AppMonUtility.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Prog... Read more

A:malware issue, don't know infection type - see inside for hjt

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 12 answers
RELEVANCY SCORE 53.2

Hi guys,

Ok this is my first post so please go easy!

Running ESET NOD32 for a couple of years with no real issues on my home PC's but I didn't upgrade it to the latest version a few months ago and left the old version 3 running, it got corrupted by a virus attack so it stopped flagging warning properly and my missus just kept pounding away at the interent while i was away on business. Got back and the computer is low as an arthritic, asmatic three leged dog!

so i unsinstall eset corrupted software and then get a slew of virus's while im downloading the latest version of eset 4 - got it installed and ran indepth in safe mode - cleaned out a ton of viruses which was great - so im halfway back to a fully operational machine but EST can't seem to clean some of them and they are still sitting there opening proccess's -

iexploere.exe
alg.exe
indcrsrv.exe
reader_s.exe
mabidwe.exe
rundll32.exe
soxpeca.exe

these are all running right now and i can't seem to kill them.

here is my hijack this info - i went to changes in the last 3 months i think as it has been that long scince the corruption may have occureed in the anti virus.:

Thanks in advance guys!

info.txt logfile of random's system information tool 1.05 2009-03-08 07:27:00

======Uninstall list======

-->"H:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine�... Read more

A:kryptic malware / virus infection issue

Hi and welcvomeFrom your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\... Read more

Read other 3 answers
RELEVANCY SCORE 53.2

A few days ago my computer (a Dell running Windows 7) was infected with malware calling itself "Security Shield." This happened to me once before, about a month ago, and I had the virus professionally removed by HP technical support, but it seems to have come back. Eventually I ran HijackThis in hopes of finding malicious files. After the scan, all signs of the virus mysteriously disappeared, and everything is functioning normally. However, I suspect the infection is still there. I ran Malwarebytes in Safe Mode but it didn't detect anything. I just ran HijackThis again and am including the log below, in hopes that you can diagnose what it means.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:16 PM, on 12/10/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Soft... Read more

A:Potential Security Shield malware infection (HijackThis log inside)

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

My computer has been infected with "security tool" anitvirus malware, it using a program that stars in task manager and is attacking my computer through pop up windows that say my computer is infected and tellng me i must buy their security software. in addition to this my internet explorer has been taking over and is loading as hxxp://flultwad.cc/aa/nothinggaga.php it does have 2 addresses before this one appears that are very similar but it loads to quickly for me to copy and paste the addresses.I saw a post here on how to remove this software using rkill and malwarebytes which have run through a number of times but hasnt completely removed the infection so decided to see if someone could help me find a real solution.I have done the DDS report below and pasted it as per the instructions and attached the zipped files. However i have not been able to use gmer becuae when i right click on it it does not give me the options as per the instructions instead it trys opening in my windows media player so am at a lost to that.Thanks in advance for any help or guidence you can give me to removing this very annoying infection.---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by AB at 22:45:20.06 on 26/07/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premi... Read more

A:Internet Explorer Hijack and security tool malware infection

Hi,If help is still needed post a fresh dds.txt log and do this:Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab, uncheck files option and then click scan.Don't check Show All box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Read other 2 answers
RELEVANCY SCORE 53.2

Greetings from Corporate America!
 
Long time listener, first time caller.
 
One of my users complained to me that our AV kept popping up and wouldn't let him open anything. Naturally, I knew right away that wasn't our AV solution, and when I went back and checked, I regrettably confirmed this notion. It was 'Antivirus Security Pro', and I had recognized a few of the symptoms from other Malware I've dealt with in the past.
 
I performed my usual RKill >> MBAM solution (which works most of the time to at least get me into a workable state for deeper cleaning), however I noticed a couple things that were troubling about this particular instance. Firstly, RKill did not fully kill all malicious processes, as AVSP popped right back up after RKill did its work (I was able to kill it via Process Explorer manually, but not until after running RKill a second time, overwriting the original log). Secondly, I noticed a very troubling few lines in the RKill log, which I've pasted below, along with the MBAM Full Scan log. 
 
This is a Win 7 x64 laptop running on a Windows Domain. Our network AV is Trend Micro. I recommend to all of our users to use Chrome or FireFox, however it seems this one was using IE (IE 9, to be specific).
 
Important Note: The issues caught by MBAM where no action was taken are Group Policy implements within our domain; as far as know these are nothing to worry about, except the "don't load|wscui.cpl", I was a little unsure of thi... Read more

A:ZeroAccess Infection Discovered by RKill after 'Antivirus Security Pro' Malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

Read other 44 answers
RELEVANCY SCORE 52.8

I followed your instructions and hope I did everything correctly. Here is a copy of my log....


DDS (Version 1.1.0) - NTFSx86
Run by owner at 10:39:47.51 on Sun 12/21/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2045.900 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\... Read more

A:I have a Malware security issue.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, TrendMicro and AVG. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 52.8

Hi,
 
Looking forward to some further help on this one.
 
A few days ago my PC was infected by the GVU malware. This was a recent version it seems as I was unable to use the usual command promp to solve.
 
I ended up using Kapersky Recovery Disc and then removed the malware.
After this I ran a full system scan with McAfee Internet Security, TDSSKiller and Advanced Systemcare 6 that all seem to show I no longer have the malware. I have also used CCleaner.
I am using Windows 7 64bit Home Premium on a custom rig.
Here is my problem:
 
Whenever I start the PC, I still get a black screen with the cmd.exe prompt. Once I enter explorer.exe in here I then come back to my desk top.
 
I have already tried the following:
 
1. System fix on boot menu with Windows Disc
2. CMD.exe sfc/ scan and chkdsk/f/r
3. Looked through msconfig for any suspicious files and can't see any
4. I don't have any previous system recovery points to go back to
5. Help from Broni on this post    http://www.bleepingcomputer.com/forums/t/496407/recovering-from-gvu-malware-cmdexe-issue/#entry3065577
and after running various tools, he identified a possible Zero access rootkit infection.
6. I have attached the dds and attach files from the DDS check conducted according to advice.
 
 
Thanks again for the help and looking forward to a response.
 
Brizzy
 

A:Recovering from GVU Malware- cmd.exe issue and zero access rootkit infection

Hello brizzy I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 22 answers
RELEVANCY SCORE 52.4

I managed to successfully remove av security suite with av security suite remover but cannot get rid of the browser re-director.Please help.DDS (Ver_10-03-17.01) - NTFSx86 Run by ezzate at 19:58:06.04 on Thu 07/08/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1074 [GMT -4:00]AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r205445\stacsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Avira\AntiVir Deskt... Read more

A:firefox browser hijacked with malware redirector after infection with av security suite

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

Greetings,
 
My laptop was infected with the Rogue Malware called Internet Security 2013. I had some success in removing it after using Malwarebytes, but there are corruptions that linger. For instance, my Microsoft Security Essentials was not recognizing the only user as the administrator. I fixed this by entirely removing MSE with Microsoft's fix it program; however, I'm now unable to reinstall MSE--even from a flash drive. It is an installation error (probably due to lingering corruption) and not a download error. Of second order is the problem with Internet Explorer. With the infection of the rogue software, IE9 began to refuse everything I tried to download (firefox[second browser], all antivirus/anti-malware software) as a virus and rejected it. I am able to use firefox (once again, ported from a flash drive) and download anything including software.
 
I have run several different programs
Malwarebytes
Security Check
AdwCleaner
RogueKiller
Microsoft Fix It
RKill
I'll post logs as you want them.
 
Thanks in advance.

A:Corruption Lingers Following Infection (Internet Security 2013 Rogue Malware)

Please follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and post the requested logs in the forum containing the Prep Guide.
 
If any other logs are requested, then also post as requested.
 
Thanks .
 
Louis

Read other 1 answers
RELEVANCY SCORE 52

Hi,

My girlfriends computer was infected this morning while she was working at home. Neither of us are really sure how it became infected since she was replying to e-mail via outlook at the time it started coming up on the screen.
We would really appreciate help on trying to remove it.

Her operating system is: Windows XP Pro (2002 Version) Running SP3

Thanks,

-Jason.

A:Rouge fake anti-malware application Live Security Platinum Infection

Hi Jason,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 4 answers
RELEVANCY SCORE 51.6

My dad's work computer had a FakeAlert trojan on it. So I followed a forum and downloaded a tool to get rid of the trojan. In order to use the tool, I was told to boot in safe mode. I used MSCONFIG to tick the /safeboot option. Big mistake. My dad works for a corporation that uses encryption software for his computer. So instead of the standard Windows Login, he gets a much more secure login screen when his computer boots up. For this reason, he does not use his Windows ID password at all. Nor does he remember it. After logging in with his encryption software, the comptuer boots into safe mode and the Windows Login Prompt appears. His user name shows up and asks for a password, but neither of us know it. Also, there is no "Administrator" user either. I tried putting "Administrator" as the ID and some admin, adminstrator, etc variants as the password but nothing has worked.

How do I get this computer out of safe mode? I tried tapping F8 and the Advance Boot menu appears. I selected Start Windows Normally, but since the /safeboot option is checked, it continues to start in safe mode. What do I do? My dad needs his laptop for work.
Please help!
 

A:can't boot computer (security issue, not malware.)

anyone? isn't there anyway to disable safemode through command prompt?
 

Read other 1 answers
RELEVANCY SCORE 51.6

Hi, 
I downloaded a file from Google Books absentmindedly Friday and things went into a tailspin. I remember the word "Spring" in the download, and then installs, popups, ads talking etc. Windows Defender had warned me and I brushed it off, starting the issue.  
I spent some hours trying to weed out the problems using Bleeping Comp as a reference and have Security Check, MWBytes, FSS, RKill, ADwcleaner, Minitoolbox, Zemana, hitmanPro64, and TDSskiller on a flash drive ready to deploy, but I cannot reach Bleeping computer on the infected machine nor numerous other websites receiving the No Internet Connection Message.
 
I did run numerous scans and also manually tried to reconfig my DNS settings to automatic several times. Still, even if the settings do not appear to revert back, I am clearly still infected when I attempt to browse the web (the ads and such have stopped).
 
Found these in host file 
127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com
 
I also completely reset Chrome and Edge to wipe any dns or proxy settings, but no joy.
 
I am messaging from a separate machine (MacBook Air) so I can do whatever is necessary, and I have a windows based machine in my house if needed. 
The machine is about 1 month old running:
Windows 10 Pro 64bit
Chrome
 
Any help greatly appreciated. 
 
Thanks! 
Michael 

Read other answers
RELEVANCY SCORE 51.2

I have had this Windows Internet Security pop up for a few days now. Scans from multiple programs (MBAM, SAS, Avast, Spybot, etc) all come back clean. I still get the pop up as well as random pop unders of my browser opening to websites. In addition, I am unable to update MBAM, SAS, Microsoft Security Essentials, Avast, etc, so in most cases, I am scanning with older defs. Also, I cannot access said products' websites; they show up as inaccessible. Here's a link to my original post: linkHere are my DDS.txt log as requested.QUOTEDDS (Ver_10-03-17.01) - NTFSx86 Run by Gwon at 9:15:21.46 on Sun 03/28/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1043 [GMT -7:00]AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WTouch\WTouchService.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\Program Files\WTouch\WTouchUser.exesvchost.exeC:\Program Files\Alwil Software\Avast5 ... Read more

A:Malware issue: Windows Internet Security popup

Well, I'm not sure what my logs mean, but after getting an updated version of MBAM-RULES.exe, MBAM told me I had trojan.DNSchanger on my system. After removing and rebooting and rescanning, 2 instances remained.I did some Googling and saw a post somewhere indicating that I should check the DNS entries on my router. So I did. And I saw 2 entries that I don't recall putting in. I clicked those off and to have the DNS automatically assigned, saved, then rebooted the computer.Lo and behold, I could update MBAM through itself. I could access www.malwarebytes.org, etc., when I couldn't before. And I have not had any pop ups since!I'm curious to see what the above logs show, but I think my problem is solved (crosses fingers!).Thanks for your help Bleeping Computer! You are always my first choice when I have a serious problem!

Read other 3 answers
RELEVANCY SCORE 50

Hello --
 
I have Windows 7 Home Premium, Service Pack 1, and believe I have the same type of issue that has been described in these links in your forum:
 
http://www.bleepingcomputer.com/forums/t/504908/infected-with-zeroaccess-rootkit-google-redirects/
http://www.bleepingcomputer.com/forums/t/504418/cant-download-anything-or-start-windows-security-center/
 
 
I don't believe that any new software has been installed on this pc, but I have recently begun receiving that "Windows Security Center Service can't be started" error, and I am not able to download any tools that might be able to help here...
 
I've read through the above 2 threads, and think I have an idea as to where to start here, but I know that every situation could be unique, and so I'm hoping that someone might be able to give me some guidance here...
 
I have Malwarebytes installed, and I did run it a couple of times...it found 50+ instances each time, and I removed them, but I still have the same issue...I have the 2 log files attached, and I'll be happy to provide any additional info that is needed...
 
Thank you in advance for the help, and I look forward to hearing from someone in the near future...
 
 
    Rob
    [email protected]

A:Malware Issue - Help Needed: Security Center Can't Start & Can't Download Tools

Hello rogerp77 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 4 answers
RELEVANCY SCORE 49.2

I'm about to pull my hair out here! I've been working this problem for 2 days now, and have Googled every which way to find out what's on this PC with WinXP Home + SP3.... there is some kind of trojan virus on it, that prevents anything from scanning the hard drives (ergo, I can install anti-malware software inclucing HiJackThis, Malwarebyte's anti-malware app, and even Microsoft's MRT.exe but as soon as ANY of them begin a scan of the system they are terminated and their exe file has it's permissions reset to Everyone ONLY (and apparently this thing has set the policy for the Everyone Group to NOBODY). Once this occurs, I can't run the program again as I no longer have permission to do so.... in Safe mode, I can reset the executable permissions back to Administrators Full Control and run the anti-malware exe again, only to have it terminated and it's permissions again reset... this thing's killing me!

I tried RKill to no effect either, whatever this thing is the most current RKill doesn't recognize it apparently.

I've read on these forms of others who've experienced similar problems, so I know I'm not alone... what nobody else on the internet seems to have figured out though is WHY their anti-malware app goes "Poof!" seconds after it starts scanning the system for malware. There is something, some virus in memory which I cannot locate, which is changing the security permissions of any program that ... Read more

A:Malware setting anti-malware app file permissions to nothing!

Well, I went and sat and thought about it for a few minutes... then came back to the PC, started up Safe mode with Command Prompt, and used the command window to manually launch System Restore and restored the computer back to a checkpoint it had made earlier today BEFORE the desktop went Poof!

To my immense relief, System Restore apparently tracks changes to file permissions as well and it reset the explorer.exe file permissions back and upon restarting the PC I had a desktop with all the trimmings again finally.

However, the virus or whatever it is still remains of course (there are no restore points beyond today, as the virus or 1 of it's many friends I already removed from this PC today had disabled System Restore and deleted all the restore points it might have had already).

I don't know where to go from this point with this PC... perhaps it's a dead horse and just needs to be reformatted, idk.

- Michael

Read other 15 answers
RELEVANCY SCORE 47.2

Had a bad infection and I feel like not all of it is removed from the computer, cannot see files in my documents folder and I cannot update or install malwarebytes. If anything requires a permission I am denied access. Here is a dds log...

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Dell at 8:58:36 on 2011-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsv... Read more

A:Infection suspected, cannot gain certain permissions

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 5 answers
RELEVANCY SCORE 46.4

 Previously i became convinced despite lack of evidence that a hidden infection was on my old PC, Began losing more and more mobility and permissions (msg: permissions denied see admin UAC settings) luckily was in time to learn how to regain UAC parent permissions (and object) for Windows explorer and take enough rights away from the constant barrage of new users coming up toi restart in safe mode with networking.
Eventually found it using ASWMBR but only in Safe mode with networking. but got the bluescreen so have to fix that later,  in the meantime....
     While I have not been able to find the same RTK again on the Thinkpad, the behavior is eerily when I log in as the Admin, it seems to allow more created Users each time that weren't there before, ill post a screen shot showing the users thing (this is a list that has gotten noticably longer under Admin account since the day i first started the computer 2 weeks ago. 
 
Some other wierd stuff.   I was also trying to save a rootkit program to my desktop and found my download location changed from "ask every time" to users/downloads? Once i changed it back it would NOT save on the desktop until i renamed the program something innane and harmless.  Since then I have been avoiding going onto the admin account, I think  can grab the lengthening users list from here

  Can someone please help me make sure i don't have another rootkit, MBR etc infections? Thanks so ... Read more

Read other answers
RELEVANCY SCORE 46.4

I couldn't figure out if this post fit better in this area or the area that seemed to deal more with firewalls and AV software, my luck, neither, so I will trust to the discretion of the moderators...

I synched some directories between two computers. Now I have a directory on this computer and all the files in that directory say I don't have permission to view them. When I open up their "properties:Security:Group or User Name" I have to add my identity to each one individually, and there are many...

Is there an automated way to bail me out of this mess? (Probably like I must have gotten myself into it?)

Thank-you VERY much!

A:Security permissions

Not really understanding what exactly that you want to fix. Is it folder permissions, or something with third party software that is the cause? Permissions you change in the Properties for that folder.

Read other 0 answers
RELEVANCY SCORE 46.4

I "thought" my security permissions were doing OK, but.... I just did a "disk image" to my second drive. It made a folder "WindowsImageBackup". I could not open the folder to see what was inside, so I added me in the security permissions; now I'm down one level and won't let me see the next folder. I don't really like messing with permissions, but what's the deal? Do I need to log in as "administrator" to see it all? I do have administrator permissions set on my user log-in...

A:Security Permissions

  
Quote: Originally Posted by tcat7


I "thought" my security permissions were doing OK, but.... I just did a "disk image" to my second drive. It made a folder "WindowsImageBackup". I could not open the folder to see what was inside, so I added me in the security permissions; now I'm down one level and won't let me see the next folder. I don't really like messing with permissions, but what's the deal? Do I need to log in as "administrator" to see it all? I do have administrator permissions set on my user log-in...


You really dont want to go changing permissions on the fly. First why do you need to "see what is inside"? the only true test of a backup is to restore it to see if it works.

Second the Backup may be owned by a group called trusted installers. they have permissions to install and change applications.

If you really must change permission to look you are going to need to include the switch to change the sub folders/directories as well.

Be careful changing permissions can make the backup un -useable.

Ken

Read other 3 answers
RELEVANCY SCORE 46.4

I wish to be able to make files inside a particular folder, and that once a file is created it can't be deleted.

So I right clicked to that folder, Properties, Security tab, Advanced, Change Permissions, Add (my user name - "boris"), and then I edited permissions, where I denied DELETE and DELETE SUBFOLDERS AND FILES.

But it didn't come as I wanted since I can only create new fiels inside that folder, but I can't named them. So if I make new text document I can't name it as I wanted also I can't renamed it after it was created. However deleting is denied as I wanted.

I need this because I have some excel macro that creates pdf document inside that folder and I don't want that documents to be deleted or changed by mistake.

Please advice..

A:security permissions

  
Quote: Originally Posted by mihael


I need this because I have some excel macro that creates pdf document inside that folder and I don't want that documents to be deleted or changed by mistake.


It is called Readonly...

Read other 2 answers
RELEVANCY SCORE 46

Hi All,This is a followup to my post here.My system: A windows 7 (64 bit) dell studio 17. No cd /dvd drive. I typically use chrome/firefox for browsing. My laptop has recently had issues connecting to websites- I would have to hit refresh several times for the page to load. Then, while browsing, everything minimized to reveal the desktop. Quite a few alert boxes popped up, stating that my hard drive had been corrupted and to run a particular utility (After surfing this forum, I believe 'System Fix' sounds familiar, although I initially forgot the name). Almost all desktop/library/start menu items had disappeared.Following directions in the McAfee forum, I thought I removed this- the utilities returned the desktop / library files to where they were, as well as un-hiding them. To accomplish this, I basically restarted in safe mode, ran Rkill, McAfee (aol version), malwarebytes, and spybot in combinations until they all reported clean. After hooking everything back up, I noticed the browser loading issue was still there (and was not present on an uninfected computer), so I repeated the process, as well as running McAfee Stinger. Stinger reports an infection in the master boot record / a boot sector- despite reporting it and being set to clean, it continues to keep finding it so I'm guessing it isn't being cleaned.While cleaning, some of the viruses reported were (according to McAfee): Mariofev!mem , Artemis, and generic trojans. Now when I run McAfee/Malwareb... Read more

A:Trojan/MBR infection; Hard Drive Permissions blocked

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 20 answers
RELEVANCY SCORE 46

Okay, I am having some odd problems with my laptop. Today, I realized that I think my two problems might be directly connected. I am using an Acer Aspire 7551 and running Windows 7 Home Premium.

Recently, I noticed that here and there my laptop would tell me that I had to have administrator permissions to run a program or change a setting. That in itself is odd because not only am I the admin on this laptop, but there isn't even another user account, period. This has increased in frequency to the point that I have to right click and run everything as admin.

Today, I unplugged my router and modem to clean up a little bit and when I plugged it back in I couldn't connect to my wireless network. When I tried to troubleshoot the problem, Windows told me that the Diagnostics Policy Service won't start so Windows couldn't fix the issue. I checked out my Windows services and realized that Diagnostic Policy Services, Diagnostic Service Host and Diagnostic System Host were all set to be started manually. I switched them all to automatic and restarted my system. The problem still persists. I then tried restore my computer back a few days to see if that fixed the issue, it did not. I plugged in directly to my cable modem and everything works fine. I googled the issue and saw some people mentioning that both of my problems could be caused by an issue with my Security Permissions. I have no idea if this could be the issue, and if so, how I could fix it.

I have to be able to acce... Read more

A:Security permissions problem?

Starting with Vista, Microsoft introduced User Access Control, a security feature that requires you to Run As Admin any software installation,or change of computer setting even if you are an admin and the only user on the computer . You can Re-adjust the UAC to a less intrusive setting if you like (not recommended). Go to Search and type UAC. This would not affect your Wireless settings though.
The Diagnostic Policy Service should be set to Automatic startup type, and the service started, but Diagnostic Service Host and Diagnostic System host should be set to Manual, with the former service started.
While in Services make sure WLAN AutoConfig is set to Manual but started.
Make sure your Wireless switch is on.
If you continue to have problems, you may be infected, please click on the link in my signature for Virus/Malware Help

Read other 2 answers
RELEVANCY SCORE 46

Hi

In the course of investigating why a programme was not functioning correctly I was requested to check the Security settings for permissions using Safe Mode in Windows XP Home Edition.

Whilst checking these settings I noticed that each Drive Partition of my two HDDs had different settings.

C Drive shows:
Administrators(ERIC\Administrators)
CREATOR OWNER
Everyone
Owner(Eric\Owner)
SYSTEM
Users(ERIC\Users)
All with full permissions

D Drive shows:
Everyone - with full permissions

E, H, I and K Drives show:
Administrators(ERIC\Administrators) - Full Permissions
CREATOR OWNER - Special Permission only
Everyone - Special Permission only
SYSTEM - Full Permissions
Users(ERIC\Users) - Restricted Use (three items checked)

Can anyone explain these settings, confirm whether they are normal and if not what is normal?

I checked my Laptop (One HDD and Partition) and found that it only showed "Everyone" and with Full Permissions.

A link to an explanation of security settings in Windows XP Home would be helpful.

A:Security Permissions for XP Home

http://www.windowsnetworking.com/J_Helmig/wxpnetsh.htm
http://www.winsupersite.com/showcase...p_home_pro.asp

Read other 6 answers
RELEVANCY SCORE 46

Windows 7 64-Bit , 64-Bit Computer SyStems(Graphic Card Or Everything 64-Bit) BEFORE 32-Bit format available............vs How to recover HDD Security Permissions? Wont boot Computer 
NT Authority\cryptsvc
NT Authority\browser
NT Authority\homeusers
NT Authority\homegroup
NT Authority\Network
NT Authority\Network Service.......... HDD&Regedit possible try

Read other answers
RELEVANCY SCORE 46

Is it normal to have "Everyone" in security permissions under \Users?
Given that Users(PCname\Users) is already in the list.

A:Security Permissions for Users

  
Quote: Originally Posted by mjf


Is it normal to have "Everyone" in security permissions under \Users?
Given that Users(PCname\Users) is already in the list.


just checked my system (32bit) and no it is not. Did you upgrade from a previous OS?

Read other 1 answers
RELEVANCY SCORE 46

Hello Guys,

Here is the and setup.

3 Computers. 2 Windows XP and 1 Windows 7 computers

XP1 is acting as a type of file server. Hosting a folder with data in it. The other XP2 computer and Win7 PC have a application on it that use the data on XP1.

I have made a network drive on XP2 and Win7 to the folder that stores the data. I want the application to have full read and write access but I don't want the users to be able to go into the network folder and mess around with anything. Can I block user access through My computer or windows explorer? How do I protect that data without interrupting what the application needs to do?

Thanks.

Mark
 

Read other answers
RELEVANCY SCORE 46

Windows 7 ultimate 64 bit /dvd /english
Dynamic Disk, GPT Partition table, DAMAGED....................................  Basic disk for MBR/master boot record partition, extend logical partition  no support or corrupt                    
                                                       
basic disk 0\primary partition 465GB online /MBR/master boot record/Quota settings C:

BUILTIN\Administrators -------15.93GB Amount used
NT SERVICE\TrustedInstaller ------ 4.68GB Amount Used
NT AUTHORITY\SYSTEM ------- 3.28GB  Amount Used
musty-PC\musty ------ 221,35MB Amount Used                                                                                                                      &nbs... Read more

Read other answers
RELEVANCY SCORE 46

I was screwing around with the permissions in Win 7 Premium, C:\Windows\winsxs and I now have them in a mess! System Restore wont work. Trying to rest the permissions with icals.

From an elevated command prompt I did this:
C:\Windows\winsxs>icacls * /T /Q /C /RESET

After running awhile I got this message:
successfully processed 73649 files; Failed processing 0 files

But nothing was changed?

Would someone please explain what it is I'm doing wrong?

Thanks

A:NTFS Security Permissions

  
Quote: Originally Posted by glatzfront


Would someone please explain what it is I'm doing wrong?


You changed permissions of a highly sensitive portion of the system, WinSxS is Windows. That is what you did wrong. There is no "RESET" once you make a change, the "RESET" command of icacls does not do a reset like you are thinking it does. Lets this be a lesson, DO NOT DO IT AGAIN. Reinstall Windows.

Leave NTFS permissions alone from now on, do not even look at it.






Quote:
Thanks


Welcome.

Read other 1 answers
RELEVANCY SCORE 46

I am running win XP pro with ntfs file system. I created an additional admin acount for security purposes. But I loaded a program that I only wanted the admin group to have access to. So I went to the folder that contains the program and denied explicit access to the users groups. When I tried to launch the program with the admin it would not let me in. So far I have had several problems with the ntfs system that they have instituted. Some of the functions that were in 2000 PRO were just fine and now I am having a hard time learning the new configuration. But I will start with this. Thank you for the help.
 

A:Win XP security permissions problem

Go and download X-teq Systems X-setup and clear the simple shares, like I have in the screenshot.
 

Read other 2 answers
RELEVANCY SCORE 46

Hi Guys,

I've just bought a netbook with XP Home installed. I'm a student teacher, and I'd like to make it pupil-proof, so I've partitioned the hard drive, and I've got an admin account and a limited account that I'll be using in class. What I also wanted to do was restrict access to the paritition with all the windows files to just the admin account.

I used a tweak found here to do it.

Anyway, turns out that I can't restrict it without making it impossible to log in to the limited account. I think that it's because it can't access the account settings. I added back the permissions for the limited account and it seems to be working fine, but it appears that I'll need to do that every time I create a new account, cause I think I deleted some other permissions.

Question 1: Is it possible to restore all permissions to their defaults, including the deleted profiles, without doing a system restore? If not, does anyone know what the defaults are so I can add them back manually?

Question 2: Does anyone know how I can restrict access to the windows partition properly?

Thanks in advance to anyway who can help me!
 

A:XP Home Security Permissions

Read other 8 answers