Over 1 million tech questions and answers.

Possible multiple virus/malware issues (wsock32.sys & xwr15685.dll known issues)

Q: Possible multiple virus/malware issues (wsock32.sys & xwr15685.dll known issues)

Upon restart the blue screen says wsock32 deleted or changed (can't remember which) and after login to windows IE asks if i want to restore previous session and if yes is clicked it opens some 24-28 windows. I've also got 8 different svchost.exe processes running in task manager which is a new thing. Avast has found and isolated (but not deleted) wsock32.sys & xwr15685.dll in its virus chest.EDIT... Unsure if it helps at all but i also have unsecapp.exe running in the task manager processes which is similar to processes run by 2 known viruses. I'm also unable to start the windows firewallDDS (Ver_10-03-17.01) - NTFSx86 Run by gregeahh at 23:31:31.29 on Wed 08/18/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.83 [GMT -6:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exeC:\WINDOWS\Explorer.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\gregeahh\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comuStart Page = hxxp://www.yahoo.comuWindow Title = Windows Internet Explorer provided by Yahoo!uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlmDefault_Page_URL = hxxp://www.yahoo.commDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.commSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commStart Page = hxxp://www.yahoo.commSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.commWinlogon: Shell=Explorer.exe c:\windows\system32\scvhost.exeuWindows: load=c:\windows\system32\scvhost.exeuWindows: run=c:\windows\system32\scvhost.exeBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocxBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dllBHO: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No FileBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [Desktop Secretary] "c:\program files\spotmau wincare 2008\sub\desktop_secretary\Desktop_Secretary.exe" /backgroundmRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exemRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /noguimRunServices: [Generic Host Process] c:\windows\system32\scvhost.exedRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tmExplorerRun: [Generic Host Process] c:\windows\system32\scvhost.exeuPolicies-explorer: NoViewOnDrive = 0 (0x0)uPolicies-explorer: DisallowRun = 1 (0x1)IE: &Search - ?p=ZLfox000IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: Yahoo! Poker - hxxp://download2.games.yahoo.com/games/clients/y/pt3_x.cabDPF: Yahoo! Pool 2 - hxxp://download2.games.yahoo.com/games/clients/y/poti_x.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cabDPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cabDPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cabDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fubar.com/imgs/ImageUploader5.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cabDPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cabDPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cabDPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cabDPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} - hxxp://www.4story.com/Active_X/ZemiDetectHardware.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cabDPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dllNotify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12IFEO: ctfmon.exe - c:\windows\system32\ctfmon_ly.exeHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\gregeahh\applic~1\mozilla\firefox\profiles\tj7eefvz.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=FF - component: c:\documents and settings\gregeahh\application data\mozilla\firefox\profiles\tj7eefvz.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dllFF - component: c:\documents and settings\gregeahh\application data\mozilla\firefox\profiles\tj7eefvz.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dllFF - component: c:\documents and settings\gregeahh\application data\mozilla\firefox\profiles\tj7eefvz.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dllFF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dllFF - component: c:\program files\mozilla firefox\components\coFFPlgn.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\gregeahh\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dllFF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");============= SERVICES / DRIVERS ===============R? BW2NDIS5;BW2NDIS5R? ccEvtMgr;Symantec Event ManagerR? ccSetMgr;Symantec Settings ManagerR? COH_Mon;COH_MonR? gupdate;Google Update Service (gupdate)R? motccgp;Motorola USB Composite Device DriverR? motccgpfl;MotCcgpFlServiceR? motport;Motorola USB Diagnostic PortR? NAVENG;NAVENGR? NAVEX15;NAVEX15R? Symantec Core LC;Symantec Core LCS? aswFsBlk;aswFsBlkS? aswSP;aswSPS? avast! Antivirus;avast! AntivirusS? avast! Mail Scanner;avast! Mail ScannerS? avast! Web Scanner;avast! Web ScannerS? crdpkt;Cirond NDIS Usermode I/O ProtocolS? FolderProtectDriver;FolderProtectDriverS? FolderProtectService;FolderProtectServiceS? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware ServiceS? Lbd;LbdS? LiveUpdate Notice;LiveUpdate Notice=============== Created Last 30 ================2010-08-19 04:47:14 221184 ------w- c:\windows\system32\trz10.tmp2010-08-19 04:46:35 68 ---ha-w- C:\aaw7boot.cmd2010-08-19 04:27:44 38848 ----a-w- c:\windows\avastSS.scr2010-08-19 04:27:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software2010-08-19 04:26:40 0 d-----w- c:\program files\Trend Micro2010-08-09 22:02:18 53552 ----a-w- c:\windows\system32\ckl009.dat2010-08-09 15:41:15 0 d-----w- c:\docume~1\gregeahh\applic~1\EleFun Games2010-08-09 15:36:47 0 d-----w- c:\windows\Party Down2010-08-08 18:43:26 0 d-----w- c:\docume~1\gregeahh\applic~1\YoudaGames2010-08-08 18:40:47 0 d-----w- c:\program files\Governor of Poker 2 Premium Edition2010-08-08 18:29:33 0 d-----w- c:\docume~1\gregeahh\applic~1\BitZipper2010-08-08 18:29:16 0 d-----w- c:\program files\BitZipper2010-08-08 18:15:42 0 d-----w- c:\program files\uTorrent2010-08-08 18:15:24 0 d-----w- c:\docume~1\gregeahh\applic~1\uTorrent==================== Find3M ====================2010-08-04 23:15:57 46 ----a-w- c:\documents and settings\gregeahh\jagex_runescape_preferences.dat2010-08-04 23:11:00 99 ----a-w- c:\documents and settings\gregeahh\jagex_runescape_preferences2.dat2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll2009-07-09 19:59:10 8483444 --sh--r- c:\windows\system32\scvhost.exe2009-07-15 23:54:27 16384 -csha-w- c:\windows\system32\config\systemprofile\cookies\index.dat2009-07-15 23:54:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat2008-09-07 02:33:10 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat2009-07-15 23:54:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat============= FINISH: 23:33:58.00 ===============

RELEVANCY SCORE 200
Preferred Solution: Possible multiple virus/malware issues (wsock32.sys & xwr15685.dll known issues)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Possible multiple virus/malware issues (wsock32.sys & xwr15685.dll known issues)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

Read other 10 answers
RELEVANCY SCORE 86.4

My son's laptop was operating without an active anti-virus. He now has big problems - Computer will not boot properly in normal mode - only in Safe Mode after several attempts - Tried to run several anti-virus programs before I found this forum - can't run SUPERAntiSpyware, or MBAM but was able to do a scan with AVG when I could occasionally boot up. Was able (yesterday) to sometimes boot normal and had Zone Alarm working, but now since I can't even boot, I don't know the status. Also, every attempt to go to anti-virus sites or Windows update or Window Defenders update or get redirected to an AIM Search "can't find" page. Folder Options is not shown. Firewall and Automatic Updates are turned off upon booting. Can't run GMER.exe. I was able to run DDS file below and attach.txt is attached. I need help. Thanks for any advice.

DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Administrator at 13:48:46.65 on Wed 12/31/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.354 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WIND... Read more

A:Multiple Issues with Virus/Malware

Hello, frankgate
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

If ComboFix won't run, pleaes rename it to globremover.exe before giving it a shot.

Also try renaming GMER to globfinder.exe.

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool wh... Read more

Read other 19 answers
RELEVANCY SCORE 85.6

Hi, I downloaded something last night which I thought was safe, but now I don't remember exactly what it was. Anyways, it started trying to change my registry settings, and Scotty (on WinPatrol) kept asking me to change entries. I kept saying no, but it was in an infinite loop of asking na dbeing persistent. I even tried rebooting to get it to stop, but no such luck. It just continued afterwards.

My dad told me to download stinger last night, to which it found a few things which I deleted. Then I found the MBAM program, ran that, and got rid of a lot of stuff. I remember seeing the word Vondo last night, but I don't know what else is on here.

Today I did a virus scan with CA Internet Security Suite. It didn't find anything, but around 5ish it got rid of egao.exe (Pripecs/generic).

I ran the VundoFix.exe tonight, and it found nothing else on the machine.

Other things that are occurring:
- I keep getting asked by Scotty (every 20-30 minutes) if I want to change my registry (.REG) settings -- from "regedit.exe %1" to "regedit.exe %1 %*" (have always said no)

- I keep getting asked by Scotty (immediately afterwards) if I want to change my .SCR settings from "Company Name." and the next line saying "%1 /S" to "%1 %*" (have always said no)

- I keep getting told (not as frequently as the other two)
"A change has been detected in background page displayed on your Desktop

Your new page is

If this is ok, the... Read more

A:having multiple issues (virus/malware/popups)

Read other 6 answers
RELEVANCY SCORE 85.6

Hey guys,

My laptop got infected by the Antivirus 2009 bug and other trojans this past Saturday. At this point I dont know if I am totally clean but the computer is running alot smoother with no pop ups anymore. I did alot of scans using different tools, they are as follows...

1. TM PC-cillin 2009 - 2 Full Scans
2. Spy Sweeper 6.0 - Full Scan
3. Malwarebytes Antimalware - 2 Full Scans
4. Counter Spy v3 - Full Scan
5. Avira AntiVir Free Ed - Full Scan
6. SUPERAntispyware 4.25.1012 - Full Scan

My security setup has been modified because of the recent events, I am now running these tools:

AV - Avira AntiVir (free)
AS - SUPERAntispyware (free)
AM - Malwarebytes (latest ver)
Firewall - Comodo Pro (latest ver)

I ditched my paid copy of TM (have 8 months left) since it didnt find the issues that the other FREE software tools did! I removed most of the viruses - malware - spyware while doing all of the different scans. Please let me know what else I need to do, thanks so much for your time!


DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 0:00:33.72 on Sat 01/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.648 [GMT -6:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svc... Read more

A:Multiple virus/malware/spyware issues...HELP!

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs :

Symantec Network Driver Update
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
WildTangent Web Driver(Optional)<---Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer sy... Read more

Read other 19 answers
RELEVANCY SCORE 85.6

Hi,
I have an XP Media Center w/SP2, lots of available memory and space. Been having slow DSL, ISP keeps saying nothing is wrong. Then all hell broke loose. Outlook can't save passwords or connect, spelling checker error in Word-program needs to close, really slow booting time, and I have not been able to get on some web sites. Microsoft updates seems to never have any updates for me either when I go there.

I run AVG always, search&destroy almost if not daily, and Adaware often but they all show nothing. Yesterday I thought I finally fixed it, but turned the PC back on today and it went back to odd behavior.
Today I was NOT able to update Search&Destroy because an error about missing shell folder userappdata.

Also, PC-Doctor diagnostics from HP disappeared somehow, and now says "not licensed to use on this machine" which HP tech support said was a first because recovery did not bring it back either. In all of this mess I did update my processor drives and BIOS-maybe that did harm instead of help?

I have followed all the instructions before posting, and have spent many hours researching and trying to fix this on my own. It's time that I ask for help from someone with knowledge now.

My Panda Scan and Deckard's Scans are attached,
Panda also inserted below:

Incident Status Location ... Read more

Read other answers
RELEVANCY SCORE 84.4

Hi,

I have a PC running windows xp professional. I have an application that is now starting up by default - Advanced AntiVirus and is running a fake scan on my system. I know how to remove the application, using a program like MalwareBytes Anti-Malware, however I was unable to install mbam. I have no internet connection, taskmanager was blocked, but I was able to resolve that. I finally got AVG version 8 installed and updated once, ran a scan and removed many threats.

I have the following services running using CMD /C SC QUERY >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT:
SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: avg8wd
DISPLAY_NAME: AVG Free8 WatchDog
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
... Read more

A:Multiple Virus/Malware issues Windows XP Professional sp3

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

Read other 3 answers
RELEVANCY SCORE 82.8

My computer is running Windows XP. I previously had Symantec Antivirus and on Tuesday (July 20) when I went to use my computer I received the BLUE screen twice. I was just checking email and surfing the web. Later that night I was surfing the web again and all of the sudden my screen became bombarded with Symantec email proxy pop ups. They took over machine whenever I was connected to the Internet. I removed Symantec Antivirus and the pops up stopped. I installed the free version of AVG Anitvirus which completed a scan of my computer and found 6 infections. They are:

C:\WINDOWS\system32\mcvup.exe
C:\WINDOWS\p3dens.dll
C:\Documents and Settings\me\Local Settings\Temp\qodigx.exe
C:\Documents and Settings\me\Local Settings\Temp\bxwn.exe
C:\Documents and Settings\me\Local Settings\Temp\5F.tmp
C:\Documents and Settings\me\Local Settings\Temp\5D.tmp

They have all been moved the the "virus vault".

The next day AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006724.dll and moved it to the virus vault.

The day after that AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006725.exe and moved it to the virus vault.

Now when I do a google search and select a link I get redirected to somewhere else. I primarily use Chrome but I have Internet Explorer installed as well and have run into the same problem regardless of browser or search engine (I tried yahoo too and I get redirected.)

I d... Read more

Read other answers
RELEVANCY SCORE 79.2

Everytime I do a search, I click on the links and am redirected to different nonsense websites. Most of these websites are about making money from home, entering a contest or telling me I am a winner of something. I also cannot download any new games from a gaming website. My computer is running very slow and it seems to be getting worse by the day. I have ran several programs to fix this and nothing is found. Can these logs tell anyone anything? Everytime I run the GMER program I get the blue screen so I do not have those logs, sorry.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 17:54:49.51 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.307 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Sys... Read more

A:Search Engine redirect issues issues! Virus? Malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 73.6

Hi guys and thank you in advance! The issues started when I noticed google links were being redirected, then I had an issue with web browser and other programs crashing (fixed by using Rkill) then rk-proxy showed up on desktop and internet connection failed. (used Malwarebytes anit-malware and another fix) Finally yest. I had to use my Windows CD to get the computer to boot and insert a script line because of an issue with a service pack update.

As it stands now rk-proxy is still on my desktop, my google links still get redirected, and every so often i get this fony virus scan screen pop up, so I know there's more than one issue and I want to rid my machine of all of it the right way, PLEASE HELP!!

Dell m6400
Windows 7 Ultimate 64 bit

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:56:23 AM, on 1/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Users\Vincent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Users\Vincent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (... Read more

A:Multiple malware issues

Read other 16 answers
RELEVANCY SCORE 73.6

Dell inspiron laptop - I have trend micro installed. when i boot up, i get into windows XP fine, and the Trend tells me i have kernelwind32.exe infected with Possible nucrp-6.

I can't run any EXE file. everytime i do, i get the window that pops up and says OPEN WITH, giving me a choice of programs, but nothing will run.

I also have a security alert that comes up - "windows has detected and internet attack... Somebodys trying to infect your PC with spyware... "

I can't go to any website to download anything becuase not even IE will run.

I wan't to be able to boot off a CD or USB disk and run something. Any thoughts?
 

Read other answers
RELEVANCY SCORE 73.6

I have been having a number of weird symptoms since my kids picked up a few viruses four months ago. I get random redirects to spam when I click on an internal link from a valid site like the LA Times. Frequent crashes of Firefox. Sudden slow downs. possible issue with graphics card. Sometimes section of screen go black. Problems downloading Windows updates and updates to Microsoft Security essentials. I have run Malwarebytes and Microsoft Security essentials. In the beginning it came up with some malware and viruses. Now all clear but still very hinky behavior. Not sure if malware or cumulative errors from too many years from the initial install.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 8183 Mb
Graphics Card: ATI Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 934310 MB, Free - 686789 MB; D: Total - 117232 MB, Free - 86654 MB; L: Total - 304573 MB, Free - 291858 MB;
Motherboard: Gateway, FX6840
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

A:Multiple issues, possible malware.

Read other 14 answers
RELEVANCY SCORE 72.8

This started off with WinPC Defender going crazy all over the screen, now that it seems to be stopped, the machine is generally slow, and unresponsive to starting some other malware removing and detecting programs.

Can anyone shed any light on this?
DDS (Ver_09-05-14.01) - NTFSx86
Run by Lee at 14:27:28.98 on Fri 05/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.154 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.E... Read more

A:malware woes... multiple issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72.8

When I load my computer it said

windows/system32/cf12480.exe cannot be executed

i know i have the antivirus pro 10 or whatever on my system, but when i try to run anything it closes it down. including malwarebytes.

when i try to do a hijack log it pops up saying 'windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item.'

when i tried to run combofix, it would cycle through the system, and then it says windows will now reboot or something, and then it says access denied.

When I get online, and i search a website on google or something, and click on the result for the search it hijacks me to another page of advertisements.

I know your not supposed to run combofix without someone helping but I figured it wouldnt work, thats why i did it.

Ive also tried the root reveal and it closed down after a few seconds.

Any help please.

A:Possible System 32 Issues and multiple Malware

Hi Torin, I see you are aware of the risks of running Combofix, but for everyone who reads this.....Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Read other 3 answers
RELEVANCY SCORE 72.8

Hi,

I've got a lot of problems with my PC. In no particular order.

1. Google re-directs.

2. Persistent 'Windows - No Disk' error: "Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c"

3. Was getting persistent just-in-time debugging pop-ups. Since disabled debugging prompts.

4. PC in general is extremely slow.

5. Can't upgrade to SP3.

Thanks for any and all help.

Adam

=======


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 9:41:26.18 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: userinit=userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D... Read more

A:multiple malware/trojan issues

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

----... Read more

Read other 19 answers
RELEVANCY SCORE 72.8

Hey guys, Last night my computer became infected with XP Antivirus Pro. After following removal instructions on this site, and various others, I think that I successfully removed the virus. But, I still have a ton of spyware and malware on my computer. Every time I run Adaware and my Norton virus scan, the same problems show up (even though they were suposedly fixed on the previous scan).There are 5 registry keys that show up as infected:Last time I ran Adaware, I quarentined these reg. keys, but clearly it didn't solve the issue. Is it safe to remove those reg. keys using Adaware?Also, when I Google something and click on a link, it redirects me to another website (clearly spyware). Adaware hasn't fixed this problem. I just checked my website history and there are about 100 websites listed that I have never been too (and these are just the a's):Basically, I need to know what I can do with the infected registry keys, and if anything can be done to get the spyware out so I can click on links in Google. Thanks!

A:multiple spyware/malware issues

Not trying to bump my topic here, but I lied, XP Antivirus Pro is back from the depths of hell to destroy my computer...it doesn't seem as though I can do any more to get rid of it..

Read other 4 answers
RELEVANCY SCORE 72.8

Hi, I'm trying to get rid of a bunch of malware on a laptop. It's my sisters' computer so I can't give a whole lot of detail, but what I do know is that there are tons of popups when using Chrome. There is specifically something called "companion". Most popups say "Brought to you by companion" at the bottom, or "Ads by companion". I've tried running Windows Defender to no avail (and it periodically pops up a message saying that it's working on removing something, but never seems to succeed). I think my sister tried a system restore at some point as well. The biggest issue is the companion ads, however before that became a problem there were some other issues that I can't specifically name. They were caused when opening some file from piratebay. We tried removing them and she eventually got tired of trying and thought it was "good enough". I'm pretty sure there are still some remnants of whatever that was. Thanks for the help!
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Jordan (administrator) on KHALEESI (01-08-2015 12:29:43)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes ... Read more

A:Multiple Malware Issues - Companion, others

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!Your computer is significantly infected. Be patient with the cleanup. It might take a while.I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.Please try to reply within 24 hours. If you find yourself delayed simply post a quick reply here and let me know!! After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I... Read more

Read other 12 answers
RELEVANCY SCORE 72

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 2
RAM: 3546 Mb
Graphics Card: AMD Radeon HD 7520G, 512 Mb
Hard Drives: C: Total - 688650 MB, Free - 620881 MB; D: Total - 25963 MB, Free - 3092 MB;
Motherboard: Hewlett-Packard, 1849
Antivirus: Webroot SecureAnywhere, Disabled

I'm trying to remove a virus from a friend's computer and am having some difficulty uninstalling some of the satellite programs that were installed as a result of the infection.

Most of the satellite programs have been removed by simply removing scheduled tasks and startup entries and then uninstalling the program using CCleaner. So far I haven't done any work manually in the registry. I just wanted to get rid of all the satellite programs first that were eating up all the system resources and preventing me from getting to the source.

The computer has AVG on it which says it is blocking malware every time I try to uninstall these last few programs. I'm not sure if it's just flagging the uninstall .msi because it's part of the virus or because it's actually trying to do something bad when I go to uninstall. I did disable AVG for 15 minutes and try to uninstall the programs, but either got no response when clicking Uninstall, or had errors such as "Could not find uninstall destination file."

The reason I&#... Read more

A:Trying to remove multiple malware/adware issues

Read other 16 answers
RELEVANCY SCORE 72

I have been dogged by Malware or an intrusion (hacking), that I can't get rid of. IT Professionals can't seem to eradicate it byf wiping the hard drive and reloading the OS.

I have lost 2 laptop computers since the issue became known back in December, around Christmas.

I have Stopped sharing a home wireless network , instead switching to my own ISP via Ethernet.

I have purchased 5 new computers after spending over $2800 on four plus IT (reputable) companies. All are infected within 1/2 hour of trying to install and activate my security software, from multiple neutral Ethernet locations. I have not loaded anything on the new computers from the old computers, I.E. picture files, music, -nothing.

I believe it started when downloading Microsoft updates, in March of 2009. I received a notice in event viewer of an unknown driver being successfully installed (6.0.6001.18000).

I know I have been the victim of identity theft (my security software gave me repeated warnings) and there is at least one if not three prepaid cellular phone accounts set up in my name. I can name the company if you need to know.

I'm working with a national non-profit to help me with the identity theft issue, at the direction of the FTC.

When I try to use HJT from my Desktop there is Registry entries that are blocked- any suggestions.

My big question- how do I remove any CD emulation programs that would interfere with the gmer scans?

I want to comply with the rules of running the desi... Read more

Read other answers
RELEVANCY SCORE 72

I (not an expert by any means) am helping my mother repair her computer and at the end of my knowlege, and was thus hoping to enlist the help of a kind soul from this forum before we just give up and reformat.

In general, the problems are related to unpredictable performance, such as unexpected freezes and shutdowns, occasionally getting stuck on "working" cursor after clicking on start menu or taskbar, freezing on blank screen when loggin off/shutting down, restarting after loading system files for safe mode (before Windows loads), getting stuck on a black sleep mode-like screen when opening lid of idling computer (sleep mode is supposed to be off), and others I'm sure I'm forgetting.

More specifically:
-Webroot scans in normal mode freeze the computer after a few minutes 100% of the time, often resulting in a physical memory dump
-Webroot scans in safe mode complete but show no results
-Upon attempting to uninstall a specific program (I can't remember for sure, but I think it was an iwin games program), the uninstaller started deleting random files unrelated to the program itself (causing Photoshop, webcam software, printer software, and others to not function properly), until I noticed and stopped the uninstall. Curiously the original program disappeared from the programs list at some point afterwards, but not immediately
-Several programs in the programs list get uninstall errors (possibly due to the missing files from the above). These include Trend ... Read more

A:Multiple issues, possibly malware related

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

well on my girlfriends computer i noticed today she has multiple issues going on. im not even sure where to start i know im in safemode right now beacuse you cannot do anything on her comp, infact if you even try to run a system restore it will say that the file is infected, it says theres a infection anytime you try to you a app. she is running WINDOWS VISTA. not sure where to start, havent had to do anything anti virus wise in some time so anyones help would be great seems like its going to be some work.

A:multiple system issues malware,spyware & trojans

also here is a malwarebytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16945

1/18/2010 7:38:51 AM
mbam-log-2010-01-18 (07-38-45).txt

Scan type: Quick Scan
Objects scanned: 95620
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xtqsdxqm (Trojan.FakeAlert.N) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jessica\AppData\Local\qdvjnx\bhlrsysguard.exe (Trojan.FakeAlert.N) -> No action taken.

Read other 2 answers
RELEVANCY SCORE 71.2

Hello All

Windows 7 32-bit, SP1
Toshiba Satellite Pro Laptop

I need some help resolving post-malware removal issues with my computer.

Malware slipped by my paid for Anti-virus software. I began to suspect issues I was having were caused by something nasty. After some research, I downloaded Anti-Malwarebytes and removed several infections.

I am having numerous problems with Windows.

1. I am now having problems with Windows Update. Despite running many fixit tools, windows update is still not running properly. Currently, shortly after startup, a message appears in the bottom right corner which tells me updates are available for my computer. Click here to .... I open Windows update and search for updates. I get error message 80080005. Searching this error produces few results. My computer also says most recent check for updates: Never. Updates were installed: Never.

Periodically when I go to shutdown the computer there will be updates to install. Several of these were for Microsoft Office 2010 though it has been uninstalled and I have used the Windows tool to remove it as well as Revo. Fewer Office updates now appear but some persist. The last five times, the same five updates have been intalled "successfully" over and over. (including 1 Office 2010 update)

2. I cannot run sfc /scannow. (Not from windows repair, not from safe mode, not from an elevated command prompt...)

3. I have tried to repair Windows 7 from DVD. This fails.
... Read more

A:post-malware removal multiple windows issues

Let's make sure the malware is completely removed.

Please read all of the following instructions found here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After reading all of the instructions found above post the required logs in a new thread: Virus/Trojan/Spyware Help

Please note that the virus team is very busy and will get to you in due time. If you do not get a reply within 72 hours then you may bump the post.

Do not post any logs here!

Read other 19 answers
RELEVANCY SCORE 71.2

My computer experienced a malware influx a year ago; my dad used AVG/Spyware Doctor/Registry Mechanic to resolve most of the problem but my computer's been running slowly, and my updated AVG keeps alerting me to malware that won't budge.

Here's what the AVG log says it's found:

Trojan PSW.Delf.2.AQ, location C:\WINDOWS\system32\colbac.dll
Trojan BackDoor.Agent.RCP, location C:\WINDOWS\system32\vdfwdluf.dll and also yhhiohsa.dll
Virus Lop, location C:\WINDOWS\system32\iqaejsbx.dll, C:\WINDOWS\system32\oqfdabex.dll, and C:\System Volume Information\_restore{-202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP161\A0169278.dll
Trojan Downloader.Generic6.VCC, location C:\Documents and Settings\Me\Local Settings\Temp\1143607229.dat.exe

This is the DDS scan log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Me at 18:17:23.75 on Thu 01/08/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = h... Read more

A:Apparently longstanding multiple malware issues. Not cool.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

LiveUpdate 2.7 (Symantec Corporation)
Symantec KB-DocID:2003093015493306

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

MyWay Search Assistant<<Please read this

------------------------------------------------------


Quote:




Registry Mechanic




We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere wi... Read more

Read other 13 answers
RELEVANCY SCORE 71.2

Hello

I posted a request for help resolving what I believe are corrupt system files caused by a malware infection. The malware was found and "removed" about three months ago but many problems remain.

Kaspersky Internet Security 2013 full scan advises no threats found.

Antimalwarebytes scan reports no threats found.

I was asked to repost here with the appropriate logs to ensure all the malware has in fact been removed.

Here is the dds.txt info:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.60.2
Run by Meghan at 22:35:38 on 2014-08-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.1979 [GMT -5:00]
.
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Microsoft Office 15... Read more

A:post-malware removal multiple windows issues

Hi folks

I know you all are busy. Can someone please check my scans to confirm that Anti-malwarebytes and Kaspersky Internet Security have in fact removed all the nastiness from this computer

Thank you so much

Read other 12 answers
RELEVANCY SCORE 71.2

HELP!

I have a Lenovo notebook running Win XP SP2 that had/has some malware that caused among other things - boot issues where the computer would hang during boot at random points, search engine hijacks, wouldn't allow AV or MBAM to be installed or run, 100% processor use, no access to MS or Windows Update. I had to run in safe mode and prevent any boot loading to get MBAM to run to at least get to this point. What remains is the 100% processor issue (occasionally) and the inability to get to Microsoft Update. When trying to get to MS Update the browser just hangs.

I have included the MBAM logs as well as the other requested logs.

Thanks
Alan


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nancy at 1:50:21.14 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.497 [GMT -6:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program File... Read more

A:Multiple Malware Issues, Some Solved, Still Can't Connect To MS Update

I hope someone can answer today. I am traveling starting tomorrow and would like to be sure this machine will work.

Read other 4 answers
RELEVANCY SCORE 71.2

Hi all! Thanks in advance to those willing to assist me. About a month ago i had strong suspicions that a virtual machine/remote desktop was running so went ahead and re installed windows 7. Thought that would definitely solve my dilemma but it seemed not. I paid for numerous programs (Avast,PcSafeDoctor, Spyhunter 4)which only PcSafeDoctor found a trojan.win32/xxxx which would be renamed after each reboot. After seeking advice i decided to run the Advanced SystemCare 5 and to my horror i witnessed a ton of worms, trojans, misleaders and nasty vermin as it was scanning the first malware section only to pass the section healthy. I found it hard to capture all the names (20+) but here is what i could make out:Trojan.Win32/AgentMisleading.ApplicationTrojan.Win32/VundoPSW.OnLineGamesTrojan.TraceBackdoor.FrauderTrojan.Win32/BHOWorm.AgentMal/Gen.DownloaderTrojan-spyAs requested the DDS log file:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Ken Kaniff at 15:27:56 on 2012-02-29Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3062.1959 [GMT 10:00].AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}.============== Running Processes ===============.C: ... Read more

A:Multiple Trojans, possible hijack. Malware not detecting issues.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Righ... Read more

Read other 11 answers
RELEVANCY SCORE 71.2

Alright here are the logs finally thank you so much for your helpWhen using internet explorer search links redirect me to random websitesWindows update does not seem to be working at all, in addition if I attempt to visit windows update webpage I am blocked completely. Around the same time I experienced these issues google chrome stopped working all together (not the end of the world but I presume was related)I have ran malwarebytes, ccleaner, EMCO malware removal, tried all of the windows update troubleshooting I could findI have also poured over my processess and I believe I have some smitfraud stuff that I can't seem to get rid of, and a SLsvc process which I read was supposed to be categorized as a system process and it is listed as network (also when I try to delete it from the computer it tells me I don't have permission?)I apologize for not understanding the posting process in my original topic. I generated the logs requested with no problems, however, if I copy paste the DDS log here and attempt to submit I am informed that I could not connect to the web page?! the story is the same when I attempt to attach the ark and attach.txt logs. This is the same message i recieve when trying to view the windows update web page as well. It is like this thing is protecting itself from being found? Any thoughts on how I might be able to get you the information you need, as I did generate the logs without issue and they are saved on my desktop. Sorry for not being able ... Read more

A:multiple issues not detected by malware/ cleaner apps

Hi tightlines,I will be assisting you with your problem.Please inform me about the current condition of you computer in case the issue is not resolved.

Read other 16 answers
RELEVANCY SCORE 70.4

When using internet explorer search links redirect me to random websites
Windows update does not seem to be working at all, in addition if I attempt to visit windows update webpage I am blocked completely.
Around the same time I experienced these issues google chrome stopped working all together (not the end of the world but I presume was related)

I have ran malwarebytes, ccleaner, EMCO malware removal, tried all of the windows update troubleshooting I could find

I have also poured over my processess and I believe I have some smitfraud stuff that I can't seem to get rid of, and a SLsvc process which I read was supposed to be categorized as a system process and it is listed as network (also when I try to delete it from the computer it tells me I don't have permission?)

any help would be great, thanks for the time and effort

A:multiple issues not detected by malware removal/ cleaner apps

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 4 answers
RELEVANCY SCORE 70.4

Hello,
So, I've got two separate, but somewhat related issues. One has been going on for a year and still hasn't been resolved (posted about it before) but I have some updated info, the other one is new.
AsHere I go ....

1. Can't Connect to the Internet
I all of a sudden could not connect to the internet. As my wireless isn't working currently, I used a wired connection. I am using that wired connection right now on my work computer that I am messaging from, so I know it isn't a modem/router issue. I have removed all the anti-spyware that I had and only installed Avast!, I re-installed all the drivers, and I contacted my internet provider. In troubleshooting with the internet provider, we tested the ping for www.google.com, which didn't work, but when we pinged the numerical ip address, it did. The same thing happened when I opened my browser. The representative said that the IP address was not being resolved by the DNS (is that correct)??? Anyways, that's where I am at - how do I resolve it so that the IP address is resolved?

2. First, for some extra background, please see the thread from a year ago that I had posted:
http://forums.techguy.org/networking/663585-wireless-issues.html
Here's what I posted initially before:
I have a Compaq Presario R3440CA with a Broadcom Wireless card. I used to be able to connect to my wireless just fine. Now when I try to 'Find network connections', the error comes up as follows:
Windows ... Read more

A:Solved: Multiple Internet Issues - Can't connect to website and wireless issues

Read other 16 answers
RELEVANCY SCORE 70

Hello,
I have been having a number of problems with my pc. I am currently running XP. I have done a virus scan but nothing was found. My issues have been the inability to get updates, Ad-Aware will not load, and my start menu and icons ramdomly dissapear from my screen. Please help!
Thanks,
Amy

Read other answers
RELEVANCY SCORE 70

I have been having multiple virus issues and I feel like I'm beating my head against a wall.
I have been reliant on Symantic Anti-virus & firewall, Corporate version, but now it seems Symantic has not been catching them all.

I have found that when typing in MS Word letters or numbers will just "appear". I delete those figuring that it's just a glitch (having dealt with older systems most of my life I'm used to software/programs having similar glitches).

Well, over the past couple months I have been running AV several times a day. I now use (along with the Symantic) RKill (which now AdAware won't allow to run and IDs it as a virus), MalwareByte Anti-Malware, and AdAware.
I usually deleted everything in quarentine, but what I have record of so far is malware.trace, Trajan.FakeAlert(fs) (I think this is the AdAware trying to get rid of RKill), Trojan.Win32.Generic!BT, Win32.TrojanPWS.LdPinch, Fraud.Sysguard, and Virtumonde.dll.
I have been browsing through this site and downloaded a number of other AV programs, but havn't used them yet.

And just a second ago MalwareBytes incepted and prevented contact from my computer to a malicious website at 222.76.216.170.

I think I'm gonna have to step back and ask for help. This stuff is over my head.

ETA: Sorry about not enough info. Operating system is Windows XP, SP3.
I do not have screen shots of behavior. And now J drive is inoperable.

Read other answers
RELEVANCY SCORE 70

I did a McAfee security scan and it removed several cookies, but there are still remaining issues.  I have windows 7 on a laptop and have several viruses that I am struggling to remove.
 
The most concerning of these is that the McAfee firewall is off, and when turned on, it turns back off within a few seconds. 
 
There also is a zeroaccess!cfg Trojan that was identified by the rootkitremover but was not fixed.
 
there is a FBI ransom virus that has affected one of the users, that asks for $300 through a moneykit payment.
 
and there is some kind of virus that infects any kind of virus removal download - attempting to download rootkitremover, hitmanpro, stinger, and combofix all resulted in the message that the file was infected and deleted.  I was able to download these on another computer and save them to the laptop with a memorystick.  I have not used combofix or hitmanpro. 
 
Any help that can be offered on these issues would be greatly appreciated!

A:multiple virus issues

Hello filmorebuckets,
 
I get the impression that what you're working on is a corporate network. The bad news is that it looks like game over. You've described CryptoLocker, and there is no way to cure it anywhere.   Please read here : http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
 
Regards, tea

Read other 5 answers
RELEVANCY SCORE 70

Okay, so I've been having some annoying issues on my computer, nothing serious yet but some are concerning. Feel free to ask for more info if needed.

Issue 1: I've had some jerkiness/lag and loading issues for some of the games I play, particularly Blizzard games (all of which should be well within system specs). The prime examples:

--> When I play Overwatch, sometimes character models/audio/sprays/projectiles take FOREVER to load for the first game I play after launching the program. All player models are essentially invisible, including my own (don't see the character's weapon or even HUD), and if I fire my weapon while invisible the map will react (breakable objects break), but all of the effects are invisible (if I fire a rocket, for instance, the rocket and explosion are invisible). I can still see usernames above allied players, but enemies are completely invisible. Models load at different rates (so one hero's model might load after a few seconds while the rest take minutes, for instance), any sprays just appear as the default spray (if they appear at all), and voice lines don't work. This has lasted for an entire round before, and when that happens the "play of the game" clip will often have invisible characters in it, even if they've loaded fully by the end of the round. Additionally, even once most/all assets are loaded, if I die and respawn there is a period (several seconds) where the screen is completely black even though my character is ... Read more

Read other answers
RELEVANCY SCORE 69.2

Hi, I've stumbled upon this site many times while researching spyware issues. Great site for help. I am usually pretty good at fixing people's computer when they become infected, but this latest one is driving me nuts. My boss called the other day telling me his home PC is all messed up asking for help. I spent several hours at his house just trying to get the damn thing to function.

I know for a fact that he has the BraveSentry spyware. He's got another thing that pops up a window that says, "Program has encountered a problem and was shut down." It also says that there are multiple folders named Program and needs to rename one. Another problem is "ie_updater.exe" was shut down. Memory could not be read. There are a few more issues, and I'd like a hand on this one.

I've got Ad-AwareSE, Spybot, and HiJackThis installed. I've run spybot and Ad-Aware several times in safe mode, but there are plenty left afterwards. If someone could walk me thru this, I'd be greatful.

Thanks,
Dave

A:Multiple Spyware/virus Issues

BC Instructions for removing Brave Sentry in link below.http://www.bleepingcomputer.com/forums/t/55983/how-to-remove-brave-sentry/Then follow up with the instructions below.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------Getting into Windows Safe Modehttp://www.computerhope.com/issues/chsafe.htm(pre-Vista OS's)Wanted to add that you should warn the computer owner that "ie_updater.exe" is listed as a Backdoor trojan. This means that his personal financial info that is on the computer may already be compromised. Suggest monitoring credit cards, bank accounts, paypal, etc. Change all passwords using a different computer. Super Antispyware says it can remove it.

Read other 2 answers
RELEVANCY SCORE 69.2

so it appears i am having multiple issues on my computer

1. every time i start my computer i get an annoying Trend Micro pop up to purchase the product. that is accompanied with a pop up to install ie 8.

2. redirect virus- i am getting a google redirect. it either takes me to a random webpage of it starts to "scan for viruses."
any help as to how to eliminate these would be appreciated. i ran both ccleaner and malwarebytes. neither helped or showed a problem

A:Multiple virus issues (redirect, pop ups, etc)

anyone? please?

Read other 24 answers
RELEVANCY SCORE 68.4

hello. I have a ton of viruses. I dont know what to do. I ran norton in safeboot and it found 3 but then i restarted my computer and immediately got a virus notification. The viruses that it says i have are called:

pp10.exe - Downloader
870159.dll - Trojan Horse
stonce_12343044286.exe - Trojan Horse
websrvx[1].exe - Trojan Horse
new_drv.sys - Hacktool.Rootkit
load[1].exe - W32.IRCbot
pdfupd.exe - W32.IRCbot
Acr73.tmp - Bloodhound.Exploit.196
nrf[1].exe - W32.Koobface.A
tokutide.exe - Trojan.vundo
Torazusa.dll - Packed.Generic.217

and many many more.

here is the DDS report:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Ed Gomes at 21:46:42.65 on Fri 05/22/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1152 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Progr... Read more

A:Multiple Virus issues. Cannot remove with Symantec

Hello edjogo2.You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference! If you are a casual viewer, do NOT try this on your system! If you are not edjogo2 and have a similar problem, do NOT post here; start your own topic[/color]Do not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Let's have you create a restore point (at this time). 1. Right click the My Computer icon on the Desktop and click on Properties.2. Click on the System Restore tab.3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.5. we only want to monitor the drive with Windows o.s.If you are unable to activate System Restore or if the service is disabled, then.....from the Start button > RUN option .... type in services.msclook for System Restore serviceIf it is listed as off or inactive, press on the link at top left to Start it.Next, See and do as outlined here http://bertk.mvps.or... Read more

Read other 12 answers
RELEVANCY SCORE 68.4

So a few days ago I noticed my computer was being kinda douchey.
I believe this started when i was looking for a game to play and I downloaded one and it didn't work(opened command prompt and said the game could not be started), so i speedily deleted the files (one particular file was called "run.bat").
 
NOW every time i start up my computer, there is a Run.bat file on my desktop, even when i delete it and restart, it appears again. the contents of this file are as follows:
===================
@ECHO OFF
java -xmx500m EGIU
Title Demolishscape v7
===================
 
I am pretty sure this is a file being created on Boot, because i have seen files being created on startup with other malware and viruses, but i cannot find what is creating this file for the life of me.
 
ANOTHER issue, is that my task manager WINDOW will not open, it appears in the system tray on startup, and it will create a bunch of icons for it every second, and when i move the mouse over them, they disappear (although this is probably having to deal with my next issue). As a fix, i downloaded a pretty useful tool called Process Explorer from the Microsoft website. before anyone says anything on the task manager note, i have searched high and low through my registry, and cannot find a disable for task manager, and i do not believe that is the issue, seeing as how the process is opening, and the icon is in my taskbar. There is always 2 taskmgr.exe processes switching on and off really fast (abou... Read more

A:Memtest.exe possible virus/infection-- multiple issues

Hello fight_the_fallen,Glad you got it sorted out, and thanks for sharing your solution! bloopie

Read other 3 answers
RELEVANCY SCORE 68.4

Hi,
 
Thank you for your help.  I have been on Bleeping Computer before and have found the folks here great!  I hope someone can help me again.
 
The issues just began.  I am running Win8 on a Samsung Series 5 laptop.  I noticed today that some webpages will not load (I usually use Safari).  I get a message that says 'Safari cannot find the server at www.--------.com.  Other web pages will work fine, load completely and function as they should.  So I reset Safari and in the meantime installed Chrome.  But I get a similar message with Chrome as well, saying that 'Chrome cannot find the webpage' or that the 'webpage may have moved'.  I also cannot update my apps on Windows8 as a message says that 'it appears the PC isn't connected to the internet' - even though it is.
 
Most of this occurs when the laptop is connected via ethernet cable.  Unplug it, and run wireless and I was able to sign on here. Wired - no such luck.  The reason the laptop is usually connected with the cable is that when it is wireless I have trouble staying connected.  Every 10-20 minutes the wifi adapter needs to be reset.  Huge pain and nobody has been able to offer a solution for that issue quite yet.
 
I'm also having similar issues with my IPad when connected to the same network.  It will not update apps, it will not connect to the itunes store and it will not let me click on search results in safari.  I get t... Read more

A:Possible virus across network? Multiple issues occurring....

Okay, I have an update to the issue.  I called my ISP and they directed me to an automated message that there is a larger issue that is preventing my system from accessing the internet with any regularity.  It was stated that this issue would be repaired by 11:00am MST, tomorrow.   So I guess I'll hold off on doing anything else in that regard.
 
However,.....if a moderator could direct me to the correct forum in order to help solve the connectivity issue with the constant 're-setting of the wifi adapter' that would be much appreciated!!

Read other 1 answers
RELEVANCY SCORE 68.4

I am not sure who/what /where this happened but at somepoint since last night our home computer was infected. Initially the issue seemed to be only SpywareQuake. I followed the directions I found in a post here ( thank you! ) and that issue was fixed but others remained. I also found downloaded AOL and an adobe photo manager.We still see adult/casino pop ups and there is this annoying yellow triangle with the "!" letting me know that adware and spyware are present on our comp and I can take care of this with software from the antivirusgolden or malwarewipe sites.SpyBot, Windows Defender and McAfee Stinger were unable to locate anything.My HijackThis log file is as follows:Logfile of HijackThis v1.99.1Scan saved at 12:59:00 AM, on 6/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files ... Read more

A:Multiple Issues; Pop Ups And False Virus Warnings

Hi Jim,Welcome to Bleeping Computer The current formatting of your log makes it difficult to read. Please open Notepad:On top, click Format >uncheck Word Wrap.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop. Do not run it yet.Please download, install, and update the free version of Ewido Anti-Malware:When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.From the main Ewido screen, click on update in the left menu, then click the Start update button.After the update finishes, the status bar at the bottom will display "Update successful"Exit Ewido. DO NOT run a scan yet.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do y... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

Hi,
I've already posted a thread about this and was told to post the logs from DDS, so I'm posting them now(The second application said "32 bit systems only" so I didn't run that one since I'm using a 64 bit system, hope I understood it correctly)
I got a bunch of viruses and malicious applications and problems like unable to connect to the internet (Though local network and web browsers work, but Applications like Origin don't) Which could be caused by some Malware.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by pc at 4:09:28 on 2013-01-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8147.6116 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Softwa... Read more

A:Virus/malware/network issues(possibly caused by malware)

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 7 answers
RELEVANCY SCORE 68

I'm not sure if this is all part of the same problem but there are multiple things going on. On my laptop ( its an HP Pavilion DV6, with an intel core i3 CPU @ 2.20ghz, & 64 but operating system ) The only way i can get any sound to play is if I watch videos in my firefox browser. No sound will play when i use Chrome (which I prefer) or Itunes, or windows media player. The problem with watching videos in firefox is that there is about a 20 second delay before the video will play, and an error comes up to stop the plug in or continue. If you close out of that box the video will play but you will get the same delay every time it is paused and started again. Browsing in Chrome and playing videos from that browser there is absolutely no lag, its lightening fast, but you will not get any sound. Other simple programs ( Like solitaire) have the same lag, each card you click takes about 20 seconds for the move to actually take place. I've tried messing with my sound drivers to correct the audio issues but I am not sure if it is an audio issue, a flash player issue, or a combination. Any input?

Read other answers
RELEVANCY SCORE 68

I am trying to fix some problems on a client's Compaq Presario V6000 running Windows XP Home Edition. I think a full reinstall of the OS may be necessary but am having problems even with that. My preference, of course, is to fix the problems below without having to reinstall the OS. I have pulled off some of the client's data but since I cannot get it to read a blank CD, an external drive or a large 2.0 flash drive I have not been able to back up everything. It will read a 1GB flash drive of an earlier generation. (Of course the client had no backups and had never done a system restore point - see below regarding my clientele.)

The current problems are:
1. Setup from a Windows Home Edition CD cannot see the HD: "Setup did not find any hard disk drives installed on your computer". (I had hoped to set up a partition and reinstall the OS and then bring the user data over to the new install and then nuke the old one. I have done that before on a Dell that got caught in the isass.exe snafu when XP SP2 came out. I had also hoped to run Windows repair from setup to see if that would fix the problems on the current OS install.)
1.5 The Windows XP Home Edition CD is one I have that is a stand alone. It is not an OEM disk. I don't know if that matters. There are no recovery disks for this computer and since it will not see a blank CD in the drive I cannot make one.
2. The computer cannot connect to the Internet (wired or wireless).
3. I can now boo... Read more

A:Multiple Issues on XP Home: Reinstall issues, etc. Help!

Are the hard drives recognized in the BIOS?

Read other 9 answers
RELEVANCY SCORE 67.6

Deckard's System Scanner v20071014.68
Run by John on 2007-12-21 16:08:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
99: 2007-12-22 00:08:24 UTC - RP382 - Deckard's System Scanner Restore Point
98: 2007-12-21 02:10:56 UTC - RP381 - System Checkpoint
97: 2007-12-20 01:39:05 UTC - RP380 - Restore Operation
96: 2007-12-20 01:35:30 UTC - RP379 - Restore Operation
95: 2007-12-19 14:50:12 UTC - RP378 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-23 18:11:04 UTC - RP284 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as John.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:15 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe... Read more

A:Multiple spyware and virus issues causing IE7 to run very slow

Welcome to the forum ontimejohn
Start Hijackthis Scan and place a check next to these items If there.


O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)
O2 - BHO: (no name) - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - (no file)
O2 - BHO: (no name) - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - (no file)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)

====================================
Hit fix checked and close Hijackthis.

Install SpyBot search & destroy, once installed update then do a full scan
fix all items marked in red, if prompted to let it scan at reboot let it do so and reboot.
http://www.safer-networking.org/en/tutorial/index.html

After that scan with hijackthis, press save log and post a new log

Post a Panda ActiveScan-Free online scanner report,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

Read other 1 answers
RELEVANCY SCORE 67.6

Hi All!

So I?ll take it from the top?.

I installed a program and got a virus on my computer which in front of my eyes was going through the Command Prompt and adding something so I quickly turned off my computer in hope that this would stop it from infecting my computer more than what it already did.

After I turned it back on I went straight into safe mode to start removing any viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software and other malicious programs through the MalwareTips website I always use to remove adware.

I removed a lot of the virus with these multiple scans however some things I noticed were not fixed.

First thing I realised was that I was unable to open some programs which after some research was due to a Hidden Built-In Administrator being on. I don?t remember what I did to fix this however I?m now able to access programs.

Ever since the virus, removing the virus and changing administrator settings I have since run into these issues:

1. Programs on computer keep flickering and ?not responding?, programs sometimes freeze and stop working. Main programs I have been using are: google chrome, File Explorer, Microsoft applications (word, excel, outlook 2013)

2. Sound on computer not working or showing as item on task bar. Will only work when I play a video on the internet, will not work with anything else. ** See image of task bar settings below

3. Battery percenta... Read more

Read other answers
RELEVANCY SCORE 67.2

So I'm not in front of my pc right now, but I'm curious about whether or not fixing this myself is realistic. I'll describe the problem(s) generally, but I can update with specific stop codes soon. Anyway...

I clicked an executable file that I obviously shouldn't have, it disappeared and then bam, bsod. I couldn't boot without using safe mode, but in safe mode I cleaned my pc with AntiVirus software and rebooted expecting everything to be resolved. Apparently the "cleaning" did additional damage because ever since I can't even boot in safe mode without a blue screen with a new stop code. I've tried booting from the Windows 7 cd but immediately after loading 100% another blue screen with another stop code appears before I am even given a menu. I get the feeling it may have to do with my graphics drivers being corrupted but that's just a hunch. What can I do? I'm close to breaking down and paying a shop to fix it. I really really want to keep my data as I have a bunch of incomplete musical projects...

Oh, I'm running Windows 7 64 bit with 4gb of RAM and a radeon 5870. If this isn't a lost cause ill update with specifics. Please help!

A:Multiple blue screens, virus, and registry issues (hopeless?)

Quote:





Originally Posted by rynooo


So I'm not in front of my pc right now, but I'm curious about whether or not fixing this myself is realistic. I'll describe the problem(s) generally, but I can update with specific stop codes soon. Anyway...

I clicked an executable file that I obviously shouldn't have, it disappeared and then bam, bsod. I couldn't boot without using safe mode, but in safe mode I cleaned my pc with AntiVirus software and rebooted expecting everything to be resolved. Apparently the "cleaning" did additional damage because ever since I can't even boot in safe mode without a blue screen with a new stop code. I've tried booting from the Windows 7 cd but immediately after loading 100% another blue screen with another stop code appears before I am even given a menu. I get the feeling it may have to do with my graphics drivers being corrupted but that's just a hunch. What can I do? I'm close to breaking down and paying a shop to fix it. I really really want to keep my data as I have a bunch of incomplete musical projects...

Oh, I'm running Windows 7 64 bit with 4gb of RAM and a radeon 5870. If this isn't a lost cause ill update with specifics. Please help!




Well one option would be to take out the hard drive, copy all the data from the drive to another device ( you can use an external hdd casing for an internal drive, or just jack it into another machine ) and then completely sanitize the drive... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

I got infected with the Virus Burst trojan earlier today and thought I could remove it by google searching and finding other peoples posts, but to no avail. There is no longer the program in my add/remove programs, no instance of virusburst.exe nor vb.ini anywhere in the registry or my directories. I have used both SmitfraudFix and smitRem in safe mode to alleviate the situation. Then I attempted to kill each of the following .dll's:
C:\Windows\System32\dpfwu.dll
C:\Windows\System32\ficqv.dll
C:\Windows\System32\gqagksr.dll
C:\Windows\System32\httge.dll
C:\Windows\System32\oqabf.dll
C:\Windows\System32\qxfgcg.dll
C:\Windows\System32\syycum.dll
C:\Windows\System32\tazth.dll
C:\Windows\System32\titiau.dll
C:\Windows\System32\wuwbxp.dll
C:\Windows\System32\xtgwjrm.dll
C:\Windows\System32\zphnok.dll
My system stated that none of these .dll's existed though. Hijack This shows no signs of the 2 BHO's or the HKLM\..\Run:[VirusBurst]. Also, neither of the following directories exist:
C:\Program Files\VirusBurst
C:\Program Files\PCODEC
After all this, I still have that really annoying system tray icon, and when I reboot into normal mode, my homepage continually changes from www.comcast.net to www.msn.com.
I am at a complete loss here, and I have reviewed countless Virus Burst forums. PLEASE HELP!!!!!!!!!!!!
Below is my HJT Log ---
Logfile of HijackThis v1.99.1
Scan saved at 12:45:04 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Expl... Read more

A:Continued issues with Virus Burst after multiple attempts to remove!!

I forgot to mention that I ran a complete virus scan from Trend Micro. Also, have run Spybot S + D a couple times. I made sure to update it before doing so. I used to following instructions:
Manual removal of the VirusBurst trojan

1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Download Pocket KillBox or KillBox utility.

3. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the VirusBurst entry. Uninstall the corresponding program.

4. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O2 - BHO: (no name) - { [CLSID, a combination of letters and digits] } - [filename]
O3 - BHO: Protection Bar - { [CLSID, a combination of letters and digits] } - [filename]
O4 - HKLM\..\Run: [VirusBurst] C:\Program Files\VirusBurst\virusburst.exe

5. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator's privileges.

6. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
Official SmitFraudFix tutorial can be found here.

7. Use either Pocket KillBox or KillBox to delete the following files (if present):
C:\Windows\System32\dpfwu.dll
C:\Windows\System32\ficqv.dll
C:\Windows\System32\gqagksr.dll
C:\Windows\System32\httge.dll
C:\Windows\System32\oqabf.dll
C:\Windows\System32\qxfgcg.dll
C:\Windows\System32\syycum.... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Hey All! I am new to this forum, so please bear with me.I installed a new Dell Poweredge 2900 Server. as I was moving files to it (cause it is a dedicated file serve and nothing else), there were a bunch of viruses and malware. I follwed the instruction to do the virus scans, spyware scans, stinger scans, and just about everything else that was in the beginning of this forum. So, here is my hijack this log, can someone take a look at it and tell me if I am ok from all the crap that is out there?Here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:17:41 AM, on 3/11/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ntfrs.exeC:\WINDOWS\system32\perfs.exeC:\WINDOWS\system32\routing.exeC:\WINDOWS\system32\svchost.exeC: ... Read more

A:Malware And Virus Issues

Hello jfiore3,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers