Over 1 million tech questions and answers.

Malware Stinks! Please Help Me

Q: Malware Stinks! Please Help Me

Hi All,I booted my pc and found that my home page had been changed to some kinda website called protect advanced cleaner. I downloaded some antivirus softwares and it removed some stuff and put my homepage back to msn.com but it's still grayed out and i can't change stuff cause it's telling me that i have to have administration priviledges to do that even though i am the administrator. Can someone look at my hijack log and see you can help me?I have a 13 year old daughter that uses my pc too and i would really hate for her to see some of the stuff pop up that i saw this morning. Oh and by the way, since i ran the anti virus programs and my homepage reappeared, every time i open IE i get the message that IE has encountered a problem and needs to close. I already had foxfire so that's what i'm using for now.Thank you in advance.TammyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:25 AM, on 2/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytieR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytieR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://gomyhit.com/MTkyNDM=/2/4028/ax=0/ed=1/ex=0/search/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn9\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn9\yt.dllO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dllO2 - BHO: OFLinker Class - {A51D8FA4-C859-473D-9E18-FA0C59D16FA3} - C:\WINDOWS\OFLink.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn9\yt.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120363474470O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174291504337O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 8954 bytes

Preferred Solution: Malware Stinks! Please Help Me

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Malware Stinks! Please Help Me

Hi tbrazel and Welcome to the Forums. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 15 answers

The developer preview has been out for less than 24 hours. Nevertheless, let's start complaining!

I'll go first just to get the ball rolling...

The Metro UI absolutely sucks for any sort of computer other than a tablet/phone. I like my computers like I like my men: under the desk and connected to the power mains.

A:It Stinks!

Now that's funny right there.

Read other 61 answers


Not sure if I'm writing for help in the correct category. Please let me know if I'm in the wrong place. I would also like to add that I am completely pc illiterate.

I recently lost my web cam connection. I've installed & reinstalled everything several times with no avail. I've even done a system recovery (boy was I was sweating when I did that) Thought that was the end of my pc! My friend is on a Mac notebook and is using aim 4.7 whom I am trying to connect with and I'm on a pc, (windows xp) Our connection (when we were able to connet a while back) was always very lousy but at least we were able to connect somewhat. We are both stay at home moms and we both really miss our web cam connection. I've tried to connect via aol, aim, aim 6.0 and aim pro which all did not work. I've called Labtec (web cam people) and they told me to call aol. I've called aol and they told me to call Labtec.

Any suggestions?


Read other answers

Got the new FF update last night, what a bummer!!!  Many book marks disappeared, the look and feel has changed much to my dislike.  I wonder if I can revert to the last version?  Is anyone else not happy???

A:New Fire Fox Stinks!

 My Firefox v56 updated yesterday to v57. My 'add-ons',the ones that i deem important ie. Ad-blocker & Privacy Badger were still there,so on that count everything was ok.
However,regarding the hoped for increase in broswer speed - it simply hasn't materialised !. It's as slow as v56,which was never that bad that i lost sleep over it.
   All my bookmarks are still in place,& the only thing that seems to have changed is the Homepage appearance. All in all,a waste of time - at the moment. I'll await further updates in the hope that eventually Firefox v57 will live up to the months  of 'hype'
   I had 'Auto update' turned on & it didn't update on the 14th. I turned auto UD 'off' & then had to turn it back on again for v57 to install,which it did within seconds.
  I suppose to give Mozilla the benefit of the doubt - this is a brand new version,'relatively' untried except for the Beta version,so we should expect a few glitches. However,since most of the hype was about 'speed' - i'd have expected that to be there from the first second it went live - it wasn't. Just something else that's been 'improved worse' !!!. (At the moment)

Read other 71 answers

Hi, and thank you for your help (ahead of time). Contracted Trojan.Vundo somehow. Have run the Combofix, and Vundo is still showing up and corrupting my files. Here's my log. I'd appreciate next step directions and put Vundo to sleep forever!

ComboFix 07-12-12.3 - KCHijacked 2007-12-13 0:12:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT -8:00]
Running from: C:\Documents and Settings\Mary Myers\Desktop\ComboFix.exe
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\avatar.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\corrupt.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\register.dat
C:\Documents and Settings\Mary Myers\Application Data\FunWebProducts\Data\Mary Myers\zbucks.dat
C:\Documents and Settings\Mary Myers\err.log
C:\Documents and Settings\Mary Myers\g2mdlhlpx.exe
C:\Documents and Settings\Mary Myers\ResErrors.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Sh... Read more

A:Vundo Stinks

Please download HijackThis to your desktop.. http://www.trendsecure.com/portal/en...HJTInstall.exe

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.Just close it.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

If it gives you an intro screen, just close it


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag C... Read more

Read other 5 answers

Trying to install photoshop with installshield.

My C: drive does not have enough room, so i tell it to install to a different drive, even after selecting one that DOES have enough space, it won't continue because it's STILL claiming the C: is the problem. I've changed my temp file directories under enviromental settings. But it still wants to install things on my C:

Read other answers

My computer is driving me crazy. I know its old but I cant buy a new one right now. It seams like something is always running in the backround. My AVG says that its not infected but I think it my be. Please help!
Dell dimension 8200
Win XP Service Pack 3
512 Ram
I know I dont have much RAM but the type this uses is expensive and I would have to buy it in pairs and the computer isnt worth the cost.
I downloaded the two scan to my desktop.
Thank you
here is my dds.txt.
i cant run the root reapel because it frezzes my computer
DDS (Ver_09-10-26.01) - NTFSx86
Run by chris at 21:25:34.73 on Sat 11/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.46 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe -k hp... Read more

A:computer stinks

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers

Hard drive froze last week, new drive, Windows 7 won't let me install IE8, only IE9. Really hate IE9 (tried the Beta when it came out). Just moved and all documents are 400 miles away. Would really like to download IE8. Not that computer literate. Thanks in advance.

A:IE 9 Stinks, can't get IE 8 to download.

IE8 is the default browser in Windows 7, just uninstall IE9 and then you have IE8.

Read other 6 answers

I have an Epson Stylus c80 inkjet printer that has never given me a good color print job. Mostly I always get those vertical bands and lines running through. I know that's probably a common thing, but I've tried every utility to solve it - the head cleaning, nozzle cleaning, etc. Nothing works. This has gone on since the day I brought it home, about 2 yrs ago. I only use Epson cartridges. I've contacted Epson..they just tell me to use Epson cartridges..I tell them I DO!..they just repeat themselves..so no help there.

I researched printers pretty thoroughly and thought I was getting a great printer. Now I don't trust myself! Any recommendations for a printer that does a good, reliable color printing? I've hung in with this disaster as long as I can.

I'm NOT doing any high-quality photo-type printing at all - - I'm just talking about printing quick, small things like jewel case covers, or things I do in Paint, or small pictures from the internet. The color itself is okay, but it's the bands and lines running vertically through them that are always present and I cannot solve. That's what I want to avoid in a new printer.

A:This printer stinks!

Read other 8 answers

Hey.. I've tried getting rid of cool web search so many times! I have adaware and run that.. and it get rids of it for awhile but then it comes back! i also run cool web search.. but hey.. does the same thing.. comes back!! I've tried to go thru that whole process of findnfix but i dont think the dude knew too much which i thought was fine.. cuz I'd try again.. but if anyone could help me it would be GREAT! Here is a fresh hijack log.. when its ON my computer.. if you want one when its not.. just tell me... by that i mean.. when i delete it for like 2 minutes

A:cool web search stinks! HELP!

Read other 10 answers

First, forgive my if I have broken any posting rules. I'm not necessarily new at this, but I sure know how to make mistakes. Anyway here is a little information about what I'm working with:

ISP: Hughesnet

Avast Antivirus
AVG Anti-spyware
Webroot Spy Sweeper and of course

Now, my computer is working fine, but I sense a parasite hoarding vital resources and thought maybe if my hijackthis log is analyzed, it could be found and killed.

I cannot express my gratitude as well as I should be able to, so I will say THANK YOU. Here is my hijackthis log:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;;;;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO... Read more

A:Low Priority...Somthing stinks though...

Will anyone take my case? Please...

Read other 11 answers

I have been here, done this before, still need some advice.

I am using DirectCD 3.01C, on a PentiumII, 450 Mhz, Gateway PC with 256Mb RAM, and using a HP 9100 CD Burner. My Norton AV is updated weekly, so I know I don't have a virus.

I reformatted about a month ago because of this same problem. [you can look up my past letter on TSG] It was suggested I reformat the C: drive by a PC tech at a computer store after he played with my PC for a couple days, charged me $213, and didn't do a thing for me.

After I reformatted and reinstalled Adaptec DirectCD, I could copy small files and photographs neatly to a CD-RW and I could copy full CDs to CD-Rs with no problems. (I could alway copy full CDs with CloneCd without any problems.) Single file copying worked fine up until about yesterday, then I started getting the same problem ~ Adaptec DirectCD would not recognize an already formatted CD-RW with files on it. If it did recognize it, it would take a very, very long time to try to copy those few little files [10 to 300 kb long] and then it would quit with the standard error [it has become standard to me, I see it so much] "...this CD has an unrecoverable read/write error, you should move all your files off this disk, blah, blah, blah..."

Any suggestions or ideas out there? Am I one of the few [or many] that is beginning to think that this technology or the software is still in it's infancy and is not a really good way to backup or do I need another softw... Read more

A:Adaptec DirectCD STINKS!

Read other 16 answers

Okay. I want your opinions. I'm only going to use Vista for making screenshots and doing documentation. I wish I could avoid buying it, but I need it for an ongoing documentation project.

What version of Vista stinks the least?

I've ruled out Home Basic as too basic, and Ultimate as too expensive.

I'm trying to decide between Home Premium and Business.




A:Vista: Which version stinks less?

Read other 11 answers

I have an Inspiron 1000. It originally had XP on it, but stupid me wanted the most updated OS so guess what I went and did?? That's right! I put vista on my lappy and now it just plain stinks! A slug moves faster than my laptop does!! How do I remove vista from my laptop and reinstall xp? I have tried reinstalling with cd and it doesn't give me the option to install(appears vista is alot harder to get rid of-kinda like the flu!) Can anyone give me instructions on how to do this? I have backed everything up so I am ready to dump! I am not a tech chick so go easy on me! Thanks a bunch!!!

A:Solved: Vista Stinks!

Read other 16 answers

Last week i brought my 2.5 yrs old T440 to Lenovo Bugis suppt center to replace a cracked LCD back cover (one fine day i noticed a crack along the righthand side hinge and after opening, the cover was hard to close & open!). I had a queue tkt that said waiting tme approx 5 mins, but it took 20 mins for the front desk asst to call me. He rightly said the warranty had expired and they need to charge me $50 (+gst) to assess how much it would cost to fix it. When i asked what they want to assess as the laptop was working fine, he said in that case i should pay $30 - to source for the broken part and only after that they can tell how much would the total repair cost be! To me, it didn't make sense as they are the 'makers', but the guy started explaining the parts are made by 3rd party suppliers and and that's the process they hv to follow for 'older' models! Then another colleague of him came to explain, but he also couldn't tell me the rational for not able to tell me upfront the charge for replacing a 'highly visible' broken part! They are cheats in my opinion!! I have been a ThinkPad user for nearly 20 years and never experienced such poor quality machines and bad service!!! Hell with Lenovo.

A:Lenovo Singapore Support stinks

since your machine is already out of warranty, source it online for 3rd party and get it done. Im having hell with my Lenovo too.

Read other 1 answers

I can't open a installasion, it closes change or remove programs, it closes most of the stuff!! Even it's own settings!!! So I'm asking if I can delete the DEP. Can I?

A:Data Execution Prevention Stinks

First make sure you are installing known good software (not something questionable).

You can disable DEP for the software you are installing by going to System Properties > Advanced tab > Performance settings button > Data Execution Prevention tab > tick the button for Turn on DEP for all programs and services except for those I select. Then Add the program you are having trouble with.

You can also completely disable DEP for all programs by editing the boot.ini file (C:\boot.ini) by changing /NOEXECUTE=OPTIN to /NOEXECUTE=ALWAYSOFF. You must reboot for the change to take effect.

Read other 3 answers

DSL (cable)- download speed is great, but the upload speed has gone away. Seems that I can send emails and such but at a much lower speed. I attached a log to look at. Any help is appreciated. Win98se and IE6

Logfile of HijackThis v1.97.7
Scan saved at 8:28:02 AM, on 5/6/04
Platform: Windows 98 SE (Win9x 4.10.1998A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/sea... Read more

A:Send speed stinks, recieve is ok though

fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.firstbankonline.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/...&query=%s&i=enu

also i believe this entry is bad:

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

Read other 3 answers

As online gaming grows in popularity ESET researchers found that cybersecurity measures haven't kept pace as 36 percent gamers reported actively turning off security software if they found it was slowing down their computer.

The study, conducted by Google Consumer Surveys, polled 500 gamers and found that 52 percent of respondents said they don't even use security software on their gaming computers, according to a Sept. 13 blog post.

Gamers stated numerous reasons for their lack cybersecurity hygiene with 20 percent saying they don't need it, 13 percent saying they don't like they pop ups, 12 percent saying it slowed down their computers, and eight percent saying that it interrupts their gaming experience.

Researchers warn whenever security settings are disabled, users run the risk of malware stealing their login credentials and using gaming accounts for malicious activity which could lead to the legitimate user getting banned from the gaming platform for someone else's actions.

The stolen accounts could be used for botting, item farming, and other activities without the account owner's knowledge.

Full Article. Study finds gamer cyber hygiene stinks

Read other answers

If a program installed malware and the anti malware found something.
Will it delete the malware itself or will it delete the program that came with the malware too?


A:Will an anti malware uninstall the program that installed the malware or only the malware itself?

I find your question a bit confusing, maybe it's just me.
But I think I understand your way of asking your question, and I will try to answer:

If for example Internet_Browser_A unintentionally installs stealthy malware by a driveby advertisement / exploit,
then Anti_Malware_B will only detect and remove unwanted malware and leave Internet_Browser_A intact and alone.
But if Internet_Browser_A in the same turn also gets infected, then Anti_Malware_B will try to disinfect or quarantine
Internet_Browser_A aswell.

Does that answer your question and did I understand it correctly?

Welcome! 1Up.

Read other 2 answers

If a program installed malware and the anti malware found something.
Will it delete the malware itself or will it delete the program that came with the malware too?

Read other answers

[topic=253487.html"]Malware byte's Anti Malware software, Malware byte's Anti Malware Not working[/topic]My google requests are being redirected to other sites. As a first step to correcting this, I started to run Malware byte's Anti Malware software. After I updated it, I started the scan when all of a sudden it stopped working. When I tried to reconnect, I got a message"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item"I re-installed the software, updated it, and tried to run it again, and got the same message.Since then, SuperAntispyware, RootRepeal and now DDS will not work. They download okay, but then terminate during the scan, hence I don't have logs I can insert.I've backed up all my data onto an external hard drive.I'm at my wits end, but I'm happy with any assistance I can give you. Hopefully the topic link works.Here is my Win32kDiag.exe log. The next post will by my Rootrepeal drivers log.Log file is located at: C:Documents and SettingsPhilDesktopWin32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:WINDOWS'...Found mount point : C:WINDOWSaddinsaddinsMount point destination : Device__max++>^Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP247.tmpZAP247.tmpMount point destination : Device__max++>^Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP453.tmpZAP453.tmpMount point destination : Device__... Read more

A:> Malware byte's Anti Malware software, Malware byte's Anti Malware Not working

Hello smartjock99,You got a Rootkit on this computer. We will need to take this cleanup in phases. You are not clean until I tell you so - even if it appears that everything is running fine!Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!: The Avenger i... Read more

Read other 44 answers

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you


Read other answers

Hello all! I'm posting here because I'm trying to take care of my brother's laptop. On Friday (Christmas Eve) he let me know that he'd gotten what appeared to be a malware and or virus attack which appeared initially as a fake anti virus scan ("AntiVirusDoctor") -generating numerous pop-ups and so forth. This was an older Dell (running Windows XP) of his that he'd had to switch to as his newer one is out of service for the moment-so the usual security software he uses and such had either not been reinstalled or not updated for a very long time with the exception of AviraAntivirus (it had just updated itself an hour or so before hand). Avira's gaurd seemed to have caught about 20-30 files trying to come in -almost all of these were tojan's. He'd started it's scan and had found 3 or 4 infections but I suggested he stop the scan and reboot into safe mode so he could run it from there. Meanwhile I went back to my computer and downloaded the newest version of Malwarebytes and after running his Avira again in safe mode ran a full-system scan on his computer in Malwarebytes. This found around 250 or so more infections. I saved the log files from the two malwarebytes scans I ran (I'd forgotten to ensure that all the files had been selected for removal the first time round & when I saw this immediately rescanned and then removed them). I&#8217;ve a decent amount of experience in dealing with computers but not so much ... Read more

A:Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

Read other 16 answers

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.


Read other answers

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

A:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

Read other 3 answers

I have read several posts regarding Ucleaner and spyware. I am having similar problems:

-- There are three new icons on my desktop: (1) Error Cleaner (2) Privacy Protector (3) Spyware&Malware Protection. When mousing over these icons, the popup window indicates that they lead to "http://viruswebprotect.com/shandler/php?..."

-- I periodically get pop up icons that say "someone is trying to attack my computer" and there was a message that stated "Win32.netsky worm has infected my computer"

I have completed the five steps listed in the "before you post" thread. The only deviation from that is that I already have Windows XP SP2 installed. Any help would be much appreciated. Thanks.

A:uCleaner Malware / Error Cleaner, Privacy Protector, Spyware&Malware Icons

Bump Bump Bump

Read other 1 answers

Hi, I recently got suckered into receiving and falling for the 'fake facebook friend request' malware email (hxxttp://www.net-security.org/malware_news.php?id=1813) and am not sure if I have been infected or not. In the email, I clicked on the link and it brought me to facebook but nothing seemed amiss - however I realized immediately after that it was probably some sort of virus and that, wow, I really am guillible to fall for something like that. In researching about the malware I noticed that a prompt was expected to come up and ask me to download the latest version of Macromedia Flash - but it didn't. So I am uncertain if I've contracted something. Anyway, I haven't noticed any major issues with my computer but I will admit that I'm a little green when it comes to these things so I'm unsure of what to look for - if it's something dangerous running in the backround, how would I know, etc.? So I followed the instructions on here and have a few logs. Problem is I don't really understand the language, so to say. What's good or bad. Really I am wondering if someone can take a peek at the logs and tell me if I have a real issue and if it's something I need to address. I'm wary of using this computer in case it's something serious.

Oh, and my computer is running Windows Vista.

Any help is appreciated, thanks.


DDS log:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVers... Read more

A:Don't know if I have malware/trojan/rootkit problem - fake facebook friend request malware.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429204 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 8 answers

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

A:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

Read other 1 answers

I have been having problems with my labtop since June 2009. My kids have gone on inapropriate sites and some how got viruses. I am no longer recieving most of the unfortunate pop ups dealing with svc host files not working but still the computer is extremely slow. I also have AVG 8.5 and it is detecting two viruses. win32/Heur.

I have run malwarebytes 3 times and once at 9 infections once at 10 infections and once at 11 infections it froze. Each time it froze it froze in C:/windows/system32/config folder. I have to restart the computer each time (takes ten minutes but works). Slow start up and shut downs. Out of 56 Processes I can only see 9 in task manager. And I also see (my web search) like more then 50 times in my start up (Viewing that with Advanced System Care Pro)

This is my system information then AVG report and finaly HJT log Info in order that I just mentioned.

thanks to anyone who can help out!

AWC System Information Report

Computer System
Computer Name EKAPICA-PC
User Name Eka Pica ( Pee )
Operating System
OS Name Microsoft® Windows Vista™ Home Basic
OS Version 6.0.6002
ServicePack 2.0
Product ID 89572-OEM-7332166-00029
System Uptime 13/09/2009 1:54:47 AM
Internet Explorer Version 8.0.6001.18783
Microsoft DirectX Version 10.0
OpenGL Version 6.0.6000.16386 (vista_rtm.061101-2205)
Free Physical Memory 1872 MB
Free Page File 3075 MB
Free Virtual Memory 4942 MB
Maximum Size 682MB
Current Size 25MB
Status OK
Center Processor
CPU Name... Read more

A:Malware bytes freezes and AVG Detects Win32/Heur, Malware or Virus (Either way Please

Hello cgordon311,

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 1 answers

I can not do the prework because my browsers are incapacitated, so I can't download anything.The PC indicates that my web connection - DSL - is functioning properly. I don't know if it is safe to insert a flashdrive in order to bring the required programs to my pc, and post the results using my relative's pc. Is there a way to prevent malware from infecting the flashdrive?
I am using a relative's desktop PC in order to communicate here. I still have windows XP SP3 on my desktop pc and I finally got a virus despite what I thought was safe surfing, using a limited account. I have Avast free but it did not detect anything. My superantispyware is "locked" and my malwarebytes free stops responding.  So I don't know what infection I have. I use Online Armor firewall, but it did not prompt me about any new program. It is set to always notify me, even when running something I have allowed in the past. Whatever it is, also got passed K-9 web protection which filters all of my PC use. I am putting a lot of disjointed information that may be helpful into this post, simply because of my need to go back and forth between two houses in my particular situation. (About a 5 minute walk). I normally would not put all of this into one initial post. I understand that the system works better when one detail at a time is presented upon your request. Please understand that I won't be able to provide bits of information without returning home for each request!
My last action befor... Read more

A:unknown malware disabled my browsers, locked anti-malware programs

system restore worked!
how do I close this thread as solved??

Read other 2 answers

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

A:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers

New malware detects browser, shows fake malware warning page.

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before.

-- Tom

A:New malware detects browser, shows fake malware warning page


Read other 1 answers

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

A:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.

Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:


Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

Read other 38 answers

Yesterday, I had troubles with Windows live messenger where it (still) says:

"Windows Live Communications Platform has encountered a problem and needs to close. We are sorry for the inconvenience. "

although, the problem isnt about MSN. I found out that this problem was caused by having Malware on your computer. Hence, i decided to run a scan using Malwarebytes Anti-Malware (MBAM).

I noticed that my Avast was disabled and if i try enable it, it comes up with a window saying: the operation could not be completed.

My google searches also SOMETIMES get redirected to links that is clearly out of topic.
like if i google search the terms "malware wikipedia" and i click on the wikipedia link but i get redirected to some Myspace/Anz credit card crap.

Then this happened.
MBAM CRASHED after 2 mins of scanning -> tried to re-run MBAM but a window came up saying:
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
I ran several other programs such as:
HJT -> scanned for 2 mins, then crashed (no logs were made)
SUPERAntiSpyware (SAS) -> scanned for 2 mins, then crashed
and same goes for any other programs that searched for any malware.
The only program that worked was TROJANHUNTER and came up with a couple of false positives
I also tried using Avira's Rescue CD (the one where you boot up with it and it does a scan)
A scan using Avira was also successful but failed to... Read more

A:Malware/Anti-virus tools wont run due to a rootkit/trojan/malware

i am having the exact same problem!
i have no clue what to do, any help would be amazing!

Read other 2 answers

Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to unlock the file but it still does not allow me to shorten the description. When I shorten the name and hit OK I am told "You'll need to provide administrator permission to rename this file" Since I am the administrator on this machine I do not know what to do. Continuing does nothing. Anyone have any suggestions? /* Philip */

A:Changing File Decription for link to Malware Bytes Anti-Malware

Not sure but I think Malwarebytes is trying to protect itself.
That is one of the first things a virus would try to do is change the name/link and get it out of the infection way.

I can change the name of the desktop Icon to MBAM.

Read other 9 answers


I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,

A:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 5 answers

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

A:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 17 answers

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

A:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 27 answers

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

A:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

Read other 2 answers

I have a Windows XP SP3 PC from a user who was infected with malware, I used Malware Bytes to remove the offending software, and now I am unable to open the Windows Update page. I can browse to other pages but after a few minutes, I get redirected to another random page. I also keep seeing the Just In Time debugger. Tried a Registry edit I found recommended elsewhere, to fix that issue, but that didn't last. At this point, neither SAS nor MBAM see any malware present, but I am stuck with my problem. Existing antimalware package is MS Forefront. All utilities I have used have been updated to the most recent definitions.

A:Malware Bytes cleaned malware, now Windows Update doesn't work, webpages randomly redirected

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers

A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals.

Yingmob, an advertising company based in Chongqing, China, is supposedly the group behind the YiSpecter iOS malware and the HummingBad Android malware.

Both function in the same way, meaning they infect devices to show ads and secretly install other applications, earning their creators money from pay-per-install programs.

Crooks making over $300,000 each month
Check Point estimates that HummingBad alone delivers over 20 million ads per day that achieve a click rate of 12.5 percent, which is the equivalent of 2.5 million clicks per day. Additionally, HummingBad installs over 50,000 fraudulent apps per day.

Putting all these numbers together, Yingmob earns over $3,000 per day from clicks alone and another $7,500 from fraudulent app installs. That's around $300,000 each month, or $3.6 million per year.

Check Point researchers say that HummingBad has managed to infect 85 million devices at the moment, and Yingmob has complete control over these smartphones because it illegally rooted the devices and can push any type of malware or make the devices take any action.

Read more: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware

Read other answers

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Read other 4 answers

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:

A:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me

Read other 2 answers

New here so um Hello...With that said, got a slight issue but I'll get the important stuff over first.

I am using Vista SP1 and have what I believe to be a malware issue. I currently have McAfee installed but will be deleting it once I find something I feel comfortable with. I refuse to use AVG as it allowed me to get several issues previously and I uninstalled it and swore never to use it again and most of the free programs I just don't trust.

Anyway, The main issue I am having is that the task manager is disabled when I log on. I have used RRT to remove restrictions several times after running Spybot and Mcafee scans that supposedly found issues but not the one I needed to remove.

This is the problem signature:
Problem signature:
Problem Event Name: APPCRASH
Application Name: TskMan.exe
Application Version:
Application Timestamp: 46d4a362
Fault Module Name: TskMan.exe
Fault Module Version:
Fault Module Timestamp: 46d4a362
Exception Code: c0000005
Exception Offset: 00006855
[COLOR=blue ! important][COLOR=blue ! important]OS [COLOR=blue ! important]Version[/COLOR][/COLOR][/COLOR]: 6.0.6001.
Locale ID: 3081
Additional Information 1: 0a48
Additional Information 2: 34e5d017764bf976bf7edf77752074ae
Additional Information 3: 4086
Additional Information 4: 3283ef3488b4654c1e2d8ca7e3ee01ad

Since reading this I have downloaded Malwarebyte's Anti-Malware and it found Malware by the name of Password stealer. I have since removed it and... Read more

A:Task Manager failure + Malware issue (Have deleted the Malware I believe)

Hi Devilpope,

May be the issue of the task manager was also caused by the malware, if "yes" and then you may need to do a system restore to the condition it was before malwares infected your system.

Do this if you think it got this problem during the malware infections.

Read other 3 answers

I've been seeing here that Emsisoft Anti-Malware is free for 30 days, after 30 days of use will be able to scan and remove malware that it finds?
I do not want to use it with real-time protection, I have ESET for it, I use it as I use Malwarebytes Anti-Malware Free, only for weekly scans!
Thank you

A:Emsisoft Anti-Malware Free'll be able to scan and delete the malware?

Download emsisoft emergency kit

Emsisoft Free Emergency Kit: Portable malware scanner | Free removal of Viruses, Bots, Spyware, Keyloggers and Trojans

it's scanner without real time, full free

Read other 3 answers