Over 1 million tech questions and answers.

Google has blocked me because of my malware activity?

Q: Google has blocked me because of my malware activity?

I tried to get onto IE ...google is my homepage and this is the message I get:

Malware activity warning

Your ip is blocked because malware activity from you.
Check your PC for any maleware/spyware activity
If you are still having problems, please install any antispyware/antivirus/antimalware software!

I can't even log into my gmail because of this. It says:
Your IP seems to belong to malware/spyware botnet.

Please check your PC with antimalware/antivirus software
I do have another problem that when my computer starts up I get a little warning about services and controller app....once that's done, I get an error that says "NT authority system shutdown" or something like that and a countdown. I've managed to get rid of that window without it shutting down by typing "shutdown -a" in the command window, but I can't open ANYTHING on my computer. No internet, no files, NOTHING. I can't even shut it when it gets like that. After about 9 -12 time of me getting mad and disconnecting the power, it eventually doesn't come on and things run normally until the next time the computer is shut down again.

Anyway, I'm not sure if the two are related, but here's a logfile from Hijack this....any help is greatly appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:39 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SB5SCORINGPRO\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gatece.com/gatevc.php?id=icn01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
O2 - BHO: (no name) - {9D60D901-113B-4BEB-ACAD-C02FAE6B0F62} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [BisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User 1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://crystalclearimages.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://crystalclearimages.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: emqsys.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

End of file - 14524 bytes

Read other answers
Preferred Solution: Google has blocked me because of my malware activity?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)


Hello all
I have a windows 7 computer that was infected by the Internet essentials virus. I used rkill and malwarebytes and got rid of the virus. But now I can't get to google or gmail, I can get to any other site I want even google maps. It doesn't redirect - it just says "IE cannot display the webpage" I've read so many posts and tried a variey of things--I've check LAn settings "automatically detect" is checked; I checked driver lmhosts - nothing there; I used ccleaner??

Thanks for any advice

A:Google blocked after malware removal

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers


My colleague brought me his computer. Apparently, he uninstalled AVG and at some point installed Malware Defense. I've deleted all traces of Malware Defense from the registry and unregistered the associated dlls but I cannot successfully install AVG9--the installation always fails due to not responding in a timely fashion. I can install Spybot 1.62 but it won't launch in either regular nor safe mode. Likewise I can install Malwarebytes Anti-Malware but it won't respond.

Any ideas?



Read other answers

Hello all
I have a windows 7 computer that was infected by the Internet essentials virus. I used rkill and malwarebytes and got rid of the virus. But now I can't get to google or gmail, I can get to any other site I want even google maps. It doesn't redirect - it just says "IE cannot display the webpage" I've read so many posts and tried a variey of things--I've check LAn settings "automatically detect" is checked; I checked driver lmhosts - nothing there; I used ccleaner??

I ran the GMER - it would not let me uncheck the IAT/EAT System - libraries checkboxes were grayed. nothing came up when finished

Thanks for any advice

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Debbie at 20:20:24.85 on Sun 03/13/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6815 [GMT -4:00]
AV: PC Tools AntiVirus Free *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\... Read more

A:Google blocked after Internet essentials malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

Read other 7 answers


I am new here; I was googling around on a friend's computer to try to figure out why my desktop's internet is dead. In the process of doing so, I encountered this site, and believe it is a good place to seek aid.

Last week, I wound up opening a box of trojans by accident; one of many things which hit my computer were the Security Essentials 2010 malware.

I removed it successfully, had functional internet for a few days, but during thel ast of those days, while running one extra full-system scan via avast! just to be sure, it reported a "helpers32" file in my c:\windows\SysWOW64\ folder to be a virus.

Vindictively, and possible naively, I deleted it.

Upon reboot, my computer was no longer able to get online. via cmd -> ping google.com, I can successfully ping outside my box, but website / steam / skype / etc will not connect. HJT reports that this file is required to get online, despite multiple google searches leading me to believe it was in fact put there by a virus.

This line leads me to believe my previous statement:

"O10 - Broken Internet access because of LSP provider 'c:\windows\system32\helpers32.dll' missing"

Despite it saying that the file belongs in system32, the one I removed was removed from windows\SysWOW64. There may have been another one in system32 removed by my antivirus stuff, but I don't have a record of this.

My HJT log follows; Any help would be appreciated!!

Logfile of Trend Micro HijackThi... Read more

Read other answers

Google redirects, IE blocked, missing program associations, Malware Bytes and various other scanners not workingReferred from here: http://www.bleepingcomputer.com/forums/t/326343/google-redirects-ie-blocked-missing-program-associations/ ~ OBHere are my logs.DDS (Ver_10-03-17.01) - NTFSx86 Run by Kyle at 15:46:11.97 on Wed 06/30/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3326.1858 [GMT -4:00]AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Sophos Anti-Virus *disabled* (Outdated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeC:\Windows\system32\svchost... Read more

A:Google redirects, IE blocked, missing program associations, Malware Bytes and various other scanners not working

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 14 answers

I'm currently typing this from my phone, because IE and Chrome on my desktop aren't working at all.
It started right after I had turned my computer on and tried to open chrome. It opened, but wouldn't load anything. I tried IE and got the same result. I even tried the steam browser to see if it would work.
I restarted the computer and checked Chrome's settings and nothing worked. I scanned with MBAM and it found nothing.
My Internet is fine, I can use skype, steam, and anything else Internet required. Browser activity is blocked somehow.
Any help?

Read other answers

Well, I keep getting port scanned by h[I]tt[/I]p://, according to my firewall. It appears to be a proxy crawler, and have MANY lists of proxys and some lists of dangerous government IP's. Is this a risk? If so, what would be the proper way to report it? These are the rest of the port scans:
Sun, 03/03/2013 19:33:40 - UDP packet dropped - Source:, 25409, WAN - Destination:, 50101, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:15:12 - TCP connection dropped - Source:, 443, WAN - Destination:, 16695, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:18:02 - TCP connection dropped - Source:, 5228, WAN - Destination:, 16526, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:19:20 - TCP connection dropped - Source:, 443, WAN - Destination:, 16585, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:20:42 - TCP connection dropped - Source:, 443, WAN - Destination:, 16776, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:23:58 - TCP connection dropped - Source:, 443, WAN - Destination:, 16788, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:25:20 - TCP connection dropped - Source:, 443, WAN - Destination:, 16763, LAN - 'Possible Port Scan'
Sun, 03/03/2013 20:27:08 - TCP connection dropped - Source:, 39987, WAN - Destinatio... Read more

A:Suspicous Network Activity Blocked

it is a Philippines spam server
just forget about it, your firewall is doing its job & blocking them

Read other 1 answers

I read through the pre-posting guidelines and attempted to download DDS, but this virus or whatever is on my computer has completely blocked my ability to download anything that could potentially help you guys help me. If there is a workaround that someone knows that I don't, please let me know. I'll do whatever I need to to get this damn thing off my computer. It started as a Google redirect virus which I seemed to have under control, and then all of a sudden my data usage spiked today and everything that I normally use to control something like this stopped working. What I can tell you is that when I saw my data go out of control, I opened my Task Manager and found dllhost.exe *32 COM Surrogate running and it will not stop. I had never seen that running before. I'm just at a complete loss. I really hope you guys can help me and if not... walk me through a complete and utter wipe, reformat, whatever you call it.

A:Google Redirect Virus, DDS download blocked, TDSSKiller.exe blocked

I was able to run DDS and TDSSKiller from a jump drive. No reaction from TDSSKiller - no threats found. Log from DDS is included below. I should probably also say that this was run in Safe Mode since I didn't know if it would even work in a regular boot. If I need to run it in a regular boot, let me know and I can post that log as well.
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_24
Run by Mamabear at 1:19:17 on 2013-12-06
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8183.7384 [GMT -5:00]
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
============== Pseudo HJT Report ======... Read more

Read other 21 answers

The avast has kept popping up saying "Malicious URL Blocked" and "Malware Blocked". These will show up about every 5 minutes and come in groups, if that makes since!
Thanks for your guys' help!

A:Avast popup "Malicious URL Blocked" and "Malware Blocked" from svchost.exe

Hello basinski I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 15 answers


I keep getting disconnected and blocked from using even LAN on my computer. This happens whenever I visit certain websites. For instance, I registered on a website that has me "kept signed in", and whenever I click to view that website, it partially loads and then for precisely 1 minute any network activity I try (like visiting my router configuration page, or clicking refresh or home to load google) will not go through. Only after that one minute is over with, I can resume browsing that website; however, if I leave it for too long, and then return, the same thing happens.

I've also noticed that if I sign out of that website and then visit it, that disconnect issue won't happen.
But that isn't the case with other websites, as they require no accounts and are just pages with news and other stuff.

I tried uninstalling and reinstalling my ethernet drivers, tried flushing dns, renewing ip, releasing and some other /cmd stuff that I found online.

This also doesn't happen on any of the computers connected to my router (although, they are all using wireless - I am using cable to router).

I'm on windows 7 x64, using a realtek ethernet card, Nod32 security suite (think it may be the settings on this thing? I set everything to super safe settings so I don't get any dumb viruses). Windows is updated (well, at least 3-4 months ago it was updated). I have no idea what is causing this, and why the precise 60 second interval until I regain... Read more

A:Keep gettind blocked from any network activity for 1 minute

I don't know for sure but would give odds that it's your security suite. I think there is a Removal Tool to clean up after it. If you had another one that (or the two combined) could also be the problem.

Don't see how the router could be causing this, but would be worth checking by testing with another computer connected by ethernet.

Read other 1 answers

Every few mins norton antivirus is blocking a virus. PLZ HELP ME DELETE THIS!10/9/2010 3:53 PM,High,An intrusion attempt by USER-4CD304AADD was blocked.,Blocked,No Action Required,HTTP Nukesploit P4ck ActivityIm running windows xp btw.Sorry guys...CD emulation programs has and will be disabled. I also have malwarebites anti malware and norton installed. I was able to scan malwarebytes and remove 2 threats, one called avdrn.dat, which I read someone else removed and it worked for them. not for me. PLZ HELP!!!Heres the logs requested:DDS:____DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 17:35:27.84 on Sat 10/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.989.513 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exeC:\Pro... Read more

A:Nukesploit P4ck activity blocked by norton every few mins. PLZ HELP!!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers


After reading the original post on this subject, I ran the antivirus programs recommended to no avail.

Your help is greatly appreciated.

Attaching the log from Malwarebytes:

Malwarebytes Anti-Malware (Trial)

Database version: v2012.10.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18975
German Delgado :: LUCY [administrator]

Protection: Enabled

10/24/2012 5:14:04 PM
mbam-log-2012-10-24 (17-14-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286326
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\German Delgado\Local Settings\Temporary Internet Files\Content.IE5\8GJ83O0Q\freeeditor_1787[1].exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.


A:Ebay: Detected Suspicious Activity. Your account has been blocked

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 21 answers

Windows 7 Home Premium x64
Firefox 35
Desktop, wired connection.
Issue summary:
I am suddenly blocked from both a site I visit frequently (craigslist) and a site I've never been to previously, apparently for too many hits from my IP address.
I see network traffic that I did not initiate and do not expect.
Issue noticed 1/16. Started when I went to browse craigslist and got a notification that my IP had been automatically blocked.  I have contacted them as directed but have not heard back yet.
This IP has been automatically blocked. If you have questions, please email: [email protected]
The same message is returned when I go to other craigslist cities, eg newyork.craigslist.com.
I went to this site (I'm researching a video card upgrade) and it also returned a message indicating I've been blocked

Woah! You're being rate-limited.
Our servers have seen too many requests from you recently.
Please enter the code below to continue browsing

I had never been to that particular site before and have now been twice, the second time to get the URL and paste the error message.  I can access both sites fine using Hola Unblocker and setting it to report that I'm browsing from the UK.  I ran my IP address through a couple blacklist checks and it doesn't appear to be blacklisted, so I wouldn't... Read more

A:Network activity in Rainmeter but not Task Manager; IP blocked from some sites

Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Step 4: Adware Removal Tool. Download Adware removal tool to y... Read more

Read other 12 answers

I am getting a small pop up every few seconds from my Norton software in the bottom right corner of my screen that says Norton blocked an attack by: System Infected:  Trojan.Viknok Activity 3.
I have already ran virus software updates and a full scan.  Ran Norton Power Eraser but it came back with a message about reinstalling the windows software dll file or something to that effect.
If I click on view details, it shows an ip address and some other info about the virus.
I am not a computer pro so would appreciate any step-by-step instructions on how to get rid of this.  Thank you!

A:Trojan.viknok Activity 3 popup blocked message from Norton

Hi lego7191 and Welcome to BleepingComputer ! I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post. Next time when you get another pop-up from Norton alerting you about the infection can you click View Details and copy and paste the contents into your next reply. Also can you tell me What operating System you are running and if it's 32 or 64 bit.If you are unsure what you're system bit type is..... click Here for help. 

Read other 23 answers

Norton Power eraser had already dealt with RPCSS.dll when I had NortonLive try to fix my computer, I had noticed slight "lags" when scrolling on FB.  The computer restarted itself the other day and Viknok was blocked repeatedly again by Norton.  I am sending this in safe mode with networking.
 attach.txt   14.23KB
 DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Scott at 11:14:34 on 2014-07-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.7043 [GMT -4:00]
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.... Read more

A:Experiencing Trojan.Viknok Activity 3 blocked with installed Norton Program

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop For 32bit system or For 64bit system Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+=======Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the proc... Read more

Read other 11 answers

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

A:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 7 answers

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you


Read other answers

I had the Advanced Virus Remover virus and I got rid of it through Malwarebytes, but now I am stuck with all of my google searches being redirected, many google services, like gmail, are unable to be accessed, and I am getting random pop-ups from directdr.com that show up at any time while browsing the internet. Help would be greatly appreciated.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 20:33:16.04 on Fri 12/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.130 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSe... Read more

A:Google Search Redirects, Pop-ups and Google Services Blocked

I fixed the problem myself through the use of your site's HiJackThis guide and Combofix. The google redirects and google services being blocked was cause by the multiple hosts, and the rest was taken care of by Combofix. You can lock this now.

Read other 2 answers

Well Hello.. I have a rather (run of the mill) medium budget laptop from ACER.. It works very well.. TOO GOOD.. XP-HOME. Installed is Windows One Care, AVG anti-spyware pro, and Sypbot.. I also have Highjack this, Microsoft Baseline Security Analyzer, and Microsoft Self - Extracting Tools at my disposal... One Care and Avg I run frequently and they show no infections..spybot show the same cookies and tags and repairs them ok,, untill last time.. sypbot ran out of memory?? About that time I noticed that when I would hibernate the laptop, the next day the battery would be dead and the computer would have to start from normal boot..; I have wireless in my house (about 4 Months).. MY THEORY: malware is on my computer, wakes it up and goes online and (PLAYS) untill the battery is dead and shuts it down.. what do you think and where do I start looking???

A:possible Malware activity

Read other 7 answers

Hello helpers! I am back after a couple years of trouble free computing. Earlier this week, I got some "threat prevented" pop-ups on my computer, and while I had an IE8 window open these tabs would open of their own volition. I should have gotten down some of the details, but I figured that AVG was blocking whatever threat was trying to get into my computer. Since then, I have not seen the pop-up tabs in IE8. However, a couple of days later, my computer did an automatic restart and update, and I noticed that some of the appearance features of Windows had changed - different fonts and colors. Today, I got an e-mail from Facebook telling me that someone attempted a login from a machine and place they did not recognize - and a place where I am not located - so between the three things taking place - I know suspect that something malicious may have gotten into my computer. I have done the DDS scans and the reports are attached. Thanks for your responsiveness in advance. StephenDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.7.2Run by Stephen Clossick at 16:16:15 on 2013-08-18Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.930 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-8... Read more

A:Suspected Malware activity

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/504833 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 4 answers


My compaq notebook running XP pro is behaving oddly for last few days.
1) Sometimes (mostly when browser, firefox, is being run) I see very quick new program appear and disappear in split second on the task bar.
It disappears so fast that I can't know what it is.
2) At least once daily (twice often/thrice occasionally) Microsoft Debugger come on with informing that "svchost.exe" has performed somethiing wrong.
It gives me option to debug ( that's of no use; when clicked, opens up MS Visual Studio)
3) With very few exceptions, after every shutdown, Windows Audio Service (set to run Automatic) does not start up and has to be run manually.

Please help.

I am posting the Attach.txt
 Attach.txt   11.29KB
  0 downloads and Atk.txt
 Ark.txt   5.91KB
  0 downloads as directed in the preparation guide.



A:Virus/Malware activity

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 11 answers

Unfortunately, I am back, this time with what appears to be malware or rootkit activity. I am having issues with google redirecting and also have Live Security Platinum 3.6 that keeps popping up, saying I'm infected and wanting me to buy their stuff. Live Security also affects MSE, saying that its out of date and wont allow me to run it. I ran Superantispyware yesterday and thought I deleted Live Security, but it just popped back up for the first time since then just now. I just ran it again and it found 206 threats so it appears to be re-spawning.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:52:40 PM, on 7/31/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\... Read more

A:Help with malware/rootkit activity

Read other 16 answers

Hello there. I was recently given this computer by a previous owner. I am worried that there may be some malware or some sort of issue with this computer. Recently the antivirus detected a worm but i'm not sure it actually did anything about it, and despite some scans showing up clean there was a program referred to me by a friend[gmer] that seems to be picking up what I think it perceives as oddties although I do not know if that is actually the case.

Another issue that just started yesterday that has come up is that my mouse is acting up. It sometimes goes into this mode where it spazes out and clicks all over the screen which open and closes programs. This is happening with my touchpad and any other mouse I use so far. I have only used wired mouses so far.
Basically I am mostly just suspicious, that there could be something wrong/on this computer so just to be safe I would like this computer to get the all clear from you guys after a very thorough inspection so I know that its clean.

Thanks again

Edit- Here is some system information from TSG sysinfo that the site requested I run and post with my main topic post

Tech Support Guy System Info Utility version
OS Version: Microsoft® Windows Vista&#8482; Home Premium , Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3573 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - ... Read more

A:Possible rootkit/malware activity,

Read other 6 answers

New topic as requested by moderator.The DDS log is attachedSince I cannot copy/paste, go to this forum to read about my problems and whats going on with the system!Thank you!!!http://www.bleepingcomputer.com/forums/topic344151.htmlDDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 23:31:32.12 on Mon 08/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21============== Running Processes ===============C:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG9\... Read more

A:Rootkit/Malware activity, NEED HELP!

@robertsxeAs you have an active response on your same issue at MB forums, I am closing this topic here.REF your topic at MalwareBytes forums http://forums.malwarebytes.org/index.php?showtopic=61609

Read other 1 answers

Ok, for the better part of three days now I've been trying to fix my computer on my own with no luck. I'm now at my wits end and need some help from you experts. Whenever I boot up my computer, once I reach the desktop there is an icon that appears in the task bar telling me, "Your computer is running slowly due to malware activity" or "Internet attack attempt detected." Whenever I try to close the little warning a pop-up attempts to direct me to some AntiSpy Knight site. It never loads because my internet connection is screwed into the ground and can't load anything because of whatever this is. Then randomly a BSOD will overtake the screen giving me any number of messages from "BOGUS_DRIVER" to "NO_MORE_IRP_STACK_LOCATIONS" and others. Can someone please help me? I don't know what else to do...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:56:39 PM, on 11/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Softwa... Read more

A:BSOD, malware activity, etc. Please help!

Hi PCHelp4me,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.The log shows your computer is hit by multiple sources of infection and it might be even more heavily infected than the log shows. You might want to limit internet connection to disinfection as the infection might download more junk. To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1:The logs will be created in this folder: C:\rsit

Note 2:The tool takes not more than one minute to scan the system.Please update me about the current condition of your computer or any other information that might be handy to know.You might want to save this page on your favorites, so you can find it again when you return.

Read other 15 answers

Good Morning all,,,,,Google searches redirect me to unassociated web sites mostly adds and such and sometimes keystrokes dont regester in my browser !
been messing with this for 3 or four days now and have not seemed to clean this completely FYI I have posted to the log forum,as stated in my other post I picked this monster up by opening an attachment on a spoofed fedex email on yahoo (dont open that attachment)webroot warned me immediatly but i guess too late, did malwarebytes scan and it eliminated a few things,ran spybot s&d it found a few things but apparently it is still in there somewhere,,At this point I am about to panic,,,
I have sysutilities process explorer and see suspicious file file activity Mshta.exe which i know is legit but it is being called by svchost and points to a website which i am fairly sure is illegit or I would never visit it ???? I killed this process tree but it came right back.
Any input with this would be greatly appreciated

patiently waiting

A:Google redirect and suspicious activity

Hello and welcome,you will be helped in a few days as we are backlogged. ALL logs are replied to so we ask your patience.Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you... Read more

Read other 1 answers

"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22,gzip(gfe),gzip(gfe)"

what does this mean??
PLease help I run win 7 and not and applewebkit or safari does this mean that someone else is watching my email ?? please help

A:Activity Information-google chrome Help PLease

You're fine. Everything you see is proper. If you'd really like, I can explain each part, but I think you just wanted to be reassured no one was spying on you.

Read other 1 answers

Hi there,I'm having some recent trouble where my computer seems to have constant harddrive activity. I can't tell why its doing it and was hoping someone could help me see if its malware.DDS Below. Attach and GMER log attached (*NOTE* I ran GMER and the log was completely empty):The gmer link from the preparation link didn't seem to allow me to choose all the options. Only Services, Registry, and Files, So that may be why its empty?DDS (Ver_09-12-01.01) - NTFSX64 Run by Johnny at 12:55:34.38 on 13/03/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.4094.2226 [GMT -8:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Prog... Read more

A:Constant Harddrive activity (possible malware?)

Hi again,I think I figured out the noise problem. A hardware fan issue, but if someone does happen to take a look at these logs it would be appreciative to know what they tell.

Read other 4 answers

My grandfather recently purchased a used PC from someone. It's running Windows 7 Professional SP1. I think he clicked something he shouldnt have because he is getting alot of ads in new tabs pertaining to whatever the website he is currently on is about (for example, going to techsupportforum brought ads for computer help). It has changed his home page to Yahoo search and there was an extension on his Chrome called PulseBuy I believe? Or something similar.

I've installed avast, comod, and malwarebytes and ran scans on each. Avast detected a PUP and Malwarebytes detected over 160 entries. Since running all the scans, he was still getting these pop ups and avast was displaying a threat detected pop-up about every 10 seconds. After turning off Java in the browser I've had no more warnings from avast but I haven't done much browsing outside of coming here to post this.

Required logs below and attached:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by Home 10 at 19:20:43 on 2015-07-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16382.13848 [GMT -7:00]
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86... Read more

A:Typical adware / malware activity

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.


If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]


Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it w... Read more

Read other 12 answers

Hello, I've got this weird " bug " lately where i open google crome with the icon in the activity bar and a new icon shows up next to it, one is a google crome startup icon, and one is the accual browser (will set up a picture)


How do i fix this so it only is one icon when i use the browser:
like this:

A:My google crome icon in the activity bar is weird!

Hi there ... Have you tried to unpin all of them .. What happens when you do that ?

Read other 9 answers


I'm new here, I'm desperate and I'm at my wit's end. I am running Windows 7 Professional 64-bit with Symantec Endpoint Protection.
I have recently been infected by the Windows Restore malware but I was successful in removing it with Malwarebytes' free Anti-Malware, and I also recovered or "unhid" all of my files using a program called Unhide.exe. Despite being rid of the Windows Restore virus my Start Menu remains empty. Is there a way to restore it?
What's more important is that I continue to get notifications from Symantec stating

"[SID: 23621] System Infected: Tidserv Activity detected. Traffic has been blocked from this application: C:\Program Files (x86)\Internet Explorer\iexplore.exe"


"[SID: 23615] System Infected: Tidserv Activity 2 detected.
Traffic has been blocked from this application: C:\Windows\System32\svchost.exe"

as well as messages like this...

"Traffic from IP address is blocked from 11/5/2011 12:37:27 PM to 11/5/2011 12:47:27 PM."
I tried researching the Tidserv trojan but I can't find much about it and I have no idea how to get rid of it. It constantly redirects my google results and I fear that the longer it stays the worse the infection will get.
Also, I can't seem to enable my Windows firewall or adjust any settings on Symantec. I tried doing a system restore but was unsuccessful because Symantec is running and I can... Read more

A:Tidserv Activity 2 detected, google redirects

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 21 answers

Redirected from: http://www.bleepingcomputer.com/forums/topic393308.html/page__st__15__p__2227169#entry2227169

Over the past couple of weeks I have been having Google search links redirect me to random advertisement sites and have constant notices by Kaspersky that svchost.exe is trying to download from malicious websites. When I check my task manager svchost.exe will usually be the program taking the highest amount of memory and a good chunk of CPU.

I have run MBAM, SAS, Spybot Search and Destroy, Trend Micro Housecall. I've also tried to run the GMER program twice as evident in the linked thread, however as soon as the scan is done the program freezes and I have to close it, both times were around 15 hour scans and both were run in safe mode.

Here is my DDS Log:

DDS (Ver_11-03-05.01) - NTFSx86
Run by Miles at 14:28:55.82 on Mon 05/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1125 [GMT -5:00]
AV: AVG Anti-Virus *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System... Read more

A:Google Redirects, Malicious svchost.exe activity

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename, BEFORE saving it, to svchost.exe Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 18 answers

Google-detected suspicious activity....I had typed in a search term and google asked me to type in some letters for security purposes. Said suspicious activity had been detected from my IP address and they wanted to be sure this was really me. (FYI-the search term was new england health exchange) so i dont think what I was searching for had anything to do with it. I am concerned someone has hacked into my wifi. Is there a way i can see recent activity? The other thing that makes me suspicious is that i was blocked briefly from my FBOOOK acct yesterday for the same reason...FB said they detected activity from NY...I have not been to NY!. I changed my password but today when i got the google message i was really concerned! I have never even heard of google search having this safety measure (i am glad they do but never knew about it). I ran a scan and there is no virus on my computer (i have ms essentials).
1. how can i investigate activity and protect myself?

A:Solved: Google-detected suspicious activity

Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next reply.

IMPORTANT: Do not fix anything

Read other 1 answers

Hi there,

I posted for help on another forum but my thread was ignored but I hope I can get help on this forum.

I currently have Google redirect problems.

Please show me how to fix this.



P.S I had tidserv activity, TDSS viruses several weeks ago, which may still be there.

A:Google Redirect virus + Tidserv activity

Hello and welcome to TSF.

Your post at BC was not ignored, rather closed due to lack of response from you.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers

Hello! I did have this problem before, i did make it work " i thought " by unpin the icon and pin the running icon, Unfortunatly te problem is comming again after using the new pinned icon 2-5 times so i have to re-do it again, Is there another way to fix this?
This is how it looks, one is the start icon and one is the " program Running Icon "

A:My google chrome icon in the activity bar is weird!

If you unpin both the icons, run google chrome from Start menu and pin the running icon, what happens?

Read other 1 answers

So, I was doing some e-mail work at home, and I use google chrome and was logged into my gmail account that we use for my work. I then closed that window and proceeded to go to a webpage in a different tab. This was not a google search. When I returned to the google page I noticed I was still logged in. Checking my account I noticed that things I had searched for in chrome had been saved.to my search history.

So, my question is. If I was logged into my work's google account, even if I was not on a google page, and was at home, would my boss still know what web sites I went to. for example, in a new chrome window or tab, if I typed XYZ.com in the address bar, would my boss know that I went to XYZ.com?

Thank you.

Read other answers

I haven't clicked on anything to actually install the anti-spyware program, but I do get the Fake security pop up and the warning page every time I open IE or Firefox.
Preliminary HJT log below. I did download some other programs that were supposed to fix this, but nothing picks it up. Any help is much appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:18, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Symantec Ant... Read more

A:Insecure Internet Activity - Zlob g Malware

I ran combofix and here is the log - not sure what else I may need to do. Also, which of the anti-spyware programs can I download since I know have a bunch of them on my system?

ComboFix 08-12-17.01 - SWaxler 2008-12-17 19:03:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -5:00]
Running from: c:\documents and settings\swaxler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\swaxler\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\swaxler\Application Data\Google\dfxovl.dll
c:\documents and settings\swaxler\Application Data\Google\klnxv19819115.exe
c:\documents and settings\swaxler\Application Data\Google\T-Scan
c:\documents and settings\swaxler\Application Data\Google\T-Scan\n.gif
c:\documents and settings\swaxler\Application Data\Google\T-Scan\t.gif
c:\documents and settings\swaxler\Application Data\Google\T-Scan\y.gif
c:\windows\IE4 Error Log.txt

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))

2008-12-17 18:41 . 2008-12-17 18:41 <DIR&... Read more

Read other 1 answers

I have another post about this, as I originally believed it was a RAM problem causing my random lockups, BSODs, and slow boot, but I have been advised that it may be a malware/virus infection. I tried running the ddr.scr and ddr.pif, but it says it will not work with my version of windows. I am running Windows vista 64 bit OEM legit copy from newegg. I did a scan with NOD32, but it doesn't pick anything up and I don't really believe it's that thorough. I'm looking for advice on the next step to detect anything that may be astray in my computer.

A:Suspected malware/virus activity Vista x64

Just an update on this, I came back to my computer today and a message was on my desktop that read "Optional update delivery is not working" "You may be a victim of software counterfeiting" , And had a link to go to a microsoft website and validate my version of windows. I clicked the link and it proceeded to tell me that my copy of windows is not valid, even though I most definitely bought it from Newegg.com, and have only installed it once. I validated it right after installing, not sure why it's asking me to do so again.

Read other 1 answers

Hi all!

I'm having some computer troubles and I need guidance from one or more of you kind people. I have a related thread going in the A/V Am I Infected? forum (http://www.bleepingcomputer.com/forums/topic228133-15.html). It gives some other background information that might be helpful to read in understanding my problem.

So, to give a quick overview - currently I'm trying to rid my desktop (and then later I'll be working on my laptop) of any malware it has - which according to MBAM is quite a few nastys and they seem difficult to remove thus far. I've had my desktop for about 8 years now; never formatted, never backed up (yes stupid, I know). Obviously I want to rescue these files in the (likely) event that I need to format my computer.

I'm not sure if I've accidently set off a payload, am botted, or a hacker is directly and actively messing with my system (I *was* "borrowing" a wireless internet connection for about a week...), but my desktop system stability has gotten substantially worse - to the point that I am now unable to boot my computer. So I need help in making it somewhat usable so that I can at least save some of my 8 years worth of files.

This problem began after I had run an MBAM quickscan in normal mode after disabling my wireless connection and clicked on ok to reboot the computer - because certain files could not be deleted until reboot. It shut down normally but then windows would not load (I couldn't even make... Read more

A:Boot problem - most likely due to malware related activity

If you have an open post in any of the malware forums....you probably should not be posting issues here until your malware situation is resolved.

And you certainly should not be anticipating or making changes to your system...based on what someone other than the malware folks suggest.


Read other 4 answers

does bitdefender have this capability, similar to kaspersky and webroot, which undo changes when they detect that malware has been active?

Read other answers

My laptop has got infected with TDSS Rootkit. The google and bing searches get redirected to random sites. Windows 7 does not shutdown/restart correctly. Also, the Windows 7 startup repair does not work. After startup repair fails system automatically restarts sometimes or I have to choose a previous restore point. I suspect the virus has come while downloading a C/C++ compiler cygwin. Also, it suddenly changed all my files and folders on C: to "Hidden". Although I could unhide all of those, the other problems still persist. I have run the AVG antivirus software, however it has changed some of my local temp files which is further giving shutdown problems. I have attached the DDS logs. The operating system is Windows 7 Professional 64-bit, so I have not run the GMER.

Please help.

A:Malware Activity: TDSS Rootkit infection

Hidid you previously find the link and run unhide.exe yet, if not, please run it:Please download Unhide.exe to your desktop:Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the hidden attributes from all the files on your system. Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.NEXTPlease download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan

Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Read other 10 answers

Okay, I posted over at MalwareBytes but nobody is helping me, so someone help please!

So brief run through.

PC has had multiple viruses and 1 rootkit in the last year, all removed successfully.

A yesterday it started acting up, and now here is what is wrong.

AVG and Spybot both show up totally clean with a system scan
ComboFix and GMER don't do anything and GMER won't even run now.
GMER found this, highlighted in red, HIDDEN SERVICE [BOOT] cbnosn.sys
MalwareBytes won't open, runtime error 372
All desktop icons are stuck and you can't drag anything
Cannot copy/paste most text
Taskbar doesn't have windows for programs
Can't System Restore!!
CryptSvc will NOT run
Network connections won't show
Cannot even manually start processes
services.msc Window is all funky

Pretty much all signs of a rootkit or something.

I don't know what to do! PLEASE HELP!

A:HELP! Rootkit/Malware activity, CANNOT RESTORE/REMOVE!

Hello.Please follow the instructions in This Guide starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.~Blade

Read other 5 answers

I am pretty sure something nasty is living in my computer.  
What I'm seeing:
1. Firefox started showing random black rectangles  and bars when displaying pages, like parts just would not render.  
2. the W3C Link checker refused me, saying I'd made over 500 requests in 10 minutes.
3. there is a general slowdown - pages take a  long time to load (friefox, chrome, IE) and now programs on the computer (outlook, notepad++) are taking longer to start up.
4. The firefox favicon disappeared from my system tray. 
5. Google says they are seeing unusual behavior from my IP address and made me put in a captcha before allowing a search. "Our systems have detected unusual traffic from your network. This page checkes to see if it's really you sending the requests, and not a robot" - I got this after performing two searches.
6. I'm having to click twice instead of once on website links.  I didn't change any settings.
7. possibly irrelevent but maybe related to #2 and #5, I'm seeing new kinds of spam. (more porn instead of ads)
What I've done:
1. ran a malwarebytes free version fullscan, found nothing.
2. ran a housecall free version full scan, found nothing but never closed either.
3. running avast 10.3.2225 as my regular, on-all-the-time protection, nothing reported.
4. just in case the firefox slowdown was not a virus I also ran disk cleanup and defragmented the hard drive.  
5. ran super anti spyware free edition, which found only tracking cookies.
I'm... Read more

A:Google says unusual activity from my IP. Browser not rendering correctly

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 5 answers

Hey there! Before i start i'd like to express my gratitude at any and all attempts to help me with my situation My computer's security used to be pretty good, however recently ive been hit with a number of attacks. In the the past 2 weeks ive been infected with Fake antivirus software on more than 3 occasions. Initially i was able to remove it manually with the help of an online guide, until the other day where i got infected with one which removed my Regedit and task manager privlages. I ran Malwarebytes and it managed to fix the constant fake antivirus popups etc however i started getting some weird notifications and i noticed my connection speed and general speed of my computer is at an all time low!Note: After that most recent attack i realised my firewall wasnt up to the challenge, before i was simply using the windows firewall as my norton antivirus ran out not so long ago, however i downloaded and installed Comodo to cope with the problem.Heres some of the problems ive been getting- Regular "Host Process for Windows has stopped working" and "Application layer gateway" notifications, too frequent to ignore.- Also sometimes i get another notification similar to the one before only for randomly named exe files (Alarming!)- Ive noticed that a number of times my desktop does a weird change where the start bar and explorer window change, sort of to the older style like seen in windows 98 etc. This kinda made me think it was rootkit rel... Read more

A:Google Redirects and Suspicious activity, possibly a Hijack

I cant see where to delete this topic, but just to let you all know ive decided to format my drive and start over. It's about time i cleaned this thing up ;) Thanks for looking anyways!

Read other 2 answers

Suddenly today, both my iphone and macbook bring up a page saying "our systems have detected unusual traffic from my computer network...." when i google something on Safari, and then make me enter a captcha to continue with my search to make sure I'm "not a robot". Since its happening on both, (and they have totally different IP addresses and no connection to each other outside of the fact that I am logged into stuff on safari on both laptop and phone), i figured something is going on with my wifi. I cleared my all my website data and history completely on iPhone and tried again and it still happened. What does this mean and how do i fix it? it is annoying but not a problem bc i can still search, but i am concerned someone's hacking into my wifi. I live in an apartment building where wifi is included, so i would have to get them to figure out how to fix it if something is wrong, which will be a whole ordeal. What should i do? help
- Anna

Read other answers