Over 1 million tech questions and answers.

Virus affecting computer; Windows XP Professional, Hijackthis log included

Q: Virus affecting computer; Windows XP Professional, Hijackthis log included

Hello,

A few days ago I got some kind of virus that was creating pop-up windows for "Horny Matches", "Ariana's Weight Loss Story", and several fake Spyware scanners. At times I've managed to control these with Adaware, Spybot, etc., but they keep coming back.

Here is the log file from Hijack This. Any help is appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:03 AM, on 2/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\notes\ntmulti.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
\HB-PESTPATROL.northamerica.wileynet.net\PESTDELETE\eaps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1134407821\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\nprindle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usportal.wiley.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134407821\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMCActiveDetection] C:\Program Files\Common Files\PestPatrol\ppmcactivedetection.exe "-ini:C:\Program Files\Common Files\PestPatrol\ppmcad.ini"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [9c0dcf72] rundll32.exe "C:\WINDOWS\system32\amyslpjh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nprindle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [A00F3EB807.exe] C:\DOCUME~1\nprindle\LOCALS~1\Temp\_A00F3EB807.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\nprindle\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.blackwellpublishing.com
O15 - Trusted Zone: *.wiley.com
O15 - Trusted Zone: *.wileynet.net
O15 - Trusted Zone: *.wileypub.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wiley.webex.com/client/T26L/training/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wiley.com
O17 - HKLM\Software\..\Telephony: DomainName = hob.wiley.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{086FD2BE-1BEE-4197-9639-1A7262D33B96}: Domain = wiley.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wiley.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wiley.com,northamerica.wileynet.net,wileynet.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wiley.com,northamerica.wileynet.net,wileynet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: AMINIT.dll knsnbj.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11233 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Virus affecting computer; Windows XP Professional, Hijackthis log included

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 86.8

Something is masking itself as a search engine, when it's actually a bogus site. Can anyone help me? -Andrea

Logfile of HijackThis v1.97.3
Scan saved at 11:03:15 PM, on 11/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\HP CD-W... Read more

A:Virus affecting browser? hijackthis file included

Read other 9 answers
RELEVANCY SCORE 69.2

Everything was fine and one day i was searching on aol (dsl connection) and i clicked on a website and all these pop ups started and they wouldnt stop until i brought up the task manager and closed out of aol then after i restarted cause my comp was running real slow my router box wasn't working all 4 of 5 lights are out. The internet one blinks but thats it, now i cant sign on to aol, get on internet explorer using the cable dsl internet service or any type of internet access period unless i use dial up on aol. i reset the router, released and renewed my ip addresses.still only 1 blinking light.please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:06 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symant... Read more

Read other answers
RELEVANCY SCORE 68

Hello,

Some type of trojan horse and/or other viruses have infected my computer to the point of me not being able to do anything on it. When signing onto the computer, it imediately says 'svchost.exe - DLL The application failed to initialize because window station is shutting down.' Also, there was an error message about rundll32 but I didn't catch it in time before the computer shut off. Even in safe mode, after about 5 minutes I get a warning messege that comes up and says my 'Virtual memory is too low. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied' and then my computer slows to a crawl then shuts down or goes to a blue screen. Our Norton Antivirus software is out of date so we were just about the install a new one when all of this happened. Originally I found that I had prunnet.exe on my computer and was able to get rid of that one file manually, but it didn't really change much, may not all be gone. I checked the Task manager to see what process is taking up so much virtual memory. Everything looks fine for about 4.5 minutes, then the winlogon.exe begins to take up all of the memory in a matter seconds. I've also noticed that there are multiple svchost.exe as well... I checked in C:\WINDOWS\SYSTEM32 for winlogon.exe and it has an icon of a window pane with a blue night sky and cresent moon behind it. I also found a winlogon.exe file in C:\WIND... Read more

A:Trojans/viruses affecting computer, details and HJT log included

Read other 8 answers
RELEVANCY SCORE 67.6

I have seen the virus on my parents computer that displays a countdown timer from a minute and then restarts the computer. This has only happened a handful of times, and i have seen it twice. Also lately a file called mspool.exe has been trying to access the internet, I have been alerted by Norton Personal Firewall of this, but every time i tried to block it and tick the box to always block it would come up again about 5 minutes later. I deleted the file yesterday.

I have just finished running:
Adaware 6
Ashampoo Win Optimiser Platinum Suite 1.2
Spy Bot - Search and Destroy
Spyware Blaster

=======================================================
Here is my HijackThis Log:

Logfile of HijackThis v1.97.7
Scan saved at 15:59:46, on 18/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Per... Read more

A:I think my parents computer has a virus (HijackThis log included)

I suggest you run a couple of online virus and trojan scans.

Go Here to do an online virus scan with HouseCalls:

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Go Here and run Panda virus scan.

Go Here and run the Trojan Scan.
 

Read other 1 answers
RELEVANCY SCORE 67.6

We had a virus on the kids computer this weekend. I downloaded Superantispyware tonight on our computer, ran it, deleted 70 adwares and when I opened my hotmail account and went into one of my messages and clicked to open a message board I visit often, McAfee found a trojan that cannot be cleaned. BraveSentry. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 9:13:52 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\a... Read more

A:2nd computer has BraveSentry Virus - Hijackthis included

I ran a McAfee scan and it didn't come up with anything so now I can't find the popup from McAfee that said I had the trojan. When I tried to clean it, it said it could not be cleaned along with deleted. I would appreciate any help with this.

Thanks, Ravin
 

Read other 1 answers
RELEVANCY SCORE 66

Whenever I use Mozilla Firefox and go onto www.google.com and search something every search result i click redirects me to some random site. Usually the sites have an ip address in front of it that the site it self or just a random site like shopica.com. I also get a invalid floating point opperation error when running some programs. The only way i could acess this site was through a proxy because of my current issues.

Have tried to download Spybot and Malwarebytes' Anti-Malware but i can't get them to run. Spybot cant update for some reason.
I have run scans with AVG Anitvirus, CCleaner, and other removal tools,but with no success of removal please help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:37 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgt... Read more

Read other answers
RELEVANCY SCORE 64

Running Windows XP, service pack 2
I have a trojan zlob ssqrsPGX.dll file in my Windows\System32 and memory that I can't seem to get rid of. I found it with SpyHunter scan, then went into DOS and tried /u ssqrsPGX.dll but it said the file had to be registered first.

I tried to download and install the free versions of AVG and Spybot S&D to kill it, but the virus seems to affect the Windows Installer program. I then tried to fix the Windows Installer by running msiexec/ regserver , but that didn't work either. I'm comfortable going into the registry to manually do whatever is needed.

So there's my story, and here is the HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:51 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Te... Read more

Read other answers
RELEVANCY SCORE 63.6

A couple of days ago my PC was infected by this virus, and I followed a forum in CNET.com and ran MBAM, Spybot, Adaware, SuperAntiSpyware etc. and then ran this HijackThis 2.0.2, and the log is attached herewith.

Still I am not able to go online via "Chrome" and not able to use Outlook and get mails from Hotmail.com.

Any help will be greatly appreciated.

Thanks
yengee01

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:05 PM, on 1/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Lavas... Read more

Read other answers
RELEVANCY SCORE 63.6

Hello,

Thank you helping me! I really appreciate all your time, effort, and expertise.
A couple days ago, my girlfriend's computer started experiencing all sorts of problems. I now have it in my possession and am trying to fix it.

It is a Dell Inspiron 6000 running Windows XP.

Symptoms:

a fake anti-virus program called Anti-Virus PRO (?)
a fake program called Windows XP Protector Deluxe
a lot of pop ups warning me of Trojans and viruses, and asking for me to purchase their program (obviously a scam)
the computer slowed down
the internet no longer works
the computer says there are no longer any wireless devices on the computer

I tried fixing it on my own, and found all sorts of different programs that seem suspect, including sysguard, yivabada.dll, b .exe (with a space), abcdefg.bat, yokarokake, iehelper.dll, Zango, XP Protector Deluxe, etc.

I am currently having problems getting the CD drive to work; since the Internet didn't work, I had to download a few programs on a different computer, burn them, then put that disc on the infected computer, etc.

Currently, the main symptoms are no internet, no wireless devices, a sketchy CD drive that barely works (edit: i can get it to work, with a few restarts, multiple attempts), and a general slowness/bugginess.

HiJackThis log:
--------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:51 PM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Ex... Read more

A:Malware/Virus Problem - Windows XP - (HiJackThis log included)

Nevermind, I figured it out on my own by looking at other threads.

Thank you for everything you do!
 

Read other 1 answers
RELEVANCY SCORE 59.6

Windows XP, SP3

Well, let's just go down the list of problems that I'm having, shall we?

-A Trojan crypts.dll installed many other viruses (or so I think) onto my computer, causing odd side effects.
-System Restore will not proceed after hitting the "Next->" button at the final step
-Spybot S&D will not boot, not even in Safe Mode
-Malwarebyte's Antimalware will not install, not even in Safe Mode
-AVG has been able to identify files with the following name: \\?\globalroot\systemroot\system32\UACjmvfbuyp.dll ; I believe these files are causing a script to run in Firefox and IE *ONLY* and *ONLY* on sites like google, yahoo, etc. It prints a 3000 px by 2000 px white screen in front of the actual information. AVG has put these files in the virus vault, but I cannot see them in Explorer and do not believe they're deleted.
-Internet hiccups are prevalent with Firefox and occur somewhat with Google Chrome, though not as frequently.
-I do not have System Restore points to go back to
-The only other site reporting on this odd Google problem is a Russian site which mentions the same file.

So...I'm lost, here. I need help desperately. While the main problem causer is gone, the side-effects are killing this machine.

Please help.

A:Odd virus(es?) affecting computer

Hello, Please try running SAS. Better in safe mode but we'll take a normal scan to get a log.From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from t... Read more

Read other 5 answers
RELEVANCY SCORE 58.8

I have been helped on this site before by gringo_pr with good results so I am back for another diagnosis.
My laptop has recently become more obstanant with regard to browser performance, here are just a few of it's mis-behaviors:
Home Page Stuck on About:Blank
Redirects take over on occasion
Browser seems sluggish
 
Please advise on a good plan for testing and debug.Thanks.
 
 

A:Likely have Malware or a Virus affecting my computer….

Hello dino_buys I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 29 answers
RELEVANCY SCORE 58.8

Hello,
 
I am using a computer that runs on windows 7. When I use google chrome to browse the internet, popups will randomly appear as I surf the web. In addition, when I click on links, I am sometimes rerouted to a totally different page that shows me unwanted offers and ads. I ran AVG antivirus and discovered 3 infections: 1) Trojan Generic, 2) EID_pe_iscorrupted, and 3) Win/DH.
 
Please help to completely remove these threats and secure the performance of my computer once more. If there is any additional information needed, please let me know. I greatly appreciate your time and effort. 

Thank you,
 
Ahmed

A:Malware/Virus Affecting Computer

Hello Ahmed and Welcome -
 
First, is there a reason why you use Chrome browser, as I have found it to be the least safe so far.
Note : This is only my personal opinion after using it for a short time recently.
 
Download all programs to Desktop and Copy and Paste all requested logs.
At the end of each post please tell us if things have improved or gone bad (you are my eyes).
Please read the posts first, and post back if you do not understand fully ...................
If you have any questions, take your time and ask them as we go.
 
 
If you have these first few programs installed, delete them and install fresh versions - I can also help with that .
 
 
First - This is a "basic clean-up" and we will go further depending on your answers.
Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.
 
Important: Do not reboot your computer until you complete the next step.NOW : Be aware that this program will reboot your system, so close all open programs first.
 Please download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button only once to ensure accurate reports
AdwCleaner will b... Read more

Read other 2 answers
RELEVANCY SCORE 58.8

I've had this HP for about a year and it definitely has a problem I need solving! I don't have any virus protection at the moment and plan on buying one as soon as I have the money to do so (another post really). I downloaded a malware anti-virus program from this site, and rkill while in safemode. Still my internet browswers always have the same website (search conduit) and have the same pop-up with I click on links (proresync.com). Please help me!!!!
 
 
 

A:Malware or virus affecting my computer

There are several free anti-virus programs which you can use now. See Choosing an Anti-Virus ProgramI recommend you choose and install one ASAP, then perform a full scan.Then download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.1. Download and run RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.Important: Do not reboot your computer until you complete the next step.2. Download and scan with AdwCleaner created by Xplode.-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).3. Download and scan with Junkware Removal Tool created by thisisu after allowing AdwCleaner to restart the computer.4. Download and scan with Malwarebytes Anti-Malware.

Read other 2 answers
RELEVANCY SCORE 58.8

About a week ago, my computer began to act strangely; to start, it suddenly switched my startbar from the usual WinXP blue to the old gray version. Over the next few days, it has thus far:

- killed my internet by setting all address fields to values such as 0.0.0.0
- muted my audio, making it look like there was none loaded on or plugged in
- slowed my internet after I got it working again through "release/renew then re-enter address fields manually" method

I think Malwarebytes Anti-malware got rid of part of it, but the startbar problem still remains. Here is the Hijack This log that I recieved from the scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:32 AM, on 6/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Layner\Local Settings... Read more

A:Virus affecting parts of computer. Help!

Hi and Welcome,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries [/QUOTE]
 

Read other 3 answers
RELEVANCY SCORE 58.4

Hello, a few days ago I noticed a virus or spyware on my computer. At first it seemed to only affect the Internet (both IE and Firefox browsers). My homepage is Yahoo! and when I search for something instead of it going directly to the search results within a second like normal, it takes much longer and at the bottom I can see it saying connecting to analytics-google.com and other sites as well. Then, when I click on a search result link, instead of it taking me there like normal, it takes me to a bogus search engine site or a completely unrelated site such as www.chatterbean.com and at the bottom I see it connecting to dozens of sites I've never been to. If I try to go to a virus scan site, or even BleepingComputer it says Failed to Connect. I thought it was only an Internet problem until yesterday when my computer completely froze and I had to unplug it. When I turned it back on, it wouldnt load. It would get stuck at the starting Windows XP screen. I had to try many times to finally get it back up. Can anyone help me!? Here is the HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:46:57 PM, on 30/09/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.... Read more

A:Virus Affecting Internet And Sometimes Freezes Computer

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 2 answers
RELEVANCY SCORE 58.4

I have a Dell Vostro 1700 laptop running windows xp sp3. Recently i became unable to open .pdf attachments in my emails. I sent the computer to my IT guy and he "removed the virus" and re-installed adobe reader. Since then I am having multiple problems. The computer is running much slower than before, IE locks up on me periodically and I have to stop the process to close and reopen. I am also getting an error at bootup stating: Error loading C:\Documents and Settings\Me\Application Data\sbaue.dll. The specified module could not be found.

A:Malware/Virus affecting performance of computer.

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download a... Read more

Read other 4 answers
RELEVANCY SCORE 57.6

I'm running windows xp sp2. adaware, spybot and virus scans haven't helped. I deleted MSAgentXP, but there is another trojan downloader that I couldn't fix. when I start up I get a "data excecution prevention" message that says windows has closed this program: and the program is windows explorer. I can still stay on for a while before it reboots itself, but I'm not sure what to do now. hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 9:34:38 PM, on 11/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Valve\Steam\Steam.exeC:\WINDOWS\system32\esent97.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wpd_ci.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\syste... Read more

A:Virus, Hijackthis Log Included, Neither Adaware, Spybot Nor Virus Scans Have Fixed It

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

Read other 3 answers
RELEVANCY SCORE 57.6

Received call from 800# saying they were HP Support.  Re: virus in my computer that will affect hard drive and software.  Do not know what to do or who to contact.  Is this for real?

A:800 # call from HP re virus in computer affecting hard drive...

Hi: No one from HP, Microsoft or any other reputable computer manufacturer will call you out of the blue and tell you there are problems with your PC. It is a scam, pure and simple. Some of these scammers are very clever.  Some have found ways to get your personal info, such as your name, phone number, and even info from the PC such as the model number and serial number. HP is interested in folks that receive these calls, to report the incident to them for investigation. http://support.hp.com/us-en/document/c05404707

Read other 1 answers
RELEVANCY SCORE 57.6

Hi,
I have downloaded and installed the latest Spybot S&D (and updated it) yesterday and it did remove clientman but I am still getting other spyware popups. I guess there is someting in my startup which is causing this...

Can someone please look at my Hijack This log and give me some clues:
Logfile of HijackThis v1.97.7
Scan saved at 10:17:35, on 08/06/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Tekelec\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\s3hotkey.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\TFncKy.exe
C:\WINNT\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Progr... Read more

A:Spyware still affecting me - HJT log included

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINNT\system32\mskhhe.dll
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINNT\system32\msibkd.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINNT\system32\msjfbl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll (file missing)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [omafgjnixyski] C:\WINNT\system32\ozkyyzww.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKCU\..\Run: [Cadenza] C:\Program Files\CommonTime\Cadenza\CdzSvc.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

Close all applications and browser windows before you click "fix checked".
Restart in safe mode Click here to see how
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files".
Now clic... Read more

Read other 2 answers
RELEVANCY SCORE 56.8

Both my laptop and desktop had trojan horses running wild. I have the avg antivirus, which scanned and said that I had a trojan horse generic10 on the desktop... then my wireless connection started going haywire, and now won't connect wirelessly(both laptop & desktop), so I've had to find a long enough ethernet cable to get online from modem... downloaded hijackthis program, will attatch log, would appreciate if somebody could make some sense of it and maybe what i need to delete to get my system back to some sort of working order... I was able to download STOPzilla, and ran that program, it found baracudanew and iexplor? so i had the program remove/extract it? I'm thinking that there's something either in that registry thing that those trojan horses have attatched themselves to, and they continue to, but I'm not knowledgeable enough to go further than this at this point. I would really appreciate anybody that's able to help- thank you in advance!! lilneniHere is my most recent HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:17:39 PM, on 3/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC... Read more

A:Trojan Virus slowing down computer and affecting wireless connection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 56.8

Hi, all. I had gotten a virus on my computer a few weeks ago. I deleted the files, and it appears to be gone. But, I think the virus caused some problems with my computer. The format of some of my files is changed. I notice it on Microsoft Word files. Before the title is a horizontal squiggle, and then a dollar sign. Then I try to open the file, I get a message saying something like Windows can’t import the specified format. This feature is not currently installed, would you like to install it now. When I say no, the document comes up like this--- < € €* € €« € €ó € €\ € €¹ H

Does anyone have any advice as to this situation? I really don’t know what to do. Thank you. I see the document format didn’t copy correctly. There are lots of little square blocks in between those other characters.
 

A:Question on Virus Possibly Affecting Format of Computer Files?

Read other 9 answers
RELEVANCY SCORE 56.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:08:18 PM, on 8/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\SMART Board Software\SMARTBoardService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPE... Read more

A:Virus On My Laptop..affecting My Internet Speed And Slowing My Computer

im not trying to bump but ive been waiting for help since 26th August 2008 - 02:13 PM.

Read other 7 answers
RELEVANCY SCORE 56.4

Computer randomly reboots occasionally...and this time when i started it up there were TONS of open programs and what not. A lot of them were actually familiar (for whatever reason)...but for example my Windows Live Messenger icon was different. Long story short is a lot of strange things are happening so I am suspecting a virus or something. Already did a SpyBot search.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:20 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Im... Read more

Read other answers
RELEVANCY SCORE 56.4

I recently followed the instructions at http://www.pchell.com/support/smitfraud.shtml to remove "winantiviruspro2007" or "winantivirus2007," I can't recall which. But my computer is still slow.

So, can someone look at my HijackThis log and see whether my computer is clean? I posted a week ago, but no one answered the thread. Thanks for your help.

-----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:15:37 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1... Read more

A:Do I have a virus??? HijackThis log included!

I seem to have 3 posts on my topic, but no message responses. And I have a little check mark next to my topic title. Does that mean I'm "okay"?
 

Read other 1 answers
RELEVANCY SCORE 56.4

Logfile of HijackThis v1.99.1
Scan saved at 3:46:54 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nstmp\uninstall.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - ... Read more

A:Virus help (HijackThis log included)

http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
· Close all windows before continuing.
· Double-click Look2Me-Destroyer.exe to run it.
· click the Scan for L2M button, your desktop icons will disappear, this is normal.
· Once it's done scanning, click the Remove L2M button.
· You will receive a Done Scanning message, click OK.
· When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
· Your computer will then shutdown.
· Turn your computer back on.
· Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
==================
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· Run the application
· Click on scanner
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This ... Read more

Read other 3 answers
RELEVANCY SCORE 56.4

This is on a friends computer. They have gotten some kind of virus that redirects them when going to certain websites,it kept the download from showing up on Firefox's website, and many other things. I have installed Firefox and it is working, but I would like to remove and fix what is still on there. Here is my log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:11 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
... Read more

Read other answers
RELEVANCY SCORE 56.4

Well, I went and done it... Got infected and I can't get rid of this SOB

The most annoying thing is the false popup telling me I am infected and that I need to buy some bogus virus prog. Not to mention the popups... oh god the popups!

Logfile of HijackThis v1.99.1
Scan saved at 7:04:24 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Windows\xpupdate.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svcho... Read more

A:BS 2.0 Virus Hijackthis log included

Read other 9 answers
RELEVANCY SCORE 56.4

Somehow I have the b.exe virus on my computer. I ran malwarebytes in safe mode and it found three files that I removed, but when I started up again, b.exe was still trying to run. I got errors saying it failed to initialize, but after abotu 5 minutes it showed up in my task manager.

Here's my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:43 AM, on 10/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\AOL\1230587634\EE\aolsoftware.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 56.4

I've seen similar problems posted everywhere, but proposed solutions have not worked for me. It first appeared as Antivirus 2009 but I am unable to find and/or stop that process. Currently, I am being re-directed in my browser when I click on a link from a search engine. Additionally, I am unable to go to antivirus/tech help websites and am unable to run antivirus programs such as Malwarebytes, Spybot, etc. Also unable to restore system to prior date. Trend Microscan runs on my OS but it cannot quarantine all the problems. I'm running XP Professional SP2, and here is my log from Hijack This. Greatly appreciate any help and what/how I should remove things.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:53:36 PM, on 11/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system3... Read more

A:Malware Affecting Internet Browsing (Log Included)

hi,still need help? we will start with malwarebytes. link and directions:Please download Malwarebytes' Anti-Malware to your desktop:http://www.besttechie.net/tools/mbam-setup.exe * Double-click mbam-setup.exe and follow the prompts to install the program.* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform FULL SCAN, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txtafter you do the above, rescan and post a updated hjt log also, along with the MBAM log

Read other 1 answers
RELEVANCY SCORE 56

Windows Vista 6.0 SP 2IE 8Dell Inspiron 1525For the last couple weeks, I haven't been able to access the Windows Update page, or many other control panel functions. If I click on Windows Update, Backup and Restore Center, or Security Center (among others), nothing at all happens. I've tried to go to the Windows Update webpage, and it looks like it will open, then immediately closes. If I go to the Microsoft Update page, it's completely blank. No error codes or anything, just blank. Also, on Facebook, I can't "like" anything, or comment on someone's status. Several of the games aren't working either.Probably not coincidentally, at about the same time, I started getting a message at startup saying something (I don't remember the exact phrasing) about reverting back to the original theme, and also one that says "Runtime Error - Program: C:\Program Files\Dell|Media Direct\PCMService.exe" stating that the application has requested the runtime to terminate it in an unusual way. I'm guessing that a virus or trojan has caused a conflict?When this started, I was running AVG Free, not sure which version. When an AVG scan didn't pick anything up, I switched to Norton 360, which didn't find anything either, so I re-installed AVG Free 9.0. In addition to AVG and Norton, I've run Spybot Search and Destroy, Malwarebytes, Windows Defender (although I get an error when I try to update it). None of them h... Read more

A:Virus affecting Windows?

Hello, this may not be a malware issue. I need to ask if you now have more than one active antivirus running.Let's do one online scan.ESETHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the ESET Online Scanner button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.Double click on the Eset Smart Installer icon on your desktop.Check the "YES, I accept the Terms of Use"Click the Start button.Accept any security warnings from your browser.Check Scan archivesPush the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push "List of found threats"Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the "<<Back" button.Push FinishIn your next reply, please include the following:Eset Scan LogNOTE: In some instances if no malware is found there will be no log produced.

Read other 5 answers
RELEVANCY SCORE 56

Think I got a nasty malware or virus issue. My computer appears to lock up anytime that I try and open IE. My machine is an older Dell Dimension 4500 w/ 256 meg ram, windows XP, SP 1 (I know, I know, should be runnin SP2 but I've had a host of issues everytime I tried to load SP2 to my machine.) If I start in Safe Mode w/ networking I can connect pretty much as normal and use the internet. I have highspeed cable service w/ Comcast and I run McAfee, SuperAnti Spyware and another malware program that the name escapes my mind right now. I've run a scan using these programs several times but to no avail. Haven't tried to use "Restore" yet cause wasn't sure if that would totally remove any spyware or virus issue that I may have, lookin for input on what to do. I'm entering this thread from my PC at work. I used 'Hijackthis' to capture the following log. Thanks in advance for any help I can gety w/ this:

jknouse
=======================================
Logfile of HijackThis v1.99.1
Scan saved at 5:24:42 PM, on 10/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\Syste... Read more

A:Need assistance (possible virus) Hijackthis log included!

Read other 16 answers
RELEVANCY SCORE 56

I'm new and my computer has been infected with a nasty trojan virus neither my anti-virus program nor ad-aware will detect/remove. i removed the other spyware the trojan managed to install but in my task manager i still notice some suspicious programs running and i keep getting popups from time to time telling me to download security software.

i did some research and found out i have the conime.exe trojan but am not sure if it's safe to just straight delete. the following log was performed AFTER i shut down the conime.exe via task manager. help on what to do? thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:54:51 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ORB Networks\ORB\Cab\MainRegister\CabDirectory.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\atmclk.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common F... Read more

A:help! trojan virus... HijackThis log included

Read other 15 answers
RELEVANCY SCORE 56

I caught the virus while using msn (windows live messager), a friend of mine just sent me a message saying "was it you that took this pic?" and then followed with a file called "img1756.zip"... without even thinking i downloaded the file and opened it only to realise that it was a virus...

the virus automatically sents out the virus to all my contacts, each with a different "catch line"... i have performed a number of virus scans and adware/spyware scans... i dont know even i still got the virus... can someone please help and tell me if i still got it?

PS - i am using window vista... and Thank you for your time!
=======================================

Logfile of HijackThis v1.99.1
Scan saved at 7:17:07 PM, on 9/08/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live... Read more

A:Please Help...Caught a MSN virus... HijackThis log included...

Everytime when i run HijackThis and try to use it.. there is a warning box that pops up saying that i have a problem with a file hosts - C:\Windows\system32\drivers\etc\hosts... i have tried manually deleting the file but the problem still exists...

Also when i run the AVG virus scan, the scan detects that there is a reading error to that same file...

i have no idea what is going on and i hope someone can help me!!

Thanks!!~~
 

Read other 1 answers
RELEVANCY SCORE 56

My boyfriend has contracted something horrid in his computer. We have run Microsoft Anti-Spyware, AdwareSE (with updated definitions), multiple Norton Scans and there is still a bunch of icons on the desktop that don't have an identifiable process associated and no properties (they are for dating and gamling and rx-shite), and his IE homepage keeps getting rerouted. Below is the HihackThis log. Please help!!

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:24:42 PM, on 11/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Norton AntiVir... Read more

A:Malware/Virus Help?? (HijackThis log included)

Read other 9 answers
RELEVANCY SCORE 56

Hi. I have encountered some sort of virus that i can't seem to get ride of. When I got to add/remove programs there is a strange file named with symbols. If I remvoe it it just comes back. I was able to run spybot and ad-aware but the problems that it deletes just comes back. My symantec software was unable to open because it said it was in use by another program, but I was finally able to run it by changing the file name. I found many infections and quarantined them, but my main problem is still present. If anyone can help me that would be GREAT!!!

Here is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:38 PM, on 11/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\W... Read more

Read other answers
RELEVANCY SCORE 56

I have recently been having trouble with my computer and I suspect it is due to a virus.I will at times (when I'm not even actively surfing the web) have full-screen popups occur, the "wave" setting in my volume control gets turned to 0, and the icons in my taskbar are all switched up (some programs show other programs icons)Below is my HijackThis log, any help anyone can provide is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:18:43 PM, on 7/14/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\Ati2evxx.exeI:\WINDOWS\system32\svchost.exeI:\Program Files\Windows Defender\MsMpEng.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\system32\spoolsv.exeI:\WINDOWS\System32\svchost.exeI:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeI:\Program Files\Bonjour\mDNSResponder.exeI:\Program Files\Java\jre6\bin\jqs.exeI:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeI:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeI:\PROGRA~1\McAfee\MSC\mcmscsvc.exei:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exei:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeI:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeI:\Program Files\McAfee\MPF\MPFSrv.exeI:\WIND... Read more

A:Virus trouble? (HijackThis log included)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hello, I'm using Vista Home Premium. I have at least 1 virus. Possibly more. Task Manager has been disabled. All antivirus programs won't run. Windows updates won't run. I have slaved the hard drive to another computer and ran a virus scan on it, and it didn't find anything. I'm out of ideas. I'm worried I'll have to reformat, but then I'll lose all my personal files, and that's something I don't really want to lose. I'm including the HijackThis file. Thank you so much for your help!

Unforunately my HijackThis is too longer, so I'll post it in 2 posts.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:57 PM, on 9/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Andrew\AppData\Roaming\_4f514a42bfe74ce2b0cd08f523764de4\down\chimeraD001.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Users\Andrew\AppData\Local\Temp\winlognn.exe
C:\Users\Andrew\AppData\Roaming\_4f514a42bfe74ce2b0cd08f523764de4\down\chimeraFu000.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Andrew\AppData\Roaming\svchost.exe
C:\Program File... Read more

A:Virus removal - HijackThis included

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: C:\Windows\system32\hs3i7jdgfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hs3i7jdgfd.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hey i have got this trojan virus on my laptop and i really wanna get rid of it. I have made an AVG antivirus scan and it finds a list of 10 infected files: 1.dlb, 5.dlb, vx1.game, vx2.game vx4.game, vx6.game, vxt1.game, vxt2.game, vxt3.game and vxt4.game. My joblist have also been disabled and a small tray icon keeps popping up telling me to click on it to download an antispyware program, but i think its a part of the virus...

Here the latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:03:22, on 19-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Programmer\Rainlendar\Rainlendar.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Programmer\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDO... Read more

A:Trojan virus (Hijackthis log included)

bump
 

Read other 2 answers
RELEVANCY SCORE 56

Hey guys ive been having the same prob the past days so here is a log file of hijackthis...
 

A:Msn Virus help needed(HijackThis log included)

So the past week i cant login to my MSN and i always get the same error code:80072efd so i have the suspicion that its a virus...
Here is the HijackThis log.Thanks in advance
 

Read other 3 answers
RELEVANCY SCORE 56

A week or two ago, my Quicken and iTunes files disappeared. I haven't had anything happen since then, but when I look at what is in the Startup tab in SystemConfiguration, there's a blank line. My tech savvy friend said this means I have a virus.

I've tried running (and updating) my virus/spyware scans, but they don't pick anything up. I've run: ZoneAlert, Adaware, and Spybot. I also ran Hijack This. Can anyone tell me if a) the blank line really means I have a virus? b) if there's any other explanation for the missing files (e.g., a hardware problem?) and c) if my Hijack This file looks alright or has picked up something bad?

You know you're at a loss when you don't even know if you *have* a virus...
 

A:Possible virus? HijackThis file included

Hi, Welcome to TSG!!
I don't see any anti-virus program running. Do you need a suggestion for a free one?
 

Read other 3 answers
RELEVANCY SCORE 56

I hae this file that mcafee and spybot keeps detecting....i delete it with the said antiviruses but it keeps coming back when computer is restarted... I had a massive spyware infection and just recently fixed it i dont know if its whats left over or if it might start again... the name of the files start with skynet and then a bunch of letters and numbers.. its 2 .dll files and 1 .sys file.. heres my hijack this log.. thanks for the help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:35:42 PM, on 8/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\AIM\aim.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS... Read more

A:Please help...hijackthis log included...skynet virus.

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hey there,

I accidentally downloaded virus on my other computer and, regretibally, opened the file.

Now it restricts me from going on the internet, etc and highly likely it has a keylogger.

I suspect it is the keygen.exe virus link : http://www.file.net/process/keygen.exe.html

Will post a hijackthis log to help.

Please help me remove this malware from my computer any way i can.

I am running Avast and Malwarebytes at the moment.
I have deleted all keygen.exe files in my computer, but there are probably more.

Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:59 p.m., on 23/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
... Read more

Read other answers
RELEVANCY SCORE 56

Hi my pc is performing really slow....i don't have an anti virus and the problem is that it won't let me downlaod any...here is the hijackthis log......thanks guys!

Logfile of HijackThis v1.99.1
Scan saved at 3:53:20 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenge... Read more

A:Possible Virus slow PC..hijackthis log included.

A slow system is not always a sign of infection, though not being able to download an AV is something to look into. Your log shows no sign of active infection.

What exactly happens if you try to use one of these links:

Here are a few very good free Antivirus products which are available:AOL Active Virus Shield (powered by Kaspersky Antivirus)
Avast!
AVG
Avira PersonalEdition Classic
Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Let's have a look with another tool, also....

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the foll... Read more

Read other 1 answers
RELEVANCY SCORE 56

MSE claims to have repaired the following Trojans: Agent.XH, FakeRean, FakeSpypro, Small.NF, Lowzones.GN, AgentBypass.gen!A, Renos, Small.NBX. There were other things such as a browser modifier called Win32/404Search, a VirTool called WinNT/Xantvi.gen!A and Win32/SpySherriff and Win32/Winfixer. Then there was something called PWS:Win32/Daurso.gen!A and a virus called Alureon.H

I ran a safe mode scan but i obviously need an expert eye to make sure nothing is left. Here is my log:
 

A:Trojans and Virus. HijackThis Log included

Read other 14 answers
RELEVANCY SCORE 56

When using my keyboard I'm getting various letters displayed incorrectly.

Usually g,h,b and n that cause the problems, but at times it can be others.

g = gb for example

If I use the spacebar, sometimes it acts as the ENTER key

I'm sure it's a virus and have ran several scans with no joy. Typing this post has been somewhat difficult.

Here is the Log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:21, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
C:\Program Files\Mozilla Firefox\firefox.e... Read more

A:keyboad virus + HijackThis log included

Back to the top.

thanks
Kev
 

Read other 1 answers