Over 1 million tech questions and answers.

Lions and Tigers and Viruses OH MY!

Q: Lions and Tigers and Viruses OH MY!

Ok so I seem to have more infections than a hosiptal wing. I've tried doing the things I've seen in other threads but nothing seems to get cleaned at all. I've downloaded the following in my search for cleanliness:
Spybot Search and Destroy

Counter Spy
Ad Aware
Ewido Anti-Spyware
CleanUP!
Hijack This

I have ran all of these in normal mode and safe mode, and everything just keeps coming back. If I run the same one over and over it will always find something, it never comes back clean. I found this God send of a site by searching for the "Command Service Virus" and "TagASaurus virus" and tried to follow those streams. Nothing seems to be working so I thought I should start fresh and hope that you'll help me. Important note I've just installed a new hard drive and clean Windows XP before this happened. I have no data to lose if you think formatting my drive and reinstalling XP from the begining would do the trick I have no problem with that. But I've heard that doesn't always get rid of viruses.

Also I use Firefox as my browser.

Here is my Hijack this log file.

Logfile of HijackThis v1.99.1
Scan saved at 5:08:24 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\ms040431381355.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Matthew Stalcup\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\hwcil.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ssimvil.exe
O1 - Hosts: sky-labs.com
O1 - Hosts: nloads2.kaspersky-labs.com
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\nevhxri.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
O4 - HKLM\..\Run: [jagdvbd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jagdvbd.dll,srqkvof
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [awtda59b] RUNDLL32.EXE w00599b7.dll,n 003da5980000000200599b7
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ms040431381355] C:\WINDOWS\ms040431381355.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [mcvwm] C:\WINDOWS\System32\qnkeld.exe reg_run
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [0a789cec.exe] C:\Documents and Settings\Matthew Stalcup\Local Settings\Application Data\0a789cec.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\gpp4l37q1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Akhhkeeq.dll (file missing)
O21 - SSODL: DCOM Server 3335 - {2C1CD3D7-86AC-4068-93BC-A02304BB3335} - C:\WINDOWS\System32\3335_27.dll (file missing)
O21 - SSODL: dsuDYz - {50C45143-FA6E-FBE9-81EF-2EF671F82B73} - C:\WINDOWS\System32\kl.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I am in your obvious capable hands!

RELEVANCY SCORE 200
Preferred Solution: Lions and Tigers and Viruses OH MY!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Lions and Tigers and Viruses OH MY!

Read other 16 answers
RELEVANCY SCORE 75.6

Helping a friend with an infection of his desktop.  It has lots of viruses.  Attached is the logs from my most recent scans in Safe Mode.  Scans are coming up clean but I don't trust it.  What should I do next?
 
Automated Cleanup Engine
Starting Cleanup at 02/05/2015 - 21:19:25 GMT
 
Starting Routine> Removing c:\windows\apppatch\apppatch64\vcldr64.dll...#(PX5: E4B272B01063651C3B4804FD469D2C00ADF24910 - MD5: B6C1C50ADBE12000B62866D662A24230)...
Deleting File> c:\windows\apppatch\apppatch64\vcldr64.dll
Starting Routine> Removing c:\program files (x86)\cinemaplus-3.2cv24.04\utils.exe...#(PX5: B8B3A8A5EEE14F4D04211B2C27945E00FB44C658 - MD5: CC95BCFC967B1E5097038AD1B94AE09C)...
Deleting File> c:\program files (x86)\cinemaplus-3.2cv24.04\utils.exe
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsi65e0.tmp...#(PX5: 7BDC821BE6ADC4FA1A5301EF10ECCF0015E16639 - MD5: 41FF7A7A605DB143C289655232FED377)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsi65e0.tmp
Deleting File> C:\Users\ShadowReaperX2\AppData\Local\Temp\nsw9370.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsg92C3.tmp
Deleting File> C:\Users\SHADOW~1\AppData\Local\Temp\nsg92C3.tmp
Starting Routine> Removing c:\users\shadowreaperx2\appdata\local\temp\nsr9610.tmp...#(PX5: 51158FEF2E7002E2652204E1AAC5D900FED317EC - MD5: E56E2D0E9996AFA45F6D0A72294604D8)...
Deleting File> c:\users\shadowreaperx2\appdata\local\temp\nsr96... Read more

A:Lions, viruses and bears...oh my!

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 14 answers
RELEVANCY SCORE 74

o k guys im will try my best to help u guys help me by describing my problems best i can. the first time i encountered something was when the computer popped up a window suggesting i choose "yes or no" in order to clean up some trojans/viruses/spwares. it was the same window that displays fatal errors, but this time it looked a little off. i didn't think too much of it, but the next day internet explorer kept sprouting up with random and crude looking spyware sites. i don't even use internet explorer. IE has a weird toolbar on it "security toolbar 7.1" and if oft time goes to "www.savetheinformation.com" with the title safety center or security center. does www.htepo.com ring a bell also? Also it automatically installs "online security" and "live safety center" onto my desktop which when clicked leads to www.htepo.com. i've had ad-adware, spybot, windows defender, stinger, and even the windows malicious virus detector and i never ran into this before, but now its crazy. windows defender found win32/fotomo. i kno there are a lot of nasties and even when i feel like i get rid of a lot of them they come back. thx for ur help. p.s. my norton has been expired for a while now, but this was never a issue before.

Deckard's System Scanner v20071014.68
Run by user on 2007-11-09 13:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore ---------------... Read more

A:spywares, malwares, viruses, rootkits, lions oh my. :(

"BUMP"! please i beg u guys to help me. i will listen to anything u guys tell me. pls tell me if any of my steps were mixed up.

Read other 2 answers
RELEVANCY SCORE 52.4

Hello all, This is my first post. My brother in law guided me here and tells me that there are potential friends and super techs that may be able to help me rid my computer of bad guys. He asked me to post this HiJack This log and to await further instructions. If this post is twice on it is because I could not find it after I posted the first time.
 

Read other answers
RELEVANCY SCORE 51.2

My buddy is try to get rid of the Lions Search page from come up on his browser
he has Windows XP and use IE Exploer
please help and I will be doing the work for him
thank you
 

A:help getting rid of Lions Search page

Go into Control Panel>Internet Options and set the default page away from the Lions page to another, or to about.blank. Click Apply and OK before you close the form.
 

Read other 3 answers
RELEVANCY SCORE 50

AUBURN, Ala. -- Auburn All-Southeastern Conference linebacker K.J. Britt will undergo thumb surgery.
Team spokesperson Kirk Sampson said Thursday that Britt is scheduled to undergo surgery on Friday, a day before the 13th-ranked Tigers host Arkansas. It wasn't immediately clear how long Britt will be out.
Britt is leading the team with 23 tackles through two games, including one tackle for loss. He was a first-team Associated Press All-SEC pick last season and is a team captain.
Britt had 69 tackles last season, including 10 for a loss and 2.5 sacks. Freshman Wesley Steiner is listed as his backup.
Fellow linebacker Chandler Wooten had already opted out for the season.
More site:cffanstore.com

Read other answers
RELEVANCY SCORE 35.6

Dear tech,
I have run a BitDefender deep scan and several scans with AVG, Advanced System Care Pro, and IOBit Security 360 and still cannot get my puter to run as it should. I cleaned out several hundred photos and removed from hard drive and lost disk space rather than gained. Also was attacked by the GreenAV or GreenVA thing. That is when the problem really started.
I have a lot of programs that are running that I don't need but I don't know what is necessary and what is not. It seems that the CPU usage has increased unnecessarily and too many programs are loading at startup. I prefer Firefox browser but lately it is using a lot of cpu usage and causes puter to run very loud and interferes with my gaming and browsing. Puter freezes up a lot.
I have mcafee site advisor and for the most part I am careful even with the research sites I open. I am getting very frustrated with my puter. I do use Game Booster recently to help with gaming freezes, but I should not need to use it if puter were running properly. Should I seriously consider reinstalling Windows? I have been trying to remove the photos a few at a time which takes so long to burn on CD's as I am out of practice. As I have aged I find it more difficult to relearn my software.
I truly appreciate all the help you can give me and will follow your advice explicitly.
Thank you so much

A:Infected with Generic Trojan,2 Backdoor viruses, and 2 worm viruses

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 30 answers
RELEVANCY SCORE 35.6

I have run AVG and removed anything suspicious and then run Ad Aware and found 2 trojans and other less worrying items.
I have then run Hijackthis. Could a guru please have a look and see if they can see anything un toward please and any advice would be very much appreciated.
Thank you
Les

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:11, on 27/07/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

A:Rootkit viruses - reformat Hard disk or find viruses?

Read other 16 answers
RELEVANCY SCORE 35.6

Logfile of HijackThis v1.99.1
Scan saved at 5:21:42 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mstc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main... Read more

A:AIM spreading viruses and over 2000 viruses/spyware cleaned.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download and install Ewido http://www.ewido.net/en/download/
Double-click the Ewido icon on your desktop to run it.
On the top of the main screen click Shield. Click the word active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-sign...ll-current.exe
When you have finished updating, exit Ewido.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com... Read more

Read other 14 answers
RELEVANCY SCORE 34.8

Hi its been a long time since my computer has been slowing down. I didnt mind it at first but it has gotten into my nerves lately. earlier, only 2 folders were open, my pictures and a subfolder of it I recall but it has become really slow, as in super slow. it seems ok now but i encountered a new problem. it reboots in itself, it happened 3 times today. I also can't install yahoo messenger, tried it a couple of times but failed.

Recently, I just detected lots of viruses from removable disks. it changed the name of my flash disk to anti taga lipa are and added a virus called silentsoftech.exe, i also had a couple of trojans and also this brontok.n which is said to have prevented me from showing my hidden files and folders but fortunately, (I think) I have healed those viruses. and so as my antivirus says. by the way its kaspersky, I just changed from norton, it didn't even detected any of those viruses I have mentioned. i also have some problems with MS Word, when i open a document, only the application would open, I still need to click open and look for the document again. i think there are more problems, but these are the ones that I can remember. I'm still hoping that I could fix this without reformatting. Thanks

I ran hijackthis and got the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:59 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\... Read more

A:Multiple Viruses/ Removable Disk Viruses

bump!
 

Read other 2 answers
RELEVANCY SCORE 34.8

Ok I am new so i have no idea how to get or post a hijack this log so i'll tell you the info i do know. I am using windows xp, [email protected] trojan alert keeps popping. Spyware.cberlog-c alerts also. Internet explorer pops up saying i should download crap anti virus like "BestSellerAntivirus" didn't download. The sites were protectroom.com and system defender, and i get random ads sometimes. So I really need help this is really fustrating. I really don't want to reboot my computer. Oh also I run norton 360 and I have a fire wall and router firewall. I just saw this post so don't blame me i am having the troubles as adam929. PLease help me.
 

A:Viruses, spybots, and all these fake viruses and alerts

Read other 9 answers
RELEVANCY SCORE 34.8

I have had some problems with my computer over the past week or two. It started out with my noticing a Google Redirect virus. I thought I had solved the problem and then over the past few days I have caught exploit.drop.2, exploit.drop.6 and exploit.drop.7 viruses on my computer. Some programs I use will not open and my computer has shut off spontaneously, I've had the "blue screen of death" as well. I actually uploaded files I wanted to keep to a website in hopes of restoring computer to factory default settings but couldn't do it. When I went to restore the computer to the factory settings it took me to a screen for me to put in a username and password. It wouldn't accept my information, or any of the generic "admin", "password" logins, etc.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Steve at 21:04:04 on 2011-12-27
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3061.1526 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomL... Read more

A:Have had exploit.drop viruses, redirect viruses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434892 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other answers
RELEVANCY SCORE 34.8

hey guys! I know that viruses like these and malicious viruses really suck right? Well, you should know that I couldn't even open site while my unknown virus lurking around on my computer indetected. The truth is I actually accidently downloaded it myself, big mistake! But, I used a different computer and went here where I found a program called Emisoft emergency kit. I tried to add it to  the forum but it is too big a file, but then I uploaded the kit to a flashdrive and transferred it to my broken computer and activated the system. And behold! In just one simple scan it found the virus and fixed my computer. just to prove it I would like to state that I am typing this forum through my newborn computer!

A:hey guys! I know that viruses like these and malicious viruses really suck right

tell me what you guys think and what words can I use to make me sound smarter.

Read other 3 answers
RELEVANCY SCORE 34.8

I was watching The Screen Savers on TechTV the other day and this guy called and said that he had something on his computer trying to do a DOS(Denial Of Service) Attack on a Korean(I think) server. he said he had ran anti-virus and stuff. They told him that they could especially if you said to download it from anti-virus and that it is going to be very hard to erase. They told him to run some more stuff and if that didn't help that they would say to re-install windows. IS this all true is it possible for it to hide from anti-viruses? Also would it be possible for a trojan on your computer and even threw scanning your computer with spyware removal tools and Anti-virus for it to still be there? I'm a newbie when it comes to viruses and stuff so if anyone could help please help me.
 

A:Can Viruses/Trojans Hide From Anti-Viruses?

Read other 9 answers
RELEVANCY SCORE 30.8

Well folks, there I was sitting on the couch, and my girlfriend says, right out of the blue, "My computer isn't working."My god, was she right.After a lot of manual cleanup and other tricks, I've finally been able to get the machine to log on and not be completely overrun by viruses, and I even managed to install the free version of AVG and HiJackThis. But that's more or less where it stops.AVG scans, and detects 20 odd different viruses, and tries to remove them (deletion, from what i can tell) and then thinks everything is happy, until i restart. Then they're all back again.HiJackThis results in a STOP 0x0000000A error unless I run it in safe mode, so here's what I've got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:08:20, on 2007/07/28Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dllO2 - BHO: C:\WINDOWS\System32 ... Read more

A:Viruses. Lots Of Viruses.

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. You have quite a heavily infected computer, it is likely that we will need to perform a few scans before you will be completely clean from malware, so please bear with me.Download Brute Force Uninstaller.Unzip it to a folder of its own (c:\BFU).Start the Brute Force Uninstaller by doubleclicking BFU.exeNext to 'scriptfile to execute' you'll see a little icon like this: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste this:http://metallica.geekstogo.com/alcanshorty.bfuClick OK. Then click Execute to run the script.Wait for the 'complete script execution' box to popup and press OK.Press Exit to terminate the BFU program.Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply.Please include the Combofix log along with a fresh HijackThis log in your next reply.Thanks,Charles

Read other 6 answers
RELEVANCY SCORE 30.8

I'm currently running adaware and a full AVG scan on my sisters computer. At the moment Adaware has found over 230 new objects and it's still in C:documents and seetings

Now the big problem lies with AVG, every few minutes a window will pop up saying that a Virus (trojan downloader AS and stubby C for the most part) has been detected. Some of the files I can delete and others it says "No option available". There're also a bunch of pop up adds that open when IE is opened. I'll post an HJT log after the scans are done.
 

A:Viruses...lots of viruses

Read other 15 answers
RELEVANCY SCORE 24.8

My first issue was windows giving me this error at startup "Windows cannot find 'C:\windows\services.exe'. Make sure you typed the name correctly, and then try again"

I clicked ok and this came up "Could not load or run 'C:\windows\services.exe' specified in the registry. Make sure the file exsists on your or remove the reference to it in the registry" this makes sense due to the previous problem.

I thought I would just copy it over from system 32 to into the windows file but as it turns out services.exe is a sonar virus as well as "pukka". I was then refered here by POADB.

So here is my DDS.txt result:
____________________________

DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 12:35:16.20 on Sat 07/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.521 [GMT 2:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\... Read more

A:Help. Viruses!

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install th... Read more

Read other 10 answers
RELEVANCY SCORE 24.8

My experience with computers is very elemetary beyond what I use it for in school (I am a teacher). I have pop-ups and viruses left after I followed all of the directions before you are allowed to post. This is what I received from the Hi-Jack scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:57:59 PM, on 11/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:&#... Read more

A:Pop-ups And Viruses

Hi, Wellcome to Bleeping Computer Forums!My name is Renato Mejias, and I will help you to solve your problems .You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet.The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.

Read other 2 answers
RELEVANCY SCORE 24.8

one day my computer started acting wierd like not being to access control panel, task manager, internet. I knew i had viruses and trojans, so i download for free stopzilla. and the scan said things like dollar revenue, kavo at critical. then i downloaded antivirus plus pareto logic and it said i had 100 viruses. i had downloader loadadv gen trojan, zero day attack at critical also about ten more at critical. and now i want to buy something on the internet really bad but i know its not safe. how can i completely get rid of these viruses so that i can start buying off the internet. what antivirus program do you suggest. oh yah my computer acting wierd and stuff that hasnt happened in a month. if i cant fix this soon then ill have to buy a new computer, I hope my computer be saved.

A:200 viruses!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 24.8

i cant even open up any of my spyware removals. i have microsoft security essentials and it wont open. i try to download new ones and it wont work. I need help fast!! My backround screen has been taken over by a virus warning

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:19 PM, on 3/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.e... Read more

A:Need serious help!! Viruses!!

Read other 8 answers
RELEVANCY SCORE 24.8

got a messed up laptop. can anybody help?heres my hjt log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:03:23 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\QW15IE1vbmcgVGhpIExl\command.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Network Monitor\netmon.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exeC:\WINDOWS\system32\nusrmgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\iTun... Read more

A:5 Viruses! Can Anybody Help?

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Read other 10 answers
RELEVANCY SCORE 24.8
Q: viruses

I'm not very technical, and my other computer is infected with what looks like torjan bnk.key logger. It won't let me access to IE to download anything . Keeps taking me on a loop to purchase software
 

A:viruses

download these to the working computer & transfer them over so we can see what is wrong

follow advice here and post the logs those programs make
 

Read other 1 answers
RELEVANCY SCORE 24.8
Q: Viruses

Hello everyone.
Once again I have some problems. As I type this I am doing a virus scan with Norton. It says I have 4 infected files, but I am not sure wich ones yet. I know you cant do much without info, but as soon as it finishes I will tell you wich ones they are and am going to post a copy of a hijack log. Anyone know if I can make a hijack log as I search for viruses, or will it effect one of the processes if I do? I also noticed my computer making a bit more fan noise than usual. Also, my mom was on the PC yesturday when I wasnt home, so it might have been something then. Thanks.
 

RELEVANCY SCORE 24.8

ok then I have trojan.byteverify, java.Nocheat, and JS.Exception.Exploit
Logfile of HijackThis v1.97.3
Scan saved at 7:38:03 PM, on 11/9/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svcinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\WINDOWS\System32\PROMon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\windows\rundll32.exe
C:\Program Files\Common Files\Microsoft... Read more

A:3 viruses

lord42

Welcome to TSG!

Here is a new Beta version of CWShredder that should do a better job for you:

http://www.spywareinfo.com/~merijn/files/beta/CWShredder.exe

The files we are going to delete are hidden files so click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Run Hijack This again and put a check by any of these that are left. Close all browser windows and "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [spp] regedit -s C:\sp.reg

O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --

O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe

O4 - HKLM\..\Run: [VB_run] C:\WINDOWS\comctl_32.exe

O4 - HKCU\..\Run: [explore] c:\windows\explore.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: MSupdater.exe

O8 - Extra context menu item: Web Search - c:\windows\ex.htm

Restart to safe mode and delete:

The C:\WINDOWS\System32\svcinit.exe file
The C:\sp.reg file
The C:\WINDOWS\System32\msrexe.exe file
The C:\WINDOWS\System32\tapicfg.exe file
The C:\WINDOWS\comctl_32.... Read more

Read other 1 answers
RELEVANCY SCORE 24.8

Please help me.. I asked about this before. I dont think its a ie hijack.. its a trojan.. I dont want to lose all my stuff. thanks.

-Jere Rutter
 

A:Please help... Two viruses. CANT DO ANYTHING!!! :(((

Read other 16 answers
RELEVANCY SCORE 24.8

Started having problems ran spybot and adaware and norton antivirus 06 spybot started freezing up when i tried fixing virtumonde.generic joined your site got hijackthis and here is my first log just need some direction on what to do next. thanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:08:27 AM, on 1/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS&... Read more

A:Help With Viruses

Hello solution23,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 24.8

There are some serious viruses on my computer. I've used Rogue Remover and it found about 4 or 5 items. I've cleaned with SmitfraudFix, ComboFix, CCleaner, and ATF Cleaner. I had Norton Security Center. Then something changed the background on my computer, it was all a link to a website for an antivirus that it told me to download. I finally got it to go away. I uninstalled Norton, then got Avast antivirus, SuperAntiSpyware, and Zone Alarm Firewall. Something happened to AOL, so my computer had to reboot to fix the problem. My computer is running very slow. Please help!Here is a ComboFix log:ComboFix 07-12-21.4 - Taylor Weaver 2007-12-21 15:14:31.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.546 [GMT -6:00]Running from: C:\Documents and Settings\Taylor Weaver\Desktop\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))).2007-12-21 14:49 . 2007-12-21 14:48 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe2007-12-21 14:49 . 2007-12-21 14:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2007-12-21 14:49 . 2007-12-21 14:48 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe2007-12-21 14:49 . 2007-12-21 14:48 53,248 --a------ C:\WINDOWS\system32\Process.exe2007-12-21 14:49 . 2007-12-21 14:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe2007-12-21 14:49 . 2007-12-21 14:48 25,600 --a------ C:&#... Read more

A:Bad Viruses

Welcome to the BleepingComputer HijackThis Logs and Analysis forum DyllanMy name is Richie and i'll be helping you to fix your problems.Please download FixWareout:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next,then Install,then make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load,this is normal.When your system reboots,follow the prompts. Afterwards, HijackThis will launch,if it doesn't,launch it manually. Please click Scan, and checkmark the following items:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2O4 - Startup: PowerReg Scheduler V3.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O17 - HKLM\System\CCS\Services\Tcpip\..\{5623E7D3-2009-495A-801F-B3928BB1458D}: NameServer = 85.255.116.30 85.255.112.19O17 - HKLM\System\CCS\Services\Tcpip\..\{C7918560-6703-4F76-800E-91110F1CF518}: NameServer = 85.255.116.30,85.255.112.19O17 - HKLM\System\CCS\Services\Tcpip\..\{E19D6526-AED0-42C3-AEE1-3F1F7E852B79}: NameServer = 85.255.116.30,85.255.112.1... Read more

Read other 5 answers
RELEVANCY SCORE 24.8

i'm a real novice with computers so i'm not sure where to start to clean my computer. i got a bunch of viruses from AIM and i'm hoping someone can guide me step-by-step to get rid of them. here is my log file from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:22 AM, on 9/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\8.00\Inetd\inetd32.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Trend Micr... Read more

A:help me get rid of these viruses!

Welcome to TSG

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Read other 1 answers
RELEVANCY SCORE 24.8

So I got some viruses last night and I ran Malwarebites and it did not fix everything. Then things got worse and there were some weird programs running in my processes and now I am unable to open most programs without a fake "XP Internet Security 2012 Firewall Alert" opening up asking me to fix it or ignore it and continue.

I tried clicking on the ignore option once because the alert came up when I tried to access my control panel and nothing that bad seemed to happen. But I am still unable to open Firefox, Winamp or any number of other programs.

I used DDS and GMER and got the text files also. Now I'm wondering where I should go from here.
 

A:Got some viruses, need some help

I was able to get access to my programs and run Malwarebytes again by using this guide

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

However there is still 2 programs running in my processes called "Acrord32.exe" and "Ngokac.exe" which are taking up a lot of mem usage. There are also 2 icons on my taskbar that were never there before that say "help" and "options" wghen I drag my cursor over them.

I'm not really sure where to go from here. What should I do to try to fix this problem?
 

Read other 1 answers
RELEVANCY SCORE 24.8

Hello, im have got this problem on my computer where it redirects my google searches to quicksearch.com or fastsearch.com or licosearch. Also recently my computer won't load up my desktop and crashes constantly when it ry to open up any item. The sound icon in the taskbar freezes and locks up. It also crashes the desktop and needs me to click restore and crashes again. In short its not letting me use anything so im now using my mums account...

I tried download dds by subs but my computer won't let me the open the links for it.

Im a novice and was wandering if you guys could help me.

Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:28, on 09/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\G... Read more

Read other answers
RELEVANCY SCORE 24.8

Malware bytes keep saying it blocks incoming AND outgoing ip addresses.
heres a little list of em.
07:25:39 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:25:42 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:25:48 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:29:44 Jackson IP-BLOCK 87.248.176.1 (Type: outgoing)
07:33:19 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:22 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:26 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:28 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:29 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:35 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:33:41 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:44 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:33:50 Jackson IP-BLOCK 208.73.210.2 (Type: outgoing)
07:34:21 Jackson IP-BLOCK 93.183.194.2 (Type: incoming)
07:38:20 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:38:23 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:38:29 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:44:28 Jackson IP-BLOCK 87.248.176.1 (Type: outgoing)
07:44:58 Jackson IP-BLOCK 222.65.80.43 (Type: outgoing)
07:48:56 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:48:59 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:49:05 Jackson IP-BLOCK 95.143.193.1 (Type: outgoing)
07:53:17 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:53:21 Jackson IP-BLOCK 78.140.152.6 (Type: outgoing)
07:53:27 J... Read more

A:One or two viruses? and how to fix

Read other 6 answers
RELEVANCY SCORE 24.8

Please help me. But keep in mind I am not as technical as most of you. I have been infested by what I believe to be several different viruses on my home PC.

I tried to clear history, files and temp files...no help. Pop-ups multiply by the second.

I went out here and got a scan - Spy nuker - I believe, it scanned and found 407 infected files. Prompted me to purchase clean tool, so I did.

It showed rb32, n-case, launcher, xupiter just to name a few.

So I cleaned several times, until I came up with a scan with 0 infected files. Thought I was in the clear, but NO - POP UPS still monopolize my pc. What do I do, and do I have to spend more money to get this fixed?

Also, when I was doing uninstall on several of the programs, I did an uninstall on what was called "launcher", right after that, I could no longer open any of my microsoft office programs. The documents that are saved are still there, just can't open them.
Any way for me to retrieve these programs?

Also, did some changes on security on the internet, is this doing me any good and/or necessary?

Forever indebted,
Jody
 

A:Viruses, viruses and more viruses

Read other 16 answers
RELEVANCY SCORE 24.8

Please, I'm in desperate need of help.

First I'll start with whats going wrong with my computer;

- Where i try to open Windows Media Players it says "Can not perform operation, memory to low"
- Cannot copy and paste
- Cant open weblinks

There's probably a few others problems that I havent worked out yet.

Fortunatly I can paste my HiJackThis log, is there anyone that could go thorugh this and work out what to fix?

Logfile of HijackThis v1.96.0
Scan saved at 13:52:56, on 30/08/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINNT\explorer.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINNT\Dit.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINNT\wt\updater\wcmdm... Read more

A:What viruses do I have?!

Read other 16 answers
RELEVANCY SCORE 24.8

n e body kno how to get rid of the w32.valla.2084 virus
 

A:help with viruses

First, I think you mispelt w32.valla.2048 virus. Sorry for being so pedantic.

Do you have any AntiVirus installed, such as Norton AV?
If not, try this maybe...

Go to the following site http://www.norman.com/virus_info/w32_valla_2048.shtml and download and use "Vallafix" in the Detection and removal section. Worth a try.

Hope this helps!

 

Read other 3 answers
RELEVANCY SCORE 24.8
Q: viruses

My "internet has encountered a problem and needs to close down, sorry for the inconvenience." every time I turn on the internet. What is happening? Can I get some help?
 

Read other answers
RELEVANCY SCORE 24.8

My AVG scans have come up with a boat load of stuff which has been dumped to the virus vault, but I don't know if I'm still infected or what??I am running an old pc with windows 2kpro for an OS. I strictly use Firefox for my internet. If any more info is required I apologize.Here is a copy of my HJT log.Thanks for any and all help in advance!BBLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:37:27 PM, on 1/7/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\... Read more

A:Need Some Help...possible Viruses?

Hello busybeaver and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

Read other 1 answers
RELEVANCY SCORE 24.8

Hello, i'm Mahesh and i would glady appreciate your help.

Last week my computer began acting strangly when it became very slow and a program AV CARE was installed automatically. Since then ive managed to get rid of it and scan the computer for viruses. However, even though i seemed to get rid of them, they seem to still be affecting the computer. The problems are that the computer is really slow and every now and then i get a message saying that C:\windows\system32\system.exe terminated unexpectedly with status code 1073740972 and that i had to save within 60 seconds (i think it was, i mean i didn't have that long to write it down, next time it happens ill check). This keeps happening and my computer takes ages to respond.

Ive got a dell dimention 4600 and im on XP.
Any help will be welcomed. Thanks so much!

A:Bad viruses.

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Regarding the shutdown in 60 seconds, this should help.

Open notepad and copy/paste the text in the quotebox below into it:


Code:

@shutdown -a
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Each time your machine threatens to shutdown, double click on fix.bat & it shall abort the shutdown procedure. That should ease some of your current difficulties.

------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Viru... Read more

Read other 1 answers
RELEVANCY SCORE 24.8

hi guys

ok ive followed the 5 steps and i am unsure what viruses i have ? can u help me in finding them with the names so i can post on here what my virus problems are ?

thanks
mike



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-19 16:58:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
131: 2008-07-19 15:58:55 UTC - RP131 - Deckard's System Scanner Restore Point
130: 2008-07-19 15:48:36 UTC - RP130 - Installed Windows Internet Explorer 7.
129: 2008-07-19 15:48:25 UTC - RP129 - Installed Windows IDNMitigationAPIs.
128: 2008-07-19 15:48:04 UTC - RP128 - Installed Windows NLSDownlevelMapping.
127: 2008-07-19 13:10:57 UTC - RP127 - System Checkpoint


-- First Restore Point --
1: 2008-07-05 08:13:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-19 17:00:32
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
... Read more

A:how do i know what viruses i have ?

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.


========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

P2P

P2P - I see you have P2P software Azureus Vuze and LimeWire 4.18.2 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the ... Read more

Read other 6 answers
RELEVANCY SCORE 24.8
Q: viruses

i can't copy and paste. i have stinger which scans my computer for viruses and every time i scan it the same viruses keep coming up.they are svchost.exe and dllhost.exe. i can't play windows media player when im connected to the internet unless i open it before i connect. And i can't drag items off the desktop into something else. Also sometimes when i got to control panel and add/remove programmes it doesn't show the items and instead of saying close it says cl&ose.
 

A:viruses

go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 24.8
Q: Viruses

i need help with AVG i wanna know how to get rid of trojan and other viruses on my computer with it cause it wont heal them and i need help
 

Read other answers
RELEVANCY SCORE 24.8

Hey all. Somehow I got a ton of virusus that give me all this porn stuff. I ran HJT many times, Ad-aware, NAV, SpybotSD and I still have stuff on my comp. When I shut down, it loads IE right before and opens a porn site and says donwload aborted. Below is my HJT log, followed by my HJT start-up log. PLEASE any help is appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 1:21:38 AM, on 12/13/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C... Read more

A:Viruses!

Any help????
 

Read other 2 answers
RELEVANCY SCORE 24.8

Hello!!I have noticed my PC is going slow in last days, sometimes it doesn't work properly and I have to reboot it... I think I have some viruses...Here is the log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:27:20 p.m. PINKCESA, on 18/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Archivos de programa\Canon\IJPLM\IJPLMSVC.EXEC:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Archivos de... Read more

A:Several Viruses

Hello Chulegcg and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 2 answers
RELEVANCY SCORE 24.8

I just recently removed the Vundo virus off my computer with Vundofix. I am now having problems with Internet Explorer and Firefox both loading websites at times. I will go to a website and the computer just sits there waiting for a response fom the page. I am also getting pop ups, and the system is running slow.Here is the main text from the DSS scan:Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-18 22:16:44Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --59: 2008-06-19 04:16:52 UTC - RP839 - Deckard's System Scanner Restore Point58: 2008-06-18 06:06:04 UTC - RP838 - Last known good configuration57: 2008-06-18 06:06:01 UTC - RP837 - Last known good configuration56: 2008-06-18 06:06:00 UTC - RP836 - Last known good configuration55: 2008-06-18 06:06:00 UTC - RP835 - Last known good configuration-- First Restore Point -- 1: 2008-06-18 06:05:56 UTC - RP781 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:19:58 PM, on 6/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOW... Read more

A:Viruses And Pop-ups

Hello Jerome and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 8 answers
RELEVANCY SCORE 24.8

Hello,

My computer has been acting strange for at least a month. I would get viruses messages and pop ups even when I have the pop up blocker on. Here is the log posted below:

ComboScan v20070306.20 run by Owner on 2008-02-10 at 19:54:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-02-11 00:54:09 UTC - RP193 - ComboScan Restore Point
37: 2008-02-11 00:51:19 UTC - RP192 - Spybot-S&D Spyware removal
36: 2008-02-11 00:14:16 UTC - RP191 - Installed SUPERAntiSpyware Free Edition
35: 2008-02-10 22:48:02 UTC - RP190 - Software Distribution Service 3.0
34: 2008-02-10 05:27:54 UTC - RP189 - System Checkpoint


-- First Restore Point --
1: 2008-01-10 00:35:14 UTC - RP156 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:55:39 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Expl... Read more

Read other answers
RELEVANCY SCORE 24.8

Can someone help me rid these bugs? Here is my hijackthis log. Thank you...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:53:10 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\... Read more

Read other answers
RELEVANCY SCORE 24.8
Q: viruses

first ive been looking for solution for my problems found 1 thread but his prolbem wasnt resolved he had to reformat. my computer has been acting up i dont know alot about computers so heres my problem a virus took away my system admin privlages and several other viruses effected my system the got rid of my ability to copy and paste drag and drop ( some reason i can copy and paste hijack this logs) also my sound is gone. these are not hardware problems since i already went and check that first doing a quick virus scan with avast it says i have 3 viruses.

also i tried running an online scan just to double check but mozila firefox is not supported and i uninstalled internet explorer will post a hijackthis log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WIND... Read more

A:viruses

right i ran a search and destroy scan and it seems i have 6 keyloggers 34 trojans and 3 viruses any help on how to remove them since avast wont pick them up so i can repair them

Read other 19 answers