Over 1 million tech questions and answers.

Spyware affecting IE

Q: Spyware affecting IE

I have uninstalled and reinstalled IE, ran malware bytes, adware and virus software. Removed several files but still have issue. Cannot completely remove IE. Here is Hijack this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:36:50 PM, on 5/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Funk Software\Proxy Host\phsvc.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Funk Software\Proxy Host\phtray.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\IBMTOOLS\UTILS\ibmprc.exeC:\Program Files\HP\HP Software Update\HPWuSchd.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exeO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXEO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft Dynamics CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CABO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://findleydavies.webex.com/client/T26L...bex/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = findleydavies.localO17 - HKLM\Software\..\Telephony: DomainName = findleydavies.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = findleydavies.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = findley_davies,findleydavies.local,cust.hotspot.t-mobile.comO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = findley_davies,findleydavies.local,cust.hotspot.t-mobile.comO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\phsvc.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe--End of file - 9660 bytes

RELEVANCY SCORE 200
Preferred Solution: Spyware affecting IE

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Spyware affecting IE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

Read other 2 answers
RELEVANCY SCORE 53.2

on my laptop there was something accidentally installed it a while back and since then it's been running up my ram to the point where it sometimes crashes. every now and then i hear these advertisements from different websites in the background but no web pages pop up. I tried ATF Cleaner and some of the others but still have the same problem. I used speed up my pc to clean all the temp files and etc. Here is my LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:17:31 AM, on 9/28/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Windows\system32\WTablet\Wacom_TabletUser.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Lexmark 2500 Series\lxddmon.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\2Wire Wireless Manager\2Wire.exeC:\Program Files&... Read more

A:Spyware Affecting Ram

Hi AFTERLIFE2012Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will ta... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

Hi,
I have downloaded and installed the latest Spybot S&D (and updated it) yesterday and it did remove clientman but I am still getting other spyware popups. I guess there is someting in my startup which is causing this...

Can someone please look at my Hijack This log and give me some clues:
Logfile of HijackThis v1.97.7
Scan saved at 10:17:35, on 08/06/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Tekelec\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\s3hotkey.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\TFncKy.exe
C:\WINNT\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Progr... Read more

A:Spyware still affecting me - HJT log included

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINNT\system32\mskhhe.dll
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINNT\system32\msibkd.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINNT\system32\msjfbl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll (file missing)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [omafgjnixyski] C:\WINNT\system32\ozkyyzww.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKCU\..\Run: [Cadenza] C:\Program Files\CommonTime\Cadenza\CdzSvc.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

Close all applications and browser windows before you click "fix checked".
Restart in safe mode Click here to see how
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files".
Now clic... Read more

Read other 2 answers
RELEVANCY SCORE 52.4

I am writing on behalf of my father who has been experiencing problems with his computer. His operating system is WIN2000.

A few months back his MSN Messenger starting logging him in and out regularily. Sometimes in a conversation I can see him go offline and back online. Other times it appears he is still online, but the conversation isn't transmitting between us. Even stranger is the fact that he finds the problem occurs less often if he leaves his Windows Media Player running while using Messenger. He has had problems with spyware on his machine before and I'm wondering if this could be the problem this time. Would it be worth it to run HJT?

Thanks.

A:Spyware affecting MSN Messenger

It could be a number of things, Garfield. To make sure there is not a spyware issue, I would recommend you post a log.

Read other 11 answers
RELEVANCY SCORE 52.4

Some Spyware called Antivirus 2008 Pro and Antivirus XP 2008 are affecting my computer. Attached is the hijack this log. I am currently running my computer in safe mode.

A:Spyware affecting computer

Hello CRIZA,

You've just been through one of our cleaning processes in April, so you should know what logs we require, and that logs should not be attached unless specifically requested to do so.

Kindly follow the instructions in our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help If you have any difficulty with any of the steps, move on to the next one.
Be sure to reach Step 5 and post the requested logs in your next reply.


**Please note this section of the forum is very busy, so please familiarize yourself with the bumping rules found in Step 5 of our sticky topic mentioned above.

One of our Analysts will review your log as soon as possible.

Read other 1 answers
RELEVANCY SCORE 52.4

Hello,

Im trying to help my dad, here is his hijack log. I looked up some of the programs but I don't see any problems. does anyone recognize anything wrong here? He has run AdAware and deleted some bugs but some this is still affecting his browser

thanks

Logfile of HijackThis v1.98.0
Scan saved at 10:06:30 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Norton Personal

Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton

Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Pr... Read more

A:Spyware affecting computer

Read other 11 answers
RELEVANCY SCORE 52

hi.i got a reply from miekiemoes hjt team member that adware was stopping the deletion of some registry keys which were not malware.will adware also stop any spyware and registry cleaners from deleting any registry keys which are malware or no longer necessary?

A:Adware Affecting Spyware Removal?

Hi,Why did you start a new thread with this question? I already answered your question here: http://www.bleepingcomputer.com/forums/ind...mp;#entry617640So this thread is closed.

Read other 1 answers
RELEVANCY SCORE 52

Hello, I have posted in this forum before, asking for help on the same issue. It was resolved, thanks to Gringo, but now it is back.
The problem is that my internet would stop working for a few minute, or takes a really long time to load. This only occurs on the current computer
that I am using, and not anything else. Have only recently started to happen.
Anyways here is my HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:51 PM, on 3/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Progra... Read more

A:Spyware/Virus affecting Internet?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis is not able to provide accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).... Read more

Read other 23 answers
RELEVANCY SCORE 52

Hello,I am new to this so I apologize if I sound crazy! I have been having some problems with my computer like it running slowly, and now the internet freezes up almost every time. Actually mostly only when I use google (I just read about a new google virus or something). I have done some research online and it seems to be some kind of virus. I thought it had to do with my google toolbar, but I am not really sure. I dowloaded spybot search and destroy and it did find a bunch of malware, but it didn't seem to help after I deleted those things. I finally broke down and decided to try Hijackthis. I hope I actually did it right! Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:06:19 PM, on 9/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mca... Read more

A:I Think I May Have Malware Or Spyware That Is Affecting Internet Use.

Hello MelisAva and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, and you're notified a more current version is ava... Read more

Read other 5 answers
RELEVANCY SCORE 52

Hello so for a while now, my internet would disconnect once every quite often. However, when it disconnects, some programs that requires internet such as AIM,
or Skype continues to work. I've googled and came across this forum, saying it has to do with spyware. I have ran spybots&d but the problem persists.
Anyways, here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:27 PM, on 3/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
c:\... Read more

A:Spyware/Virus affecting Internet?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 52

Hello Folks,

Thanks in advance for any guidance that you can provide. The symptom I am having is very high latency when connecting to a game server. I have tried every fix imaginable and I decided to check to see if Spyware is the cause of the high latency. I did see the post regarding the steps to take such as on-line virus checks, downloading Ad-Aware, Spybot and CWShredder. I have removed all the programs that are identified as Spyware but I still get very bad latency so I wanted to post a hijack this logfile.

So here goes:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:19 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\J... Read more

A:Possible Spyware Affecting Connection to Server

Hello Bill,

That was very thoughtful, but it's actually more difficult to read with the spacing. You can just copy/paste future scans without the spacing and save yourself some time.

Let's try some general cleaning first:

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard C... Read more

Read other 3 answers
RELEVANCY SCORE 52

We downloaded some new anti virus and anti spyware programs, namely:
Allura Spyware Eliminator
BitDefender 8 Standard

After using Allura, and deleting everything it found, we cannot get into MSN hotmail. We get a blank screen with "Done".

Any idea what, if anything, could have been deleted to prevent us from logging in??

Thanks.
 

Read other answers
RELEVANCY SCORE 51.2

Hi, my computer has been infected by some type of malware or spyware... my internet conexion is a bit strange, and sometimes (not that usual, though) the spyware almost kills it.

Thanks for any help.

Hijackthis log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 04:28:21 p.m., on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
F:\unzipped\hijackthisnew\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333... Read more

A:Help please! some type of spyware is affecting my internet connection

Welcome to TSG!!

Click on the link below to get lsp-fix.
Run that to fix your internet connection.

http://www.cexx.org/lspfix.htm

Check the box that says "I know what I'm doing".
Remove efyandc.dll only that one!
What have you disabled with MSConfig?
 

Read other 1 answers
RELEVANCY SCORE 51.2

Okay, so what I want to know is if two PC's are sharing a connection with a wireless router, and one PC is badly infected with spyware and viruses, can that affect the connection speed on the other PC? I'm pretty sure I remember someone saying something about this causing the infected PC to use up more bandwidth than it usually would, and as a result, cause the other PC's connection to slow down. I've also had problems with it occasionally disconnecting, but I'm not sure if spyware and viruses can cause that, although I'd suspect it could if it's able to affect your connection in other ways.

Now, I think it's pretty likely this is the problem, because my PC's not infected and there doesn't seem to be any real reason why I should be having problems. Often when I had connection problems before I could reset my modem and router and change the wireless channel, and that would usually solve the problem, but not now.

Plus, I am certain that the other PC is badly infected. It's the one my younger brother uses, and he's put forth no effort to try to maintain his PC. His PC was running abysmally slow the last time I was on it, so slow infact that it took nearly 10-15 minutes for a single program to open. There was also constant warnings popping up mentioning how the PC was infected, and this was after removing all the spyware from his PC. I didn't scan for viruses, because as I said, it was running ridiculously slow, ... Read more

A:Spyware/malware/viruses/etc. affecting connection

Read other 16 answers
RELEVANCY SCORE 51.2

Yesterday my computer's desktop image "crashed." It has been replaced with an image in a black box with red letters that says the system has shut down due to spyware. I ran ad aware a few times and it now says the system is clear. I'm running Avast 4.8 Antivirus scanner. It's been running for 9 hours and is still checking my system. I have it set to the scan at the highest possible sensitivity so I guess it takes a while, but its seems like its taking a really long time.

I'm still getting a message (not from Avast or Ad Aware) that tells me my system is infected and it tries to link me to a site that will let me download an anti spyware program, but I think this is spyware itself.

Anyway, I now cannot access my destop image in the control panel, the option to change it just isn't there.

Also, my sound is no longer working. When I open the volume controls, my wav volume is all the way down. When I raise it and then close the volume controls, and then re open them, it is all the way down again even though I just raised it. I can get sound if I am actually moving the slider under the wav controls, but as soon as I take my finger off the mouse button, the sound shuts off. I basically have to constantly slide the wav. volume control up and down like a DJ to get sound. I don't really know much about how computers work but I was wondering if my drivers have been affected.

Anyway, in summation, I can't access my desktop image and my... Read more

Read other answers
RELEVANCY SCORE 50.8

Hello guys,

I recently caught a virus or spyware that disrupts several internet related processes, but I have no idea what it is or how I got it.

My clock is messed up and displaces the year as 8208. Logitech updaters crashes at windows startup. Punkbuster crashes at startup. When I use AIM, it can start, but when I try to send a message, it crashes. Even Dss crashes, so I'm forced to use Hijackthis to post the log here.


So here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:22 PM, on 3/7/8208
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech... Read more

Read other answers
RELEVANCY SCORE 50.4

Hi ,
actually my laptop got affected from some virus or spyware or malware and at first it started affect images with some sparkling red dots on the dark black pixels then it started all window with blue flickering lines and dots . when i scan my laptop from spyware and malware remover the blue flickering lines get disappeared but the problem of red dots are still there and those blue lines also comes back frequently. please tell me what is it , any virus or spyware or malware and also teel me how to remove it

A:some spyware or malware which starts affecting images then screen color

Hello Vishumishra and welcome -

actually my laptop got affected from some virus or spyware or malware

Do you know if the computer was infected, or is this just an idea of yours.
 
The last time I had a computer go as you describe, it was due to PSU (not infection)
Power Supply Unit failure can show in several ways, and you have described one of them.
 
I will not be able to re check this post for about 8 to 10 hours, but please do this.
There are many helpers in this area, and they may have new ideas.
 
List your computer Make and (if known) Model.
 
Please post a snapshot with Speccy for more system details -How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)
 
 
Then please Copy and Paste this log.
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please Copy/Paste the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.

Read other 1 answers
RELEVANCY SCORE 49.6

Alrighty. I've got some serious problems with this computer. I admit that. But right now I've got a program(s) working on not just this computer but my other computer, which is odd because that other computer almost never downloads things, has very high security, and is basically kept safe and secure for my parents' tax needs. The problem itself is a filter-like thing that blocks and deletes any words or sites it deems inappropriate. I'm no bad kid, but this filter thing blocks some really idiotic stuff. Words are flitered differently according to what site I'm on, what program I'm using, etc.. and include such words as the "f-word," "girl," "cheerleader," % ," % ," and " e." Grouped together they do seem rather bad, but do you have any idea how often those words come up in conversation?

((EDIT: See that? The words got zapped by this thing. They were: "[email protected]," "@ccident," and "[email protected]"))

I've been trying to get my parents to help (they're both programmers, and my stepfather has worked at a technical help desk for over a decade) but they're always either "too tired" or too busy to be bothered with my pitiful computer issues. They adamantly stress that this is not due to the "Cyber Sitter" they installed on my computer some six months ago, and when I asked them to please uninstall and remove it (its ... Read more

A:Crazy filter thing affecting my computers (possibly spyware.) HijackThis log..

Read other 8 answers
RELEVANCY SCORE 49.6

I have a new laptop (hp pavillion dv6 running windows 7 home premium) and 2 days after initialising it, the NIS 2010 that came with it is refusing to load. Each time i attempt to load it i get a windows message asking if i trust the symatec application to load. If i click yes, nothing happens. The only things i had downloaded prior to it refusing to load were a lot of windows updates, hp updates and adobe, firefox and java.

The only instance of any non-downloading sessions was when my gf used it and played some games that came with the laptop, she now thinks she may have joined some online parts and possibly clicked on something. She also hadn't recognised that i had loaded the mobile broadband connection that we also use on our home pc and had attempted to connect to some wi-fi networks, she wasn't 100% whether she did or not, just that she had got online!

Initially i thought it was related to action centre switching NIS2010 off and I did visit the norton website and view thier forums and found 2 suggested solutions regarding action centre flagging that nis is switched off, but they didn't work. At the first few times at try to resolve this the nis2010 application would connect to norton's one-click support but now i don't even get that.

Some windows updates have not been downloading, even when trying to manually download them. In the main, they are eventually downloading, but it seems that if there was ever a list of 10, only 5 ir 6 would download first time.

A min... Read more

A:Potential virus/trojan/spyware affecting NIS2010 and windows update

Bump, please

Read other 1 answers
RELEVANCY SCORE 34

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:26:19 PM, on 9/20/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\firedog advisor\faAgnt.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Users\Owner\AppData\Local\Temp\a.exeC:\Users\Owner\AppData\Local\Temp\c.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKCU\So... Read more

A:I Don't Know What Is Affecting It.

Hi hokom and welcome to Bleeping Computer.I apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please post back a new Hjt log so I can have a look at the current condition of your machine.Thanks

Read other 2 answers
RELEVANCY SCORE 33.6

When we attempt to browse using Google we are directed to web sites and cannot use the browser without typing the URL address directly into the address bar. I have free AVG and installed Spybot but neither has helped. You were recommended to me by my IT director at my office.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Tamra at 19:55:29.86 on Sun 12/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.104 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:&#... Read more

A:Infected with something affecting IE

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 14 answers
RELEVANCY SCORE 33.6

Norton detected a trojan while surfing and recommended deleting it. Everything has recovered except that the home page for I.E. is locked out to that web address and it will not let me change. I cannot even highlight it to attept to change it. I tried reinstaling I.E. but no help. Any suggestions?

A:trojan affecting ie

You have been hijacked!Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.Download the latest version, from here.Read the pinned post in the HJT forum, hereThen, run a log, and post it in the HJT forum. Do not fix anything, yet.A member, of the HJT Team, will help you out.Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Read other 1 answers
RELEVANCY SCORE 33.6

Hello.

This computer that has been placed on my hands at work...

Acer Inc.
AcerSystem
Intel(R) Celeron(R) M
processor 1500MHz
1.50 GHz, 480 MB RAM
Windows XP Home Edition 2002 SP2

... has been giving me headache after headache. As soon as itboots a dos window comes up with some flippy progra called explori.exe and as I use Internet Explorer some sites simply don't work or show up all messed up (namely using hotmail.com and gmail.com).

Could anyone please lend a hand?
Thanks in advance.

Now for the HTJ log:

------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:01:33, on 03-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W... Read more

A:Virus affecting IE? HJT log

Read other 10 answers
RELEVANCY SCORE 33.6

Hey guys, I've recently purchased a new notebook, and the items on the screen were incredibly small. I used the 'make text or other items larger or smaller' option in control panel and set it to 150%.
The problem is when I run Camtasia studio and go to record the screen the recording section of the screen is only the top left quarter of the screen. Even if I set Camtasia to 'record thw whole screen' it still only records the top left box. I know the problem isn't Camtasia because on another program which allows you to take and edit screenshots, when I take screenshots it only screenshots the top left quarter of my screen.
I tried installing the programs after I had changed the DPI and the problem persists. Is the any way to 'zoom in' so to speak without messing with the DPI and screen ratio's for programs?

Any help is appreciated.

A:DPI Affecting Programs

Type magnifier in help and support for detailed information.
.

Read other 2 answers
RELEVANCY SCORE 33.6

Here is HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:51:18 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SafeandSecure\SafeandSecure\app\Prism.exe
c:\program files\safeandsecure\safeandsecure\app\CurtainsSysSvcNt.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
G:\PHOTOS~1\data\Xtras\... Read more

A:PLease Help - Smething affecting IE

Read other 9 answers
RELEVANCY SCORE 33.6

Logfile of HijackThis v1.97.7
Scan saved at 1:04:33 PM, on 4/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
G:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\System32\devldr32.exe
G:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\program files\altnet\points manager\points manager.exe
G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
G:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
G:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
G:\Program Files\MSI\PC Alert 4\PCAlert4.exe
G:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Common... Read more

A:Something is affecting my computer, please help.

Read other 11 answers
RELEVANCY SCORE 33.6

My boss brought me his personal computer. Someone had convinced him to download "Antivirus 2009" on it. It has been preventing me from running Malwarebytes (which I read can remove it) or updating any of the scanner/virus programs. I booted in safe mode and ran AVG. My boss thinks I fixed it, for most purposes it runs ok. However when you search for spyware programs, antivirus updates, or try to go to the main webpages to download updates you get redirected to a trash advertisement page. I even went to Download.com and tried to get Hijackthis from there and when the download started it canceled it and redirected the browser to a trash page. Instead I was able to download Hijackthis onto my laptop and transfer it via media key. I ran it and below is the log. I tried running gmer and the other program you ask for logs from, but even transferring from my media key the programs won't run. Thanks for your time.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:32 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svch... Read more

A:Only Affecting attempts to fix

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 13 answers
RELEVANCY SCORE 33.6

I believe my brother might have some sort of Malware or Virus affecting our internet. Everytime he even opens his laptop (he doesn't even need to be using Chrome or anything to do with the internet he just needs to be connected) my internet turns terrible. I will be on a game and have 20-30ms, the second he turns his laptop on BAM 500+ms. I know it's his laptop because I have tried turning it off and the internet is fine, as soon as it's back on it's terrible. The amount of times I have tested this tells me there is NO WAY that this is a coincidence that the internet just spikes at coincidentally the same time his laptop is on. Only problem is, it's a school laptop. So there is no anti-virus turned on, windows defender is off. The school refuses to turn it on and says there is no problem. I can't download/install any anti-virus/malware because it requires admin rights. What can I do, and is it even a virus or malware or is there a possible clash somewhere, not too sure, all comments and help is greatly appreciated.

*Edit 1* - I have full access to everything on my computer, so if I need to access CMD or anything of the sort I can do so. I am just not sure on how it all works, I have heard words of "Tracerouting" but have no idea what that is or how it works, I never used CMD before if that could come in handy.

Thankyou for taking the time out of your day to assist me.
 

A:Possible Virus Affecting Net

What is the operating system on your brother's laptop? can you check if the issue still occurs when his laptop is wired to the router/modem?
Do you have a single modem/router device or two seperate devices? what happens when you have your smartphone connected to internet parallely without your brother's laptop connected to internet ? can you test it to see if the issue still occur? who is the isp? what is the os on your laptop? is the issue intermittent or it happens all the time?
 

Read other 1 answers
RELEVANCY SCORE 33.6

Hey. I've been trying to get some help with an issue over at another thread. But I'll try here too I suppose. Here's a log. I just need someone to tell me what within the log might be able to effect my connection, in a way that it 'stutters' for a second every few seconds in Online Games.
I'm positive it has to do with my connection, as none of this occurs in offline games.
Thanks in advance.
 

A:Affecting Connection/ within log.

Bump, Anyone? I really need some advice on this.
 

Read other 1 answers
RELEVANCY SCORE 33.6

Details here; http://blogs.technet.com/b/msrc/archive/2013/09/16/microsoft-releases-security-advisory-2887505.aspx

Apologies if already posted elsewhere.
 

A:New 'issue' affecting IE

More on this from the ESET Threat blog;http://www.welivesecurity.com/2013/...for-internet-explorer-after-targeted-attacks/

Although I don't use IE, I've installed the 'Fix It' anyway pending a full patch. Note that, if you use the Fix it, you need to have the September Cumulative patch for IE installed first and restart IE afterwards.
 

Read other 1 answers
RELEVANCY SCORE 33.6

Hi There,
I'm using Windows 2000 Professional, and I've only had this computer for about a week. It was a clean installation of the OS when I got it, so it should be all good - just one (big) problem:

Every time I start up now, it installs a file in my C: folder called dnmc10.exe - this file then proceeds to self-extract using its own built-in winrar and then unzips the following files to my C Drive:
tr.bat
tr.exe
w3.exe

Once these files pop up in my C drive, Internet Explorer shows 'Page Cannot be Found' errors until I remove the files manually.
Please help, it's getting really really annoying.

- Ash
 

A:Virus affecting IE

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
 

Read other 1 answers
RELEVANCY SCORE 33.6

The fan in my computer goes extremely loud whenever I open up programs which have a high memory usage, such as java, itunes, msn and streaming youtube videos.

It has been getting increasingly louder over the past few months and I'm not sure if I should just get a new fan altogether or somehow fix it.
Thanks.
My computer is a custom, but a pretty poor one

512mb ram
3.06ghz processor speed
 

A:Mem usuage affecting fan

Read other 10 answers
RELEVANCY SCORE 33.6

I have scanned my system for virus with avg 7.5 no infection found and also scanned with trendmicro no infections or bad files found however I keep when i use google or yahoo search when i click on a relevant link to my seacrch keep getting porn adds - I want to remove this but can't seem to find where the infection is located as all my diffrent searches with online and offline virus scanners etc keep coming up clean any idears (I know never lend a relative your computer, but hey he was visiting ! ) Logfile of HijackThis v1.99.1Scan saved at 18:30:58, on 22/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\SOUNDMA... Read more

A:Only Affecting I.e 7 - My Hijack This Log

Apologies for the delay in responding. The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.As you suspect, there are malware entries showing on the last log. It is best to have the most current log possible, so please run HijackThis again. However, before doing so, please make sure HijackThis is in its own folder.If you want to keep the program on the Desktop, right click an empty area, select New > Folder, name the folder HijackThis, and place the HijackThis.exe file in it. HijackThis makes backups of what is fixed/removed, and needs its own folder to create and keep these secure. Backups allow you to restore removed entries, and this option may be necessary. Then, run the program from its own folder, and post the new log.I will be notified, and will be glad to assist you.

Read other 1 answers
RELEVANCY SCORE 33.6

Just dropped embarq internet and now get internet through a verizon hotspot (love the speed). But I have a major networking problem. I have been told that i have to still connect my printer to my computer through my linksys E2000 router so I now have 2 networks on my computer. I run a business from home and trying to switch from one network to another one to print and one to search the web and send e-mails is a real pain in my [email protected]@. Can someone please tell me how this problem can be fixed I can now go on like this. thanks in advance.
 

A:please help affecting my business

Do you connect to the Verizon hotspot via Wi-Fi? If so, you can simultaneously connect to the router by ethernet or by another wireless adapter.

Most printers these days can connect by USB to a computer. That is not the case with your printer? What's the brand and model?
 

Read other 3 answers
RELEVANCY SCORE 33.6

Mcafee always pops up zapchast.reg affecting a.bat message.

Here's waht i got from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:43 AM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\LxrJD31s.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
... Read more

A:Zapchast.reg affecting a.bat

need some urgent help.
 

Read other 1 answers
RELEVANCY SCORE 33.2

Windows Vista 6.0 SP 2IE 8Dell Inspiron 1525For the last couple weeks, I haven't been able to access the Windows Update page, or many other control panel functions. If I click on Windows Update, Backup and Restore Center, or Security Center (among others), nothing at all happens. I've tried to go to the Windows Update webpage, and it looks like it will open, then immediately closes. If I go to the Microsoft Update page, it's completely blank. No error codes or anything, just blank. Also, on Facebook, I can't "like" anything, or comment on someone's status. Several of the games aren't working either.Probably not coincidentally, at about the same time, I started getting a message at startup saying something (I don't remember the exact phrasing) about reverting back to the original theme, and also one that says "Runtime Error - Program: C:\Program Files\Dell|Media Direct\PCMService.exe" stating that the application has requested the runtime to terminate it in an unusual way. I'm guessing that a virus or trojan has caused a conflict?When this started, I was running AVG Free, not sure which version. When an AVG scan didn't pick anything up, I switched to Norton 360, which didn't find anything either, so I re-installed AVG Free 9.0. In addition to AVG and Norton, I've run Spybot Search and Destroy, Malwarebytes, Windows Defender (although I get an error when I try to update it). None of them h... Read more

A:Virus affecting Windows?

Hello, this may not be a malware issue. I need to ask if you now have more than one active antivirus running.Let's do one online scan.ESETHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the ESET Online Scanner button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.Double click on the Eset Smart Installer icon on your desktop.Check the "YES, I accept the Terms of Use"Click the Start button.Accept any security warnings from your browser.Check Scan archivesPush the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push "List of found threats"Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the "<<Back" button.Push FinishIn your next reply, please include the following:Eset Scan LogNOTE: In some instances if no malware is found there will be no log produced.

Read other 5 answers
RELEVANCY SCORE 33.2

I have a hard drive that used to have windows 7 RC installed onto it's own partition, (so 2 partitions on one drive) I have since bought a new Hard drive and installed Windows 7 Home Premium on it and I am now using the old Hard drive for storage

My question is I want to clear out the partition that had my old RC version of Win 7. I tried just deleting all the Windows files, but it would not delete them all... can I format just the partition without affecting the other partition, or will it format the WHOLE drive?

A:Can I format just one partition without affecting the other?

You can format a partition. You can also delete and recreate a partition. Finally, you can resize a partition. All three without affecting the whole drive (well, resizing affect outside that partition).

Read other 8 answers
RELEVANCY SCORE 33.2

Basically, PC Antispyware popped up recently on my computer and everthing is so slow now. Need to get this off my computer ASAP.

Gmer.exe crashes my computer and always has, roughly mid way through the scan. Here are the other two logs though:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben at 17:38:02.17 on Wed 08/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.127 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WI... Read more

A:PC Antispyware really affecting system. Help!

Hello and welcome to TSF.

Let's try this special version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 2 answers
RELEVANCY SCORE 33.2

Hi all, downloaded an ad blocker from firefox and now all the sudden I get redirected from a google search to some generic search engine. Also got over 350 junk emails sent to me all in a time frame of 1 minute. AVG anti spyware won't update along with several other spyware programs I have tried. My OS is Vista 32bit. Im using my laptop instead of the infected PC for now. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:37:50 PM, on 8/10/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\temp\189338.tmpC:\Windows\RtHDVCpl.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Users\TyGregg\AppData\Roaming\taskeng.exeC:\Users\TyGregg\Desktop\Money\Money.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explor... Read more

A:Hijackthis log - Can someone have a look~affecting email

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 33.2

Hi, I've been referred to this forum from the XP Support section. (Original thread: http://www.techsupportforum.com/f10/...ml#post1069164 )

My pc was infected with a virus which came with a torrent DL of Windowblinds (I know, I know, I should just pay for it!!). AVG listed it as:

....\windowblinds550_enhanced.exe:\Win.exe (Status - Infected, Embedded Object, Deleted)

and

...\windowblinds550_enhanced.exe (Status - Infected, Archive)

They were both listed as 'Trojan Horse SHeur.GUI'

I have deleted the whole download but it has left my theme settings all over the place, in particular the icons, which appear very pixellated (not smooth and clean). I have TweakUI installed but the 'repair icons' button is not working.

I have followed the 5 steps recommended before posting here ( http://www.techsupportforum.com/secu...sting-log.html )

Step 1 - I found none of the listed malware.

Step 2 - Here is the Panda Scan result:


Incident Status Location

Spyware:spyware/media-motor Not disinfected Windows Registry ... Read more

A:Icon affecting virus

bump :)

Read other 9 answers
RELEVANCY SCORE 33.2

Lately, I've been having random pop-ups appear in my internet browser. Also, my laptops internet connection won't work. It'll be connected but won't work. Meanwhile the internet for all other devices in my house still work.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Adonvdo at 20:08:30 on 2014-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6026.2607 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common F... Read more

A:Malware affecting Internet?

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Read other 7 answers
RELEVANCY SCORE 33.2

Hi there,

Recently, I have encountered a very very annoying problem, and since I didn't really know where to get help for it, I'm posting on this forum.

Here is my setup :

Razer BlackWidow Ultimate 2014 and a Logitech mouse.

Here is the description of my problem :

I am on my computer and suddenly, the lights of my keyboard are turning on and off with a random idling time between the falshes, as the ligh flashes I cannot use my keyboard. My mouse isn't responsing either.

Here is what I tried : I tried to switch the usb ports I was using but to my confusion it only made things worse. I don't really know why this is but switching from several ports at the back of my tower didn't suit windows and I couldn't even enter my password with the keyboard in the windows log in screen. I had to use the numeric one and then open the razer program for it to work.

So that get's me really confused to what USB ports I should use.

I tried getting windows to search new drivers for me but it didn't fix the problem.

Thank you for taking the time to read my post.

A:USB ports affecting my hardware !?

And here is (a) way to properly fill in your system specs

System Info - See Your System Specs

This tell us nothing.






Quote:
Computer type PC/Desktop
System Manufacturer/Model Number custom build
OS Windows 7 x64
CPU a
Motherboard a
Memory a
Graphics Card a

Hard Drives a
Antivirus a
Browser Chrome

Read other 9 answers
RELEVANCY SCORE 33.2

Mcafee always pops up zapchast.reg affecting a.bat message.Here's waht i got from Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:38:43 AM, on 3/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\LxrJD31s.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\I... Read more

A:Zapchast.reg affecting a.bat / Windows XP SP3

Need Help Please...

Read other 4 answers
RELEVANCY SCORE 33.2

Hi,

This is my first time writing to this forum.
I'm unable to go to websites that I want. Whenevr I try to go to a website I am hijacked by the search-daily search assistant. I believe this is a trojan of some sort. I tried scanning my PC with Norton CE, AVG Anti-Spyware and Spybot but to no avail.

Could you please assist?

Thank you.

Gritt88

A:Search-Daily.com affecting IE

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 33.2

Hello there,

I'm pretty well convinced that I've got something akin to a hijacker or something..

Firefox has been routinely hanging up, not responding, the pg up/down buttons stop working properly, becoming back and forward browser buttons instead, and the FF open browser windows will places (ie: switch locations in the taskbar) seemingly randomly.
Restarting the computer usually solves the issues for a little while, but then it happens again; sometimes within minutes, sometimes after an hour or more.
Restarting the browser does nothing to help.

I've updated Firefox, as well as completely uninstalling and resinstalling it, cleared cache and cookies, and disabled all add ons. I have also run HJT (deleting suspicious items), Spybot S&D, Malwarebytes, IObit quick care tool, and done full scans with both Avast and Microsoft Security essentials. Of course, I made sure all programs were up to date before doing so.

Despite all of this, I am still having all the same troubles and nothing more nefarious than doubleclick has shown up in any scans!

I'm running Win7 Home Premium w/svc pk 1 (64 bit)

Please help,
~ Khaos

A:I think I have malware affecting Firefox

Hi khaos,Firefox has been routinely hanging up, not responding, the pg up/down buttons stop working properly, becoming back and forward browser buttons instead, and the FF open browser windows will places (ie: switch locations in the taskbar) seemingly randomly.Does this happen only with Mozilla Firefox? Or do you experience the same in other web browsers?

Read other 15 answers
RELEVANCY SCORE 33.2

I made a post about something trying to overheat my computer (seemingly)all i really know is that i left my computer alone fine, and 20 minutes later when i came back, i heard my GPU's fan working at full speed. So, i checked SpeedFan and almost everything that SpeedFan reads was running 15-20c above normal values (some over 60c)i was instructed to post here with some readings from a couple of scans. here they are.DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Teresa at 16:51:54.01 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1119.409 [GMT -4:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\LogiShrd\LVM... Read more

A:virus affecting hardware?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 20 answers