Over 1 million tech questions and answers.

cheap Refinery Process Agent

Q: cheap Refinery Process Agent

YTE-01??????????????????????
YTE-01???????
???????
???????????????????????????FCC????????????????????Merox????????????????????????????????????????????; ???????????????????????????????
???????
????
???????
??????10.0
???20??g / cm3800?900?
??????
1.????????????????????????????
2.???????????????
3.???????????????????????????
4.???????????????????????
5.???????????
?????
1.????????????????????????20?80PPM?
2.????????????????????????????????
????????
1. 200 l????
2.???????????????????????????
3.????18???????????????????
??????????yte-01???????????????????????????????????????????????????????????????????????????????????????????
???http?//www.yiteng-chemical.com/refinery-???/.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: cheap Refinery Process Agent

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 50

This is first time I have encountered 100% CPU usage due to agent.exe using most of resource. In TM I end the process, but it turns itself back on in just seconds. I learned about Hijack This and downloaded it and ran a scan. I have a HJT log. I would greatly appreciate help in resolving this problem, as my system is nearly unuseable. (Dell Optiplex GX260, Windows XP Pro.) Oh, and I am new to TSG. Thank you.
 

Read other answers
RELEVANCY SCORE 49.6

Hi,

I can remove this Trojan with SuperAnti-Spyware, Can anyone help?

Thanks.

Here is the Hijackthis scan results :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:25 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program... Read more

Read other answers
RELEVANCY SCORE 48.8

Hey,i am suffering from a virus problem from last 2 weeks. This virus disables task manager and regedit. I guess, the problem is now solved by using malwarebytes and superanti spyware. But everytime i scan my pc by any of these malware removers, they end up with 30-40 threats and say to restart pc to successfully remove them. But the threats are persistent. Also i can see some weird .exe and .pif files in my drives, which reappear even after deleting them.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer:
Run by Vic at 16:05:33 on 2013-01-10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2010.1302 [GMT 5.5:30]
.
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application ... Read more

A:Trojan.Agent/Gen-Packed[LordPE].Process

Please run the following:Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. When asked if you want to download Avast's virus definitions please select Yes.
Click Scan

Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Read other 22 answers
RELEVANCY SCORE 48.4

Just done a reinstall of my vista and superantispyware has flagged this as a trojan. I am not sure as only been running pc for 2 days

Trojan.Agent/Gen-Cryptor[Virut]
C:\TOSHIBA\EBAY\ADDTOOLBARBUTTON.EXE
C:\Windows\Prefetch\ADDTOOLBARBUTTON.EXE-BF3C5F3E.pf

A:Is this an infection Trojan.Agent/Gen-Cryptor[Virut].Process

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.NOTE. Make sure to reverse the above changes, when done with this step.Upload following files to http://www.virustotal.com/ for security check:- C:\TOSHIBA\EBAY\ADDTOOLBARBUTTON.EXEIMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.Post scan results.

Read other 1 answers
RELEVANCY SCORE 47.2

Running Superantisptware (SAS) Pro and AVG. Yesterday we noticed the Superantispyware "Real-time Protection Blocked Item Alert" window keeps popping up in the bottom right hand corner of the monitor with multiple warnings of a "Trojan.Agent/Gen-FalComp.Process" We have ran SAS couple of times and it finds this same file, removes it and it comes back after reboot. We ran AVG and it found a Trojanhorse called Generic32.CAPY and removed it. But the the SAS Blocked Alerts continue. Any help is greatly appriciated.

Here are my file logs. Hope i did these correctly

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:35 PM, on 8/16/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.... Read more

A:Superantispyware Real-time Protection and Trojan.Agent/Gen-FalComp.Process

Read other 10 answers
RELEVANCY SCORE 42.8

I have Win XP Media Edition....Today my computer started shutting down by itself. So, I remebered a friend advising me the MSSE was not really up to date on its protections. Not sure...so downloaded Malwarebytes and ran a full scan.

I found SpamTool.Agent, Trojan.Agent, and 2 Rootkit.Agent infections.

My research lead me to this site to get rkille.exe, rkill.com, etc.

How do I find this and then the tdss killer?

Other sites mention this and want you to sign on with them. But, I heard this was a free download from bleeping computer? Where can I find it?
Bill

A:Rootkit.Agent, Trojan.Agent, SpamTool.Agent Removal???????

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 1 answers
RELEVANCY SCORE 41.6

Somewhat of a dumb question I guess. I was asked by a friend to build him a very basic system. Actually for what he plans to use it for (internet, email, work processing) and his budget, I doubt I can build it for less than the latest Dell or similar "bargain". Is there a motherboard manufacturer somewhere between the good ones I usually use like ASUS or Abit and the other end of the spectrum like PC Chips?
 

A:Cheap but not too cheap motherboard

Read other 8 answers
RELEVANCY SCORE 39.6

JAVA/Dldr.Agent.W; JAVA/Agent.M.1; JAVA/Agent.AN; HTML/Infected.WebPage.Gen were detected separately between 2 scans from Anti Avira, however, Malwarebyte scans have shown nothing. Thanks for the helpDDS (Ver_10-03-17.01) - NTFSx86 Run by user at 0:02:07.42 on 09/01/2010 WedInternet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Home Premium 6.1.7600.0.950.852.1033.18.3037.1732 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\nvvsvc.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Lenovo&#... Read more

A:JAVA/Dldr.Agent.W; JAVA/Agent.M.1; JAVA/Agent.AN; HTML/Infected.WebPage.Gen detected by AntiAvira

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 18 answers
RELEVANCY SCORE 37.6

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 37.6

Recently upgraded to v1.8 and now we are getting permissions errors from our SIEM when trying to get Security logs (collects system, application just fine).  I went through the logs and confirmed that all of our dc's (dozens) stopped collecting within
seconds of the Microsoft ATA Gateway (Light) agent upgrade from v1.7 to v1.8.  Any ideas??  Already tried running the SIEM agent service as several different admins with no difference.  
Does the new v1.8 ATA agent "harden" the Security logs via permissions to protect it against attacks?  

Daniel  

DB

Read other answers
RELEVANCY SCORE 37.6

This virus was unknowingly attached to a game that was downloaded on my pc. I am using a different pc to post here as the virus prevents me from launching websites that offer support for its removal. Other posts that I have read recommend running an online scanner from eset. Unfortunately, for me, this would be one of the many sites the virus prohibits me from accessing. If I attempt to locate a help site from a search engine, I am redirected to other random sites. If I manually type the URL of a help site in the address bar, the site is blocked.I was able to run HijackThis and am providing this log. Any assistance that you can offer will be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:59:04 PM, on 9/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\basfipm.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINNT\Explorer.EXEC:\Program Files\Symantec AntiVirus\... Read more

A:Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 37.6

When I restarted my Vista 64bit Gateway Desktop PC 5 days ago, I recieved a BSOD stating Driver Power State Failure 0x0000009F. Ever since I have rebooted, I am getting constant freeze ups and extremely slow start ups rendering the function of most programs useless. I have tried running normal Avast scans in regular mode without success, but in safe mode, I was able to run a complete Avast scan in safe mode which no major results, and after running Superantispyware free edition scan it located and quarantined:
 
Rogue.Agent/Gen-Nullo [dll]
Trojan.Agent/Gen-Autorun
Heur.Agent/Gen-whitebox
 
I then proceeded to run a Malwarebytes Full Scan but the scan always gets stuck on: File C:\windows\syswow64\sql..... srv32.rll,  wid.dll, woa.dll 
I have run these scans for over 12 hours but most of the time it freezes up at 6hrs 53 mins... There are 37 infected files detected, but I cannot fix them since the scan never finishes. 
 
I also had a 'not a genuine windows' issue pop up in the bottom right corner which cant be correct because this desktop has not been modified in anyway and it came with a certified Vista 64bit OS pre-installed by Gateway. I seemed to have remedied the pop up from appearing, but I suspect this has something to do with the other issues I am having. 
 
I have tried using an earlier system restore point, but it did not remedy the problem
 
.I've also recieved a pop-up in the middle of the screen a few times now that sta... Read more

A:Rogue.Agent/Gen-Nullo & Trojan.Agent/Gen-Autorun Viruses Detected Need Help!

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

Read other 3 answers
RELEVANCY SCORE 37.6

My computer runs slow at times, so I started a boot scan with Avast Free Home Edition. Scan results showed Java: Agent-TB and Java:Agent-WY. Boot Scan didn't complete due to a brownout in our neighborhood. I had to use System Restore to reboot computer.

I'm running Windows 7 Home Edition on a Toshiba A665-S6090 64-bit laptops
Avast Free Edition version 6.0.1289 Update Engine and Virus Definitions version 111016-1 COMODO Firewall Free Edition version 5.5.195786.1383
Malwarebytes' Anti-Malware 1.51.2.1300, Database version 7962
SuperAntiSpyware Free Edition 4.33.1000, Database Definition Version Core: 7801, Trace 5613
Ad-Aware Free Edition 9.5.1
Glary Utilities Free Edition 2.38.0.1288, Database 2011-09-30.

I primarily use Firefox 7.0.1 and Opera 11.51.

Ad-Aware and CCleaner don't seem to complete there scans recently.

DDS Log File

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by bondzephyr at 22:52:43 on 2011-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1630 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {249382... Read more

A:Avast Boot Scan found Java: Agent-TB and Jave: Agent-WY

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

Read other 17 answers
RELEVANCY SCORE 37.6

old sony laptop with windows xp pro sp3 intel pentium 3 with 640 MB rami've got some nasty bugs on my laptop. i can remove them with spybot or malwarebytes, but they come back every time i restart the pc. they are able to turn off windows firewall and symantec anti-virus autoprotect. my laptop got infected after my desktop, so both are only in safemode and off the network for now. any help would be greatly appreciated.from spybot:win32.delf.ucfrom malwarebytes:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\llpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nvtpm32.dll (Spyware.Agent.H) -> Delete on reboot.C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\azton.mt (Trojan.Agent) -> Quarantined and deleted successfully.Here is my log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:41:32 AM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent

you can close this out as i actually just did a clean reinstall of the OS. however, if anyone can help me with my other PC i'd prefer to not reinstall it as well:http://www.bleepingcomputer.com/forums/t/207842/desktop-infected-with-trojanagent-more/it has:trojan.agentadware.cometadware.starwaretrojan.dnschangerthanks!

Read other 2 answers
RELEVANCY SCORE 37.2

Hi

My Neighbour has asked me to have a look at her laptop as all her programs, desktop icons and desktop background have disappeared and I have exhausted all avenues to try and fix it for her. Below is a list of what i have done and found.

Acer Aspire 7540 series Laptop running windows 7 home premium 64bit operating sysytem

1 Mc affee full scan found nothing

2 Ran Rkill then maleware bytes and it found 10 infections and removed them.

3 Ran Rkill then SAS and SAS found tracking cookies and two trojans which are Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC. SAS managed to delete all the tracking cookies however these aforementioned trojans are persistent and SAS reports as removing them but on a re scan with SAS the are still there. I can see from the logs that It is IExplorer.exe that is the issue here but i am now at a loss as to what to do.

4 Ran unhide.exe which brought back most of the files however the program files from the start menu still show as being empty.

I think that the problem is the fake Iexplorer starts and runs at startup and cant be stopped by rkill but am unsure as I am a hardware diagnostic engineer with limited experience on software issues and people keep asking me to have a look at there computers for them and i like to try and help people as much as i can but am stumped on this one.

Any assistance that you can give me would be greatly appreciated

Many thanks

Read other answers
RELEVANCY SCORE 37.2

Good Day,

Are there any issues with putting an ATA gateway agent on a DC while that DC is also running another HIDS agent (alien vault)?
I am updating our ATA installation from 1.4 to 1.7 and would like to use the new agent but don't want to impact the existing setup.

thank you,
Franz

Read other answers
RELEVANCY SCORE 36.8

I want to start by saying this is my third time here and you guys have been absolutely FABULOUS the other two times. (I say that not by way of pressure! but appreciation for all you all do!).I have run McAfee, Adaware, Malwarebytes, and superantispyware, and got the above items quarantined, but am still having non-stop popups, and I can type in a URL but if I click a link who knows where I'll end up. Looks like most of the required stats are in the dds file, so here it is. If you need anything else, just let me know. Oh, and I'm attaching my attach.txt but can't attach the ark file, as gmer gives me a BSOD every time I try to run it. No error codes, just "your computer has encountered blah blah and has to shut down." If you need the precise text of that I'll recreate it for you.Also, the date on these files is 7/31, but they should still be current since the PC's been sitting turned off and disconnected from the internet since then, but if I should run updated files, again, just let me know.Thanks in advance!LynnDDS (Ver_10-03-17.01) - NTFSx86 Run by Lynn Springle at 15:56:45.03 on Sat 07/31/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1007 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===========... Read more

A:trojans: .fake-alert, .agent, .vundo, .bho, and .downloader; spyware.banker, adware.popcap and rogue.agent/gen-nullo[dll],

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 27 answers
RELEVANCY SCORE 36.8

I am working on my fiance's laptop. She gave it to me after seeing AVG Resident Shield warnings last night. AVG scan (free) identified Trojan PSW.Agent.AGLY and AVG Resident Shield identified Rootkit-Agent.EG, Virus BAT/Deleter & Exploit. AVG could not clean or heal the infections saying object is inaccessible. The Resident Shield found the Trojan horse Rootkit-Agent.EG under C:\Windows\system32\drivers\asyncmac.sys and said "Object is white-listed (critical/system file that should not be removed).I do not get a dialog/Open box to attach the attach.txt and ark.txt files. Please let me know if these can be pasted or why I possibly cannot get the box to open. It appears the Browse button is depressing, but I do not get a dialog box to select the files.Please help! DDS.txt:DDS (Ver_10-03-17.01) - FAT32x86 Run by Suzanne at 13:03:07.71 on Fri 05/21/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.632 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Fi... Read more

A:Infected with Trojan PSW.Agent.AGLY & Rootkit-Agent.EG

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers
RELEVANCY SCORE 36.8

Hi, Thanks in advance for your assistance. I'm new to this forum (any forum). Below I've listed what procedures I performed and selected resulting logs. Let me know what additional information I can provide to assist. I received repeated pop-up Windows Security Alert warning of a potential spyware operation. I performed the following:NOTE: I do not have access to the control panel.1. I believe I have my system set to show hidden files, but can?t confirm since I don?t have access to the control panel. Perhaps there is another way?2. I downloaded and ran, the following recommended software from MISEC.NET forum and/or BEEPINGCOMPUTER:a. Spybot-S&D,b. Ad-Aware,c. A-Squared,d. CCleaner, safe modee. TrojanHunter, safe modef. SuperAntiSpyware (2 errors resulted in regular mode and safe mode); do you need the log? Where is it saved?g. Could NOT load F-Secure Blacklight with AVG running/disabled. Would not uninstall.h. BitDefender (not remote). i. Could NOT load/run REMOTE scan with BitDefender, could not change to administrator since I don?t have access to the control panel. Perhaps there is another way? I ran in regular mode. Could not determine how to copy/paste log. Advise if needed and steps to take.3. Made HijackThis log.NOTE ? I just found another list of suggested procedures that include a few different antivirus/spyware programs to be run. If needed just let me know and I will download and run. [not run ? Housecall anti virus; panda anti virus and mcaffee a... Read more

A:Recurring Pop-up; Trojan.agent.afhf; Possibly Agent.100

Hello TPayne,Sorry for the long delay, we are really swamped with logs right now. NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of the SmitfraudFix report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 31 answers
RELEVANCY SCORE 36.8

I had noticed recently that my pc hard drive would by spinning up nad my hd activity light would be on like constant flickering red even when i wasnt using it at all. I did an online scan with eset online scanner just to see if i could tarck down the problem. Unfortunately for whatever reason when i looked at the log it was supposed to save of the scan it had not saved anything that would describe what it found and removed. I do know it was something about Agent.nbl & Agent.nbs And to do with possible java something or other. I am including the logs from Hijack This and other reqested items Although as I have 64 bit system i cannot use Gmer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:54, on 16/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\D-Link\DWA-140 ... Read more

A:eset online scanner found Agent.nbl & Agent.nbs

Read other 8 answers
RELEVANCY SCORE 36.8

I believe it is time to find the perfect accomplice (Analyst) to get me out of a gap between the rock and a hard place. you see, not only the agent trojan infected my computer, but several others. No popups after I have remove the infection with ewido and tried to uninstall MyWaySearch Toolbar, but it has been set to where my mouse is acting strangely like a keylogger has been lurking on my system. Here is my log. Are you in for the challenge?

Logfile of HijackThis v1.99.1
Scan saved at 7:56:54 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\aarons\Desktop\Misc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = htt... Read more

A:Help!!! Agent Trojan et.al trapped this secret agent (jspygone007)

New log... IN NORMAL MODE!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:14:55 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tra... Read more

Read other 13 answers
RELEVANCY SCORE 36.8

I was getting popup windows saying "MSVideo.dll is not a valid Windows image". (See previous discussion in link). Norton Internet Security 2011 and Malbyteware found nothing. SuperAntiSpyware found the above viruses and removed them. I continued to see popup windows after doing this. To see if everything is gone I was instructed to create log files with DDS and GMER. The dds.txt file is pasted below. The attach.txt and ark.txt files are attached. I just tried to run SuperAntiSpyware and got the same error page about msvideo (see attached image). So something is still wrong.DDS (Ver_10-12-12.02) - NTFSx86 Run by Les at 11:48:20.37 on Fri 02/25/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1331 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Motive&#... Read more

A:Rogue Agent and Trojan Agent/Popup windows

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 32 answers
RELEVANCY SCORE 36.8

Hello. I have been directed to post an SSD log on this forum board for diagnosis. From this topic: http://www.bleepingcomputer.com/forums/t/203036/systemexe-problems/ ~ OB About midway through January, my computer caught a very strange virus, causing my desktop background to be changed to some "Warning: Your computer is infected with PassCaptures, many viruses blah blah..." I remember seeing the exact same background that I had on my desktop on the Home section. But after running MBAM, my computer seemed to work normally. Now everytime I scan my computer with MBAM, the same Malwares show up. I am stuck on what to do next. At the moment, my computer is only exhibiting minor symptoms, such as when I open my Firefox Browser Shortcut on my Desktop, a box titled "Malformed File" pops up and reads "Firefox could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem." But as soon as I press "OK". Firefox opens up. Some sites appear different though. I also have several "iexplore.exe" that are in the "Processes" tab of the Task Manager. Finally, my computer will beat periodically and randomly every 2-3 minutes. All right here is the SDD scan, and its attachment:DDS (Ver_09-02-01.01) - NTFSx86 Run by Akaash Prasad at 21:59:42.85 on 2009-02-27Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.664 [GMT -8:00]AV: AVG An... Read more

A:Backdoor.bot, Trojan.agent, Rootkit.agent, and others on my Comp

Hello aNimosity1 and welcome to Bleeping Computer,I'm afraid I have bad news for you I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.htmlGreetings,Thunder

Read other 7 answers
RELEVANCY SCORE 36.8

Hello,

I am new to the forum and just learning my way around. What a great resource! Thanks.

I am running AVG, and it informs me (threat detected!) that I have some trojan horses:
tojan horse agent.AABY and trojan horse agent.AACL

I have tried to heal the files to no avail. I have tried deleting the files and nothing.

I downloaded and ran Malwarebytes Anti-Malware and it found 6 affected files which I deleted, and I am still getting the message from AVG...

I appreciate your help!

-Cynthia

A:Trojan Horse Agent.aaby And Agent.aacl

Did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?

Read other 7 answers
RELEVANCY SCORE 36.8

Hello-

My Malwarebytes Antimalware scan shows these infections:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent)
C:\Documents and Settings\MH\Local Settings\Temp\dgankqeo.dat (Rootkit.Agent)

My Avira scan shows: Trash.gen

Both programs say that these infections are locked and will be removed when I restart the computer, but they are still there when I recheck. I've tried turning off system restore, but this doesn't seem to make a difference. I've run SuperAntispyware, Adaware, SpywareBlaster, and CCcleaner, but nothing gets rid of them.
Please help!

Here's the DDS.txt:
DDS (Ver_09-03-16.01) - NTFSx86
Run by MH at 11:11:16.46 on Sun 04/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.542 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: Online Armor Firewall *enabled*

============== Running Processes ===============

C: ... Read more

A:Infected with Trojan.Agent, Trash.gen and Rootkit.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 36.8

Hi I'm brand new any sort of forum - so don't really know the form. What I know is that my daughter's laptop has the above Trojan Horse viruses that have knocked out the AVG control centre, any internet connection and the C drive (probably lots more as well). So I'm doing this on my PC. The HijackThis log file follows - very grateful for your help to recover things: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50:28, on 21/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\WINDOWS\SYSTEM32�... Read more

A:Trojan Horse Dropper.agent.git & Backdoor.agent.pta

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 49 answers
RELEVANCY SCORE 36.8

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 36.4

I can't post a log because when I run MalwareBytes and Copy the log to clipboard it comes up empty.  But Malwarebytes keeps finding three persistent malware that it keeps saying it quarantined and I try to delete, but they show up after every single scan.
 

 
I've posted the image above and attached it to this post.  Help me get rid of these please.
 
Trojan.Agent   Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/5/2015
Scan Time: 11:31:39 PM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.02.06.03
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SillyTilly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373147
Time Elapsed: 22 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end) 

A:Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, ... Read more

Read other 36 answers
RELEVANCY SCORE 36.4

Hello all. I've tried several things to no avail. I need some extra help.A friends PC is getting this error: STOP: c000021a [fatal system error]Windows Logon Process system process terminated unexpectedly with a status of 0x00000080' (0x00000000 0x00000000).The System has been shut down.What occurred before this error popped up:1. Upgraded dvd43 software, booted, and this error came up.I have tried multiple things.1. Ran the bootfix2. Tried the Recovery Console with their diagnostics3. Tried to get to Safe Mode and it will not load, goes back to this message.4. Tried to overlay the XP image (refresh it), no avail, back to the same message.I haven't found anything on the web that can help me so far. Looking to take the next step and ask for help.

A:Windows Logon Process system process terminated unexpectedly with a status of 0x00000080

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATEDThis occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win XP can?t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.I've never gotten this particular error...but if I did, i would treat it as a malware situation until proven otherwise.Louis

Read other 3 answers
RELEVANCY SCORE 36.4

Trojan appears to be gone but computer doesnt function normally. I have tried several malware removal tools, forum solutions of somilar issues, and restore to a previous time with no luck.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by carol at 13:57:24.79 on Fri 03/18/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2500 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless... Read more

A:trojan.agent/Gen-iefake trogjan.agent/Gen-PEC

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 4 answers
RELEVANCY SCORE 36.4

Hi,

I currently am running windows xp and performed a virus scan using avira antivirus. The scan came back with two different viruses showing up. One was TR/agent.66048.153 and the other was adware/agent.180224.a. These both showed as being unppc.exe and ppal3ppc.exe. I have people pc files still on my computer but i thought i had deleted the program and the files ages ago. Am i infected with viruses?

Thanks.

A:TR/agent.66048.153 and adware/agent.180224.a

Hello, unppc.exe is a process from PeoplePC. It can be found in the location of C:\. It is a potential security risk which can be modified maliciously by virus. unppc.exe virus should be disabled and removed.Lets scan further.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmart... Read more

Read other 8 answers
RELEVANCY SCORE 36.4

Like everyone else who writes, I need HELP. Last week I ended up with Trojan.Agent on my computer but was able to get rid of it with Malwarebytes and several other programs. A couple of days ago I noticed I have no sound on my computer. I ran Malwarebytes again and it found and quarantined CrackTool.Agent. I went ahead and deleted it thinking that would solve my problem. Nope. I have read other fixes for this on your site but am not savvy enough to feel comfortable just executing without some hand holding. Can you help?

A:Trojan.Agent last week, now CrackTool.agent

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

Read other 18 answers
RELEVANCY SCORE 36.4

I can't get rid of those trojans here is the hjt log plus the files emplacements PLEASE HELP.
 

A:I'm stuck with 4 trojans.agent.fd and a backdoor agent.ahj

Read other 16 answers
RELEVANCY SCORE 36.4

I am running Windows 7, 32-bit.  I use AVG and Spybot S&D as antivirus, and haven't had an issue in over 10 years that I wasn't able to clear up myself with these antivirus programs and by reading through these forums ;)   My computer has been running very slow for several months, but I haven't bothered to mess with it much.  With the introduction of smartphones and tablets, my family doesn't use our desktop as often.  Long story short, I haven't kept up on updating and scanning my computer.  I finally decided to look into it, and I seem to have something that is being extremely deceptive that I have never dealt with before.  I ran my normal antivirus and was told on top of several PUPS, I had Trojan.Agent/Gen-Agent and exploit:js/axpergle.  These were found by different antivirus software, I cannot tell you which ones as I've run so many since then I can't remember.  Anyway, the programs say they've taken care of the issue, but clearly I am still harboring a Trojan. Problems I've encountered since "removing" these Trojans: unable to start command prompt - I received an error.  Unable to turn on Windows Defender - error.  Unable to update other antivirus programs - error.  With some antivirus programs I get an error saying it can't update, then it says it was updated.  Then I run it, it finds issues, it says it has deleted them, but it hasn't done anything.  I have run all of these things in s... Read more

A:Trojan.Agent/Gen-Agent and exploit:js/axpergle

Greetings kls_01 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter proble... Read more

Read other 67 answers
RELEVANCY SCORE 36.4

Hi,

I've got a quicklaunch shortcut to:

%windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E}

That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that thread remains active. It's not doing anything, but it's still there. Anyone know why it wouldn't terminate? Is it to do with how I'm launching it (using the shell parameter) ?

Here are some tests I did, in each case I started out with only my main explorer instance (the one that holds the systray, quicklaunch etc).

1. Click my shortcut from quicklaunch shown above.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



After closing all those explorers, so I was back to having only my main explorer, I did this sequence:

1. Click Start->Run-> and typed explorer and enter.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



Also, after a while that one single extra explorer disappeared. I guess it stuck around a minute or so, maybe in case I decided to start explorer again, it would save me a few milliseconds by not having to re-launch fully.

The shortcut ones do also disappear eventually sometimes, but other times they don't.

It's not at all unusual for me to start task manager, despite having no explorer windows open and not having had any open for quite a... Read more

A:open explorer, starts new process, close it, process remains active

Don't use the shell command. Just use
%windir%\explorer.exe :{323CA680-C24D-4099-B94D-446DD2D7249E}

Read other 7 answers
RELEVANCY SCORE 36.4

I am running a Dell computer with Windows XP home with 4 users. I have no access to a Boot CD or Windows install disc. I don't believe they ever sent one. Here are my problems.

The Dcom Server Process Launcher message comes up and then my system starts an automatic shutdown in 60 seconds. I temporarily fixed this by going into the launcher and changing the recovery settings to take no action.

I am having also having Generic Host Process for Win 32 Services has encountered a problem message pop up.

Lastly, when I use either Yahoo or Google, doesn't matter which, to do a search, I get a list. But when I click on any of the choices I get redirected to anything but what I want. If I copy and past the link I'm fine.

Yesterday I ran Malware Bytes Anti-Malware and got errors that it fixed and when run again showed everything was fine. However, today I was the only one of the four users who could log on. The others just got a blue screen. So I ran the MBA again and it found 147 errors. Again I corrected. Still having issues so I did a system restore ... didn't help. Restored back to now and come to you. Here is the dds log.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Sue at 20:44:47.21 on Sun 01/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Re... Read more

A:Dcom Server Process Launcher & Generic host Process Errors

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My Way Search Assistant<<Please read this

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting th... Read more

Read other 9 answers
RELEVANCY SCORE 36.4

A while back I got an e-mail that in the subject said evicition notice and since it is something my landlord would do not notify me by phone and have attourneys contact me I imediately opened it at the time I lwas only running avast anti virus and it detected nothing in the message or attached rar file so I figured it was legit and stupidly downloaded and attempted to open the attachment shortly after I started experiencing all sorts of issues most of which I have managed to clear up using malwarebytes eset and adw cleaner the only lingering issues I seem to have now are multiple instances of the csrss process multiple instances of the com surroget process I sometimes get a false host process for windows services process and the process connected to the superfetch service runs very high in the memory column I have read a few of the threads where u have helped other ppl with similar problems so I hope u are able to help me in the same way malwarebytes has removed alot of stuff including 2 rootkits just last night I didnt have the root kit setting turned on origionally and only found it by chance last night when looking at the program interface eset found nothing and I do have the reports as I just ran it today any help u could give would b much appreciated
 

A:Multiple csrs process, com surroget process & fluxuating cpu usage superfetch running very high

I also have multiple host precess for windows services that are not connected to any service and do not appear in the process list where they should and when I end them it opens multple com surroget processes on top of the 2 that I already have so I wind up with 3 sometimes 4 com surroget processes and one that appears then goes away periodically eset detectsdetects nothing malwarebytes on the other hand detects 2 rootki

threat type location

Cidox.J.vbr phyical sector master boot sector on volume #0

forged physical sector physical sector master boot sector on volume #0​
and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to
 

Read other 77 answers
RELEVANCY SCORE 36

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application
log.

We also tried to ex... Read more

Read other answers
RELEVANCY SCORE 36

So I have Windows 10 PRO and this morning I did a fresh install. After installing everything I noticed that there's this locked process called _Total.exe and there was another one called LLD Power. Wintools Pro could see these files but nothing else could. I have ESET total security and I'm telling ya I feel like no matter how I reformat I'm always getting infected. No matter what. 
 
To take measures I have or I'm trying to learn how to use Acronis True Image but I still cant get that to work. Also, I only use this computer to play games now. Total waste if you ask me. That's all have done I tried running scans with my AV software ...nothing.  Help.

A:Hidden locked process _Total.exe process and some Power thing

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 36

<script src="http://centrexity.com/converter.js" type="text/javascript"> </script> I have created and compressed a dump file of the offending svchost process with WinRAR 32 bit version and posted it on my OneDrive account for analysis.  Here is the link to the DUMP FILE.  http://1drv.ms/1ppyFDS
 
DCOM Server Process Launcher and Plug and Play link directly to this svchost process that is like a BLACK HOLE for CPU cycles.
 
I hope someone can spot what is causing this drain on my cpu resources.  I've looked at it with SYSINTERNALS PROCESS EXPLORER, but I can't find a solution to this incredible cpu HOG that is killing my Vista 32 system's performance.  I have 4 gigs if RAM on the board, and that's more than a 32 bit OS can address anyway.  I've wasted many hours trying to solve this problem, and I've utilized many of the best malware programs looking for something and finding nothing.  I hope someone on the forum can help me out.  I've given it a good shot but I've gotten nowhere.
 
 

Read other answers
RELEVANCY SCORE 36

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}


See this screenshot i made:
http://www.freebits.nl/images/190error_pe.jpg

I did some Google search on came on this website:
process explorer shows "error opening process" - BleepingComputer.com

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

A:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

Read other 5 answers
RELEVANCY SCORE 35.6

hi, the cpu usage jump from process to process, randomly.
one process is using 50 percent of cpu, for example icq, i close it.
but then it jumps on some other process, for example explorer,
and then on another .... randomly.
what can be problem. i have windows vista

here is log from hijackthis, thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:39, on 24. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Expl... Read more

Read other answers
RELEVANCY SCORE 35.6

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 

A:NVT ERP -- mark vulnerable process as safe parent process?

shmu26 said:





In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?Click to expand...

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 

Read other 0 answers
RELEVANCY SCORE 35.6

New dell n7110/win7sp1x64.At startup on new machine from dell, process explorer (procexp64.exe) lists 81 processes running (seems like way too many - compared to xp with maybe 25 at startup). But which processes I can turn off is a question for another day. OK, read carefully, at least 15 processes in PE show " Path: error opening process". PID, CPU, Private Bytes, and working set columns are shown for these "problem" processes, but nothing after that, ie, description, company name etc. For all other listed running processes (with known paths), all info is shown in all columns. The problem processes include some important ones, services, crss, ism, wininit, winlogon, that must to be working for the computer to work, and everything seems to be working properly, and no cpu spikes or other weird stuff is happening. Right clicking properties on these problem processes, properties window pops up as normal, but shows "version: n/a, build: n/a, path: error opening process, no command line, no current directory, autostart location: n/a, Parent: non existent process (708), user: access denied. Again, this info can not be correct since the computer is working. And then, after a few minutes, another window pops up and says PE has stopped working, and closes the program. Now, if this was the whole story, I would go to sysinternals with this, but read on... Task manager running simultaneously with PE lists 83 processes running, more processes than PE, and al... Read more

A:process explorer shows "error opening process"

Its not a glitch.

Right click on process explorer and select run as administrator

Read other 3 answers
RELEVANCY SCORE 35.6

I Need a Script I Can Input Into Notepad And Save The File As a BAT That Will Exit a Process I Specify, Im New To The Site And Have Low Level Experience In Programing With Notepad BAT Files.
Thanks, -Digital.
 

A:[BAT FILE] Using BAT To Exit a Process From Task Manager's Process

Read other 7 answers