Over 1 million tech questions and answers.

Leftover Stuff From Malware

Q: Leftover Stuff From Malware

Ok, finally got Smitfraud-C.Core Service and Virtumonde cleaned out. DriveCleaner2006 does not seem to want to go away now. Had some WinAntiSpyware as well. The only thing that seems to be hanging on at this point is the DriveCleaner. Here is the HijackThis log. Thanks for your help!Logfile of HijackThis v1.99.1Scan saved at 3:24:28 AM, on 7/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exec:\program files\safeandsecure\safeandsecure\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\WINDOWS\system32\dlcccoms.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\SafeandSecure\SafeandSecure\app\Prism.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exeC:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exeC:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXEC:\WINDOWS\system32\taskmgr.exeC:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\xxyvtqq.dll (file missing)O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ebarkhoc.dll (file missing)O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\SafeandSecure\SafeandSecure\app\AuthBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO2 - BHO: (no name) - {DF820D7C-BCD5-4615-99A0-5782BD343D98} - C:\WINDOWS\system32\sstqn.dll (file missing)O3 - Toolbar: Safe and Secure Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\SafeandSecure\SafeandSecure\app\AuthBHO.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected] - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\lvypsxnm.dll",forkonceO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\safeandsecure\safeandsecure\app\CurtainsSysSvcNt.exeO23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

RELEVANCY SCORE 200
Preferred Solution: Leftover Stuff From Malware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Leftover Stuff From Malware

Welcome to BleepingComputer, I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.I recommend that you "track this topic" to be notified when a reply has been made. At the top if this thread choose Options > Track This Topic and then select Immediate Email Notification.RegardsPOADB.

Read other 14 answers
RELEVANCY SCORE 66.8

So I contracted Smitfraud-c, as named by Spybot, and like everyone else I couldn't get it off. My computer was just going nuts; adding desktop icons, opening my browser, countless prompts ostensibly notifying me of spyware removal tools, and actually running these fake programs. I tried a few smitfraud cleaners and other recommendations to no avail.
Finally I tried using HJT to "delete a file on reboot.." and deleted the dll associated with smitfraud-c. I think I determined the dll file with the SpybotSD recovery listings following a scan, or something like that. Anyway, after I did this SpybotSD was actually able to delete the Smitfraud-c object. After numerous scans with all of my clean-up tools, they are no longer picking up any more malware.
I was happy about this, however things still arent completely right: Boot-ups take a long time (malware is starting up and initiating its hijack, I think), my home page keeps changing, and I'm pretty sure I'm seeing browser hijacker entries in my HJT log.
Security and cleanup tools that I use: SpybotSD, AdawareSE, Spyware blaster, AVG, windows firewall, CCleaner, RegCleaner, Windows disk cleaner and every now and then I'll run rootkit scanners. Here's my HJT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.e... Read more

A:smitfraud-c, leftover stuff

Read other 12 answers
RELEVANCY SCORE 56

I have previously posted in this forum about my computer on this thread: http://www.bleepingcomputer.com/forums/t/239917/google-redirect/. The google redirection issue described there was resolved, but there are still a few symptoms that indicate the computer may not be completely fixed. I was working with Blade81 via private message but we were unable to solve these symptoms. They are:When I log into the "Steve" account, I see this error message:
RUNDLL
Error loading C:/DOCUME~1/Steve/protect.dll
The specified module could not be found.
(Note that the combofix in the previous thread was done to the Donna account)The antivirus program auto-update does not seem to be working. I can do a manual update, and I can see that automatic updates are enabled, but they do not seem to be executing.Uploading actions, such as sending an email or uploading pictures to Picasa, seem to take longer than they should.I have run DDS on the "Steve" account since it is the one that has the error message. Thanks in advance for any help you can provide.DDS (Ver_09-07-30.01) - NTFSx86 Run by Steve at 21:08:58.73 on Wed 09/02/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1679 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k ... Read more

A:Leftover Malware from a Previous Fix

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 56

Last Thursday, I'm sure a file from WinMX while my AVG was off(that's a long story) caused a browser hijack. Anyway, I read though your and other forums and followed some of the suggestions given to others with similar ills. After a lot of trail and error I seem to no longer have browser hijacking ( i.e.. new window opening with "url.urtbk" in the address) but I'm not sure if all is well. There may still be leftovers. My browser still runs slower than normal and I fear a redirect is in my future. Here's my current HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:51 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx... Read more

A:Malware leftover blues

I now have Java SE installed (files in my registry leftover fron Windows Cleanup Utility prevented installation)
 

Read other 1 answers
RELEVANCY SCORE 56

So my dad was using the pc and installed malware by mistake. I ran malwarebyes and removed the malware but every time he signs into his account on startup this error pops up. I tried to find it's folder but couldn't see it so how can I remove it please?

A:Cannot delete this malware leftover

Originally Posted by Edward


So my dad was using the pc and installed malware by mistake. I ran malwarebyes and removed the malware but every time he signs into his account on startup this error pops up. I tried to find it's folder but couldn't see it so how can I remove it please?



Hi Edward.
Do you have Ccleaner installed on the computer?
If so, please navigate to the TOOLS selection on the left, then go across the tabs to SCHEDULED TASKS. Look in that window for the DLL call and highlight it, and select DISABLE. Reboot the computer.

Read other 3 answers
RELEVANCY SCORE 55.6

I've tried many times but they wont go away. I have a screenshot of the issue.

I've had a previous issue where I was losing disk space for no reason. I don't know if this had anything to with it, but I still have that issue even though I've tried everything. I've backed up my personal data so it's no big issue.

The issue right now is that I can't remove some of the malware that Hitmanpro had detected. I can't find them anywhere on the computer and CltMngSvc isn't even on the task manager.
 

Read other answers
RELEVANCY SCORE 55.6

I am getting the following error reportGeneric Host Process for Win32 Services has encountered a problem and needs to close.C:DOCUME~1MELOCALS~1TempWER5602.dir00svchost.exe.mdmpC:DOCUME~1MELOCALS~1TempWER5602.dir00appcompat.txtWhen I first realized I had a problem, AVG stopped working so I unistalled it and downloaded Spybot and ran that in Safe Mode. This seemed to repair some of the problem as it found many infected files. I reinstalled AVG. Ran that and it to found infections. I then had problems running certain things like disk defragmenter and task manager. Unistalled Spybot and installed Malwarebytes. This corrected almost everything. AVG is now telling me that my atapi.sys is infected and it can't do anything to it. Here is a list of what is in my AVG virus vault."Infection";"Trojan horse SHeur3.ARI";"C:Documents and SettingsMemvhasyvimk.exe";"";"2/28/2010, 3:23:08 PM""Infection";"Trojan horse BackDoor.Generic12.AMHS";"C:lsass.exe";"";"2/28/2010, 3:29:17 PM""Infection";"Trojan horse SHeur3.ATW";"C:WINDOWSTempiufg.tmpsvchost.exe";"";"3/1/2010, 4:41:17 AM""Infection";"Trojan horse FakeAV.SL";"C:WINDOWSsystem32sshnas21.dll";"";"3/2/2010, 5:32:06 AM""Infection";"Trojan horse FakeAV.SY";"C:WINDOWSsystem32_VOIDkdkxcqwpwc.dll";""... Read more

A:Have leftover problems from either a virus or malware

Thank you Pandy for getting me in the right forum. I am having trouble getting the rest of my reports to post.

Read other 12 answers
RELEVANCY SCORE 54.8

I got infected with the subject malware and managed to remove enough of the pieces that my Dell is operational again (Windows XP Home SP2). However, I still have two problems I haven't been able to eliminate. One, just to the right of the time in my toolbar, I keep seeing the msg "VIRUS ALERT!" and it also appears in various other places. The larger issue though, is that although I have 3 hard drives (C, D and F), since the malware problem, the only hard drive that "My Computer" shows is F. Using Acronis partition software, that software sees the other drives and all the files are still there. Although I've lost some desktop icons that used to be there, if I go into All Programs and tell the system to start a program that resides on one of the "unseen by Windows" drives, the program starts up and runs just fine.

How do I restore the ability of My Computer to show me all the installed drives (I'm guessing it's some trick in the registry). Thanks for any assistance.

Ted

A:Antivirus 2008 Malware Leftover Issue

Download and install TweakUI (the download is on the right hand side of the screen). Run TweakUI and then click on My Computer > Drives and place a check next to the drives you want to unhide.

Read other 2 answers
RELEVANCY SCORE 54.8

So whenever i use Rkill it detects a bunch of malware domains on the HOSTS file after sometime that are (probably) leftovers from the last time my computer got infected but i also get sometime while visit new websites that CloudFlare is establishing a secure connetction or something (i dont remember because it happened long ago and i didnt pay attention to it because it got me to the site i wanted to go to with no problems but i lost my trust in things of such nature from cloudflare since last time.
The whole file ( i cant post attachments here )
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 08/22/2016 04:09:22 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Di... Read more

A:Leftover malware domains in the HOSTS file

Reset the Hosts file back to the default?

Read other 4 answers
RELEVANCY SCORE 54.4

After I followed some instructions to remove the system diagnosis malware, some others remained and I don't know how to remove them.
I followed the instructions on pasting the DDS log, but had a problem with gmer.exe. When I opened gmer.exe, I was only allowed to check some of the settings, I can only check services, registry, files and ADS.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Yongbin at 17:58:05 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3835.2614 [GMT -7:00]
.
AV: 360杀毒 *Disabled/Updated* {A0FD413B-F662-C08C-7B21-F57CED225A55}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\360\360Safe\deepscan\Zh... Read more

A:Malware removal leftover (google redirect and sound ads)

I forgot to mention, there are some chinese programs in that DDS list. I looked over it and the programs with Chinese characters are virus scan, firewall protection, Chinese character input, and video player.

Read other 46 answers
RELEVANCY SCORE 46

I have a rogue anti virus thing going on and spyware terminator says I have a couple trojans. I cant use malwarebyte or anything. tried to run a root repeal due to anothers advice ut I cant run that either. Someone please help. I have 2 teenagres that download stuff all the time on my computer and its getting worse ever time they d/l something.

A:Need help with malware and other stuff

Hi kireland6 and to BleepingComputer!Have you installed Malwarebytes Antimalware already?If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to winlogon.exe.Double-click on winlogon.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on winlogon.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Read other 3 answers
RELEVANCY SCORE 46

Ok - I am just wondering if anyone can help me. I had been having everything from page re-directs and unidentifiable add-ons added to Mozilla firefox plus a few trojans were caught by Malwarebytes, and a set of generic credentials kept popping up in my credential manager vault everytime I rebooted or powered up. I recovered my ASUS computer from the recovery partition. JUST AFTER THE RECOVERY - the system paused and installed an ACTIVE X. (This read as "Installed Active X" and was the first thing installed on the newly recovered system listed in my system restore - restore points) It also installed Microsoft Works and WINDOWS LIVE & Windows Silverlight.When I called ASUS they advised me that Windows Live SHOULD NOT have been installed in this manner. and advised me to do another recovery or to just uninstall the windows live and other unwanted programs using control panel and restart. I also had to manually format my second drive. At some point in my updating windows - things froze and I had to do a system restore to an earlier time. I noticed that just before I did this second system restore that I am now seeing "Wireless Network Connection 2- Microsoft Virtual Miniport Adapter." I don't want it - What is it anyway? Why do I need it? What does it do?To my understanding it's to split another connection off the main wireless connection- I DO NOT WANT THIS. I have been concerned about remote monitoring in the problems I have had. One more thing. ... Read more

A:Can anyone tell me what this stuff is? Possible malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 46

I recently came in contact with another Malware/vundo (i'm a newbie). Do not know where I got it, and probably will never know. Here is my log file: Logfile of HijackThis v1.99.1Scan saved at 9:30:32 AM, on 8/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\Verizon Online\Visual IP InSight\IPClient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SSEMBL~1\wuauboot.exeC:\Documents and Settings\Office#2\My Documents\??crosoft\?vchost.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Program Files\Sony Corporation\Picture... Read more

A:These Malware Stuff Is Getting Old

Welcome to the BleepingComputer HijackThis Logs and Analysis forum steege My name is Richie and i'll be helping you to fix your problems.First of all you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf then click on 'Install'.After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

Read other 9 answers
RELEVANCY SCORE 45.2

well, I really have no clue what is wrong, but it's some sort of malware bullbleep. So, it took a really long time for me to even be able to get this... etc, so please help me, I die without my computer.Logfile of HijackThis v1.99.1Scan saved at 7:20:40 PM, on 11/16/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: BHObj Class - {0000... Read more

A:Malware.. And Stuff, Idk Really - Istsvc

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

Read other 1 answers
RELEVANCY SCORE 45.2

My computer is having lots of problems,
can you please help?

here's my HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 6:21:30 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\1175769856\ee\AOLSoftware.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XbleedingxobsessionX\My Documents\Hi... Read more

A:Lots of malware and stuff, please help! =[

Bump? =[

Read other 19 answers
RELEVANCY SCORE 45.2

Hi all,

I am using Windows Vista Home premium. In the past few months I have noticed that my internet web surfing has functioned less efficiently, with slower web page loading and often "the page cannot be displayed" and I have to refresh a few times before the page loads. This happens for every website I visit. When I click the back button, I sometimes see weird addresses which I didnt even go to. I suspect these are phishing, malware or spying tools. And on MSN messenger, I have been hit with the Acai Berry virus, where my account constantly send messages regarding Acai Berry pills to my contacts. Most recently, my facebook account was infected as well, sending out messages about weight loss stuff.

I have constantly scanned my computer with my McAfee virus scan, as well as Malwarebytes anti malware scan. Both revealed no threats found.

Hope you guys can help,
Thanks

A:Think my com is hit with malware, phishing stuff

Update mbam and run a FULL scanPlease post the results==========================ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then ... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hi

I first noticed the problem on 2016 0501 when trying to restart computer.
The computer got stuck. I forced it down and turned on, then noticed iTunes doesn't start. Just as percaution I tried to scan with Kaspersky but it doesn't progress beyond 1%.
I tried download Malwarebytes but it doesn't run at all.

Besides still no access to iTunes and Malwarebyes and Kaspersky not scanning, I've noticed files don't appear and disappear when moved until I refresh. No other noticed symptoms, but I haven't tried doing much.

I tried Kaspersky and Malwarebytes but no luck. Malwarebyte's Chameleon tool gets stuck on updating MBAM. I tried running Rkill, which I found from google. There's an alert in file created, but it does not allow me to run Malwarebytes/Chameleon or Kaspersky.

Also please note that although I uploaded Addition.txt and FRST.txt, my Farbar Recovery Scan Tool is currently stuck and has always gotten stuck a short while the three or four times I've tried it.
So I don't know if it will help.

I also uploaded the last Rkill.txt hoping it will provide more information.
 

A:Probably Malware. But not 100% Sure. Lots of stuff are blocked.

Hello,

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​
Open Zemana AntiMalware again.
Click on icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

 

Read other 4 answers
RELEVANCY SCORE 44.8

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ESMSHII1\jiansheng[1].exe (Trojan.Proxy) -> No action taken.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ESMSHII1\wow[1].exe (Trojan.GamesThief) -> No action taken.

like, malwarebytes scans dont remove these, ummmm, what do i do? i tried avg first, then malwarebytes, and now im holding at gmer. i'm lost.

Someone please help!

A:OMG crazy virus/malware stuff

Please try running malwarebytes using these directions...On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they ... Read more

Read other 5 answers
RELEVANCY SCORE 44.8

Hello. I would like to start off by saying that I have made many attempts by myself to remove the malware afflicting my computer. I have located the folder in my system (C:\Program Files\Video ActiveX Object); the remaining objects in the folder are: isaddon.dll, which is labeled as a application extension, isamini.exe, isamonitor.exe, pmmon.exe, and pmsngr.exe.

my first attempt to removing them was simply deleting them. I got rid of some files, but those five remained. I tried closing their executables via task manager, but they re-open themselves. I used Norton to perform a government regulation file wipe, but it was ineffective.

I have gotten reports from my computer of possibly having 2 different trojans (PSW.x-Vir Trojan)([email protected]) and one worm (spyworm.win32). I came across your forums while looking up info about the worm. I am highly skeptical about downloading anything right now and I don't have the money to purchase any products at the moment. This computer is highly valued by my family and we appreciate any help you can give us.

Thank you!
~Mr. Krauser

EDIT: I downloaded Hijack This and ran it. here is the report.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:47 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2... Read more

A:Requesting help for removing malware and other fun stuff.

Read other 7 answers
RELEVANCY SCORE 44.8

Hello,
I don't know if I am still being affected by malware or if I've removed the malware and my problem is simply residual.
I contracted a fake malware-alert virus that, at first, did not allow Malwarebytes Anti-malware or Super Anti-Spyware to run for more than a few seconds before shutting them down. It also prevented me from accessing this site and other tech-solution related sites via Internet Explorer. I downloaded everything that I could find that sounded like it had fixed similar problems for others (I used another computer to search for and download those applications, transferring them to the infected computer on a flash drive). I was able to run a couple of Combo Fixes that worked for others, Malwarebytes Anti-Malware and Super Anti-spyware by changing their ".exe" names, and I installed Avira AntiVir.
Since running those programs and quartining their results, my computer is acting normally, as far as I can tell. The only problem now is that I'm still not able to access the internet so I am writing from a computer that is not so disabled.
Can you help?

A:Ran some stuff to remove some malware. I still can't access IE!

Hello ... a couple of things to do.See if this fixes your Net issues .Go to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process. If successful.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Or try these and then MBAM.For Windows 2K/XPPlease go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...." 3 Methods of repairing connectivityMETHOD 1LSP-FixRepairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet accessLSP-Fix Home PageUsing LSP-Fix to remove Spyware & HijackersMETHOD 2WinSock XP Fix 1.2It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

Have myself some malware, here's what is going on:
Windows XP

Little "security" icon, bottom right corner says "You have a security problem!" and repeatedly offers scans.

Blue and Yellow desktop says "Warning! Spyware detected on your computer!"

Fake "properties" menu when you right click on settings.

Fake "Windows shut-down screen", then blue and white prompt screen (fake) tells you to restart computer. I have not restarted my pc since obtaining this little gem last night.

When cancelling a process, got this error message with this file name: rhcnoojOe32r.exe. I don't know what this is, good or bad.

Here is a copy of the log - I appreciate your help!! Thank you, thank you.

-Amy


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:31:09 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\... Read more

A:Malware - desktop, pop-ups and other sneaky stuff

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scann... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

Ok... So I'm having some problems with different stuff! I'll tell you first:
Some rare times, I get pop-ups that wants me to download something... (rare) Then there is a few games that's not working, and I've heard that it's because of rests of some kind of malware!

Here is my log:

Deckard's System Scanner v20071014.68
Run by Eier on 2007-12-14 20:11:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Eier.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-14 20:12:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Grisoft\AVG7\avgamsvr.exe
C:\Programfiler\Grisoft\AVG7\avgupsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:... Read more

A:Help | Small problems - malware stuff?

Bump!

Read other 2 answers
RELEVANCY SCORE 44.8

I keep getting pop-up alerts from an icon in my toolbar saying "System Alert: Malware Threats" every three seconds or so, and every ten minutes or so IE (which is not my main internet server) pops up and tries to load more advertisements. I'm thinking this isn't a good thing. I've tried removing programs in the control panel, but that didn't work either.

I have an old Dell Inspiron laptop with Windows XP. Any help you can offer would be greatly appreciated!

And here's a copy of the HijackThis scan from my computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:46 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Ap... Read more

A:Help--malware pop-up alerts, other stupid stuff...

Read other 7 answers
RELEVANCY SCORE 44.8

I downloaded Adaware, and I run it every day, but it doesn't get rid of the problem I'm having. I get popups all the time called xadsj.offeroptimizer.com. Like every 5 minutes. How do I get rid of them? They drive me freaking nuts!!!!!!!!!!

A:Newbie about malware and hijack stuff

Hi, DomesticDivaOfferoptimizer will drive ya' nuts.Kinda like ants at a picnic.Please read and follow the advice and download/post/location/etc. HEREYou'll likely need our help with it.You will be instructed in what to do within about 24 hours.Be sure and click the :track this topic" at the upper right after you post your log.

Read other 1 answers
RELEVANCY SCORE 44.4

My father has been infected since the beginning of April first with XP 2011 - which I thought, several times, I had removed but popped back up bigger and stronger. Now he has "Malware Protection" virus.

MBAM doesn't run. I cannot even start the task manager to end a process. I am currently running MBAM in Safe Mode. Of course I can't update it since it will not run in regular mode.

Please do not tell me to go to the old thread from 2008 called Malware Protection 2008. This is not that. This is new. And as I stated already, I cannot run MBAM unless in Safe Mode.

Any helpful suggestions? Especially since he seems to have had the XP 2011 virus for months. No matter what I do it comes back.

A:Malware Protection virus and a bunch of other stuff

Mod bump

Read other 1 answers
RELEVANCY SCORE 44.4

Hello, I'm new to this forum and I believe I'm having trouble with some Malware.

I think I've had this Malware for a few days now, it seems to be changing the account permissions of my computer and fiddling with settings to prevent me from using stuff.

I first noticed this when the security center service was disabled and my MSE anti-virus stopped working, the security service, Windows defender, and Windows firewall was missing due to something tampering with the Registry, I believe I've restored the security center but I still think the virus is there.

I've also noticed a recently-installed program TempFiles.exe in my Local temporary folder which I can't delete and Malwarebytes or MSE isn't detecting it. I'm also unable to install rkill or other anti-viruses because I get the message: "Some files could not be created. Please close all applications, reboot Windows and restart this installation".

I could really use some help, it's really giving me a tough time.
P.S. Other effects include desktop icons being auto-sorted despite auto-sorting being unchecked, file view preferences are defaulted, and despite being the only account, I don't have permissions for some things anymore, it seems to be getting worse - I can't even get a screenshot because I can't save an image off Paint anymore - please help!

A:Malware Changing Permissions and Messing Stuff

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment. If you still don't have internet access in Safe Mode With Networking, you will need to download the installers onto a flash drive from a working computer and transfer them to the problem PC.Also, if you have any of the following programs already installed on your machine, download the latest version along with updates, then run the scan.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click ... Read more

Read other 3 answers
RELEVANCY SCORE 44.4

(I think this would be the most logical place to put my question, so here it goes - )

does anyone know of a listing of what registry keys control what, and/or how malware uses such stuff? I want to understand behavioral log files of malware, but I haven't found any useful compilation of such knowledge yet. Note, I'm not using hijackthis; I am merely working with a massive file of registry keys accessed by various malware.

There are a few threat libraries on the web, but the reports are not quite as in-depth as I need. For example: http://vil.nai.com/vil/content/v_143656.htm (McAfee) has some very useful stuff but http://vil.nai.com/vil/content/v_101848.htm is not as useful, since it just lists registry changes without defining the effects. Also, many websites merely offer a broad view and definition of the registry and the main keys, state what keys that are useful for users, and offer "personalization" ideas - innocuous use of the registry is all great, but not what I care about!

Oddly enough, I own only macs (I'm going to get a box to run linux soon, finances allowing... I don't think you're allowed to be a geek without one), so I don't have the option I'd like to turn to - fooling around and breaking, fixing, breaking a disposable machine. Hopefully this well change, or I'll get access to a Windows VM, but... until then...

Thanks!
Tommy
 

Read other answers
RELEVANCY SCORE 44.4

Hello, everyone:Looks as if the team here is pretty helpful, so I thought I'd throw my hat in the ring, as I've just about hit a wall trying to rid myself of this virus that WILL NOT let me connect to the internet through any of my web browsers. It seems to be blocking proxies perhaps. I've ran searches with all of the major spyware removers, and keep happening across the dreaded "vundo.variant" infestation.The HJT log is below. Any help?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:09:57, on 2/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Viewpoint... Read more

A:Malware is blocking internet access + other stuff

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.By the way, did you purchase WebrootSecurity? I assume this one also contains an Antivirus?

Read other 4 answers
RELEVANCY SCORE 44.4

Got a pretty bad virus...keeps changing my background and homepage as well as shoots all these pop-ups at me to get antvirus software...virus installed a few programs on my desktop as well...name of antivirus software is ultimate cleaner...thanks for everything you guys do

here is hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 2:51:07 AM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Pro... Read more

A:please help trojan malware trying to get me to download antivirus stuff

Read other 10 answers
RELEVANCY SCORE 44.4

I'll try to keep this series of events in order.. the situation has changed a bit from when the problem first started.

My coworkers computer first displayed the problem yesterday afternoon - pretty obvious malware infection displaying itself proudly as "Windows XP Restore" and claiming infections, bad sectors, etc.. In addition, the desktop was completely blanked out, taskbar icons, display properties & task manager had been locked out and all the programs on the start menu disappeared. In safe mode, the Admin account was unaffected but the normal user account still showed all the same problems.

I managed to restore access to Task Manager, Desktop Props and bring back all the programs & shortcuts that had gone missing. I also was able to stop the "advertisement" from displaying. I've done system cleanings before so I ran HijackThis then MBAM to see if that would clean things out . When I came in the next morning, the system had restarted itself (I expected MBAM's log to be waiting for me). I tried to re-run the scan but now the program wouldn't run - in fact nothing at all would run (unless I dragged a shortcut of the program onto the program file itself.. which didn't always work).

I have the log from DDS, but GMER keeps locking up the machine before it can allow me to save a logfile. I've run it about four times now with the same result.

-------------------------

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Inte... Read more

A:Whole buncha malware type stuff goin' on..

Please post the Rootkit Unhooker and ComboFix log(s)

Read other 2 answers
RELEVANCY SCORE 44.4

Hello. I run Windows XP, and I think I got infected when I unwittingly allowed a [possibly] bogus update to Firefox to proceed.

Spybot is completely unable to run.

Every time I click on a Google or other search engine results link I get redirected to an ad site (that has nothing to do with what I searched for), and certain other pages don't open at ALL (getting stuck on Google analytics showing on status line, then nothing else happens).

Have tried several methods shown here (Malwarebytes, SuperAntiSpyware, Rkill, etc.) and nothing has gotten rid of it.

I also use AVG antivirus (free version) but this has no effect.

Sound board is not running... eralier I was able to reload the driver, but it kept going out and now nothing works.

Sometimes the internal wifi device does not run and requires a system reset (nothing else will get it started).

I DO NOT have an XP startup CD; never bothered to make one, and I bought the computer with XP installed; a CD was $100 extra, if I recall correctly.

Last day or two, system says it's run short of RAM and needs to start paging to disk... I recently upgraded RAM and so this is probably the malware at work.

Girlfriend's computer class teacher was going to help me., but his friend with an XP CD is unable to be reached, so that avenue is indefinitely postponed... I'm tired of having a sick computer, and want to learn how to deal with this myself, but I'm a little out of my depth here, and could use a little he... Read more

Read other answers
RELEVANCY SCORE 44.4

I'm pretty sure my computer is infected with adware or something... I keep getting pop-up balloons saying things like "System Alert: Malware Threats" or Security Warning: New Variant of [email protected]", all of them telling me that I've been infected with a backdoor Trojan ans that I need to download antivirus software.

I have an old Dell Inspiron laptop with Windows XP, and I've run into something like this before. I still have the HiJackThis software, so here's the scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:21 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\iebtm.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 44

Recently been having the Norton Email Error window popping up, showing different emails to & from ppl I've never seen, & when I click em off, they come back. Did a MAlware-Antibytes & Norton 360 scan & did what it told me 2 do w/the results. Then did the DDS thing & will post the reports. I am pretty sure I have other viruses & Malware that neither program has detected as well.

A:Norton Email Error Pop-Up & other Malware/Virus stuff

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/508953 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 44

A few days ago I noticed a lot of pop ups or new tabs opening in Firefox. More troubling, my McAfee virus software notified me that automatic scanning was disabled. Clicking 'turn it on' did nothing. I also could not access any websites dealing with the problem- either 'server not found' or a totally different site would come up. Also, startup/shutdown is impaired. Sometimes the computer boots, sometimes it doesn't, and sometimes it freezes on shutdown.I ran a system restore back to Nov. 1. This restored SOME functionality. I was able to update my Mcafee software, including their virtual technician (it couldn't fix the problem). I also downloaded Malware antibytes, Adaware, Spybot search and destroy, cwshredder, and hijackthis. All recommended for my issue.They only work in safe mode. Otherwise they freeze at some point in the scan. Each has found a group of problems that I have trashed. I ran hijack this but will need help with the results.The problem remains.It SOUNDS like the coolwebsearch that cwshredder is supposed to get rid of but it won't update, nor does it find anything.I do have log files and the computer is backed up to an external hard drive, both for a complete system restore and as individual data files (less likely to be infected).Whatever you need me to post to fix this, let me know. Update: I have attached the dds log, and run defogger. I tried once to post the gmer log, but as I was running it, my machine crashed. I will tr... Read more

A:Redirect malware that is stopping anti virus stuff too

Update: Assistance is no longer needed. Things were getting so bad, and the computer had had windows on it for 5 years, I figured a full wipe and update would be helpful anyhow. So issues are gone, drive reformatted. Thanks to those who read.

Read other 2 answers
RELEVANCY SCORE 44

I am desperate, folks!
For 3 days I'm trying to get rid of these nasty viruses. I reinstalled a fresh copy of XP, formatted the drive and they still come back. I ran Malwarebytes and AVG 8 they say say viruses have been removed and after restart they are back.
I have 43 infections including: Backdoor.Bot, Worm.Parite, Malware.Trace, Trojan.Downloader, Worm.Palevo, Trojean.Proxy, Trojan.Dropper, Trojan.Agent. I'm out of options and I don't know what else to do.

All scans were done in Safe Mode With Networking and I have to mention D: is my System drive (I have separate partitions).
PLEASE HELP ME!!!
I appreciate a lot, you guys are great and my donation will definitely come.


DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Mihai at 22:19:05.62 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2634 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
svchost.exe D:\WINDOWS\TEMP\VRT1.tmp
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS&#... Read more

A:HELP!!! I got 43 infections with Backdoor.Bot, Malware.Trace and other nasty stuff

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 3 answers
RELEVANCY SCORE 44

I read a couple posts and noticed similar people had to get the Win32kDiag.txt so here it is:

Running from: C:\Users\Ryan\Downloads\Win32kDiag.exe

Log file at : C:\Users\Ryan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \... Read more

A:google redirects, blockage of anti malware and stuff

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 13 answers
RELEVANCY SCORE 44

i think i got a taste of a bad download.. something from a video player site.. has sunk it hooks in to my system and now it redirects me to a site and ask me to down load a bogus version of java.. i have an add blocker on firefox and it shows adsdelivery1 being blocked.. i have been to this bleeping computer .com a few times over the years and it has helped greatly.. but it cant keep this monkey from hitting the wrong key once in a while... and here we are again.... and now the bios warning signal is poping off so.... i think there is somthing about to really run south on this machine.... please assist... help... willing to run all the testing procedures... but i cannot remember what they are or their order.... and perhaps things have changed since my last attack of cyber crud....

bit lost here need assistance.. again! help! ;(

A:Help, got a malware problem. popups, redirects.. lots of bad stuff

Hello and Welcome on board scuzzo ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by y... Read more

Read other 25 answers
RELEVANCY SCORE 43.6

I've been dealing w/computer problems the last few months. It seemed to start w/a virus or malware (I'm not very savvy about the difference) that redirected my internet browser. I noticed that web addresses kept coming up w/"gogoogle" and every time I tried to investigate, my computer would keep redirecting me to, often times, adult websites. I researched this using my BlackBerry and found instructions to fix the "gogoogle" problem. I thought everything was fixed, but not for long (even though the gogoogle problem has not come back) ...

My internet explorer often shuts down randomly - but probably most often when I'm going from one link to another.

Then, a bunch of my apps were gone and I no longer have my MS Office (no Word, PPT, Outlook), just WordPad, NotePad. I had to download some things again, like Adobe Reader. My son also says that our DVDs are no longer playable.

It seems like we had no computer problems until the last few months since I started using Facebook and iGoogle. I noticed a window open that said "HotKey" which I didn't install.

* So, I have two issues: 1) What is causing this (virus/malware), how do I get rid of it? and 2) How do I get my MS Office and other apps back w/o wiping out the current docs, ppts, and other things already saved on my computer (do I need to back them up first?)?

LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:36 PM, on 3/13/2009
Platform: Windows XP SP3 (WinNT... Read more

Read other answers
RELEVANCY SCORE 41.2

I'm running Windows XP, and everytime I try to delete stuff off my desktop, I get an error that says my hard disk is full (it isn't) or is locked (it isn't). Furthermore, my validation keeps failing (the OS was loaded from the factory), I can't run some programs (Windows Media Player, QuickTime, HijackThis, maybe a few others), and the computer takes eons to start up. Can someone help me out here? I'm about ready to throw the computer into the wall and go Office Space on it.

A:Help desperately needed (can't delete stuff, validation keeps failing, other stuff)

Check out this page on Microsoft Validation..

Cheers!

Read other 14 answers
RELEVANCY SCORE 40.8

Like you know how people take videos of games they play and feed it into their PC so it is on there? What do I need... and what kind of stuff is possible? Could I transfer a tape from a VCR? A DVD? Or just games? Give me all the information you can because I know nothing about any of this.

How expensive would this be? I hope not too much... If it is something that is selling software with it, but thats what makes it expensive, tell me the way to get it without the software so it is cheaper. I have plenty of video editing programs and stuff, I just need to get the stuff there.
 

A:So give me URLs, names of products, stuff I need to get stuff from TV to PC...

I believe the name of what I am looking for is a capture cable, that takes whatever is displayed on the screen and saves the video on the computer.
 

Read other 1 answers
RELEVANCY SCORE 40

im new here i hope i have posted this in the right place(if not please can someone move it for me -mods?)

i thought i had been doing the right stuff ive been running my avast as my anti virus also using Malwarebytes and super anti spyware, but my firefox browser keeps hanging and the pc sounds like its doing things when its not so i thought id join up and get some help lol

i read the guidlines but im not sure what a log is ? this came from notepad (i hope that makes sense im not very good at this stuff ) so i did some reading and found myself this SmitfraudFix and hijackThis. now i have this

SmitFraudFix v2.423

Scan done at 1:52:15.74, 09/09/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system... Read more

A:hi all - please help - malwere spywere good stuff bad stuff what is what?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 39.6

hey guys. I have peerguardian 2 and everytime i start my computer someone called offeroptimizer.com/static.callinghome.biz[spy], st. also i was looking with spysweeper at my items that startup with windows and i noticed there is something called ShowWnd.exe and i googeld it and some things said it was malicious and some said it was not. Maybe you could help me out. Heres my Hijackthis log. Thanks.Logfile of HijackThis v1.99.1Scan saved at 4:20:18 PM, on 5/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files&#... Read more

A:HJT-Leftover

Welcome leftover to Bleeping Computer.*Restart the computer.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.*Use the arrow keys to select the Safe mode menu item*press Enter.***We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.***Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeClick on Fix Checked when finished and exit HijackThis.***Open Windows Explorer.Find and delete this file:C:\Windows\System32\ShowWnd.exe***Reboot the computer to normal mode.Please post back in this topic with a fresh log using HijackThis.

Read other 16 answers
RELEVANCY SCORE 39.2

Can anyone tell me if there is such a progamme that can detect leftover programmes on the pc. By that I mean, when you have installed a programme and then decide you don't want it, you delete it from the add/remove control but it always seems to leave some file behind.

Is there anything that would clean all those files up? Hope I am making sense.

Thanks
 

A:Leftover files?

Read other 14 answers
RELEVANCY SCORE 39.2

Hi I need help getting rid of some trojan/malware remains. Malwarebytes and tdsskiller don't find anything but I am still getting internet explorer redirects, windows firewall turned off & will not turn on and need help because it looks like I may have a rootkit hiding somewhere. I have included my dds files. Also avast is showing alot of "malicious URL blocked" messages and the process is C:\Windows\System32\ping.exe. I have ESAT, MBAM, SAS & HiJackThis logs. I have combofix, aswMBR & minitoolbox dl'd & ready to run but don't want to use them without your direction. I have windows 7 32 Thanks!

A:Win7Antispyware leftover fix

Update......running eset fixed the redirects but I wonder if I still have the rootkit. Eset said I had a variant of the Win32/Sirefef.DN trojan.

Read other 19 answers
RELEVANCY SCORE 39.2

I got some kind of malware last week. I kept getting tons of pop-ups, which never bothered me before, and other things. One of those fake anti-spyware sites that took over my computer till I shut it down, etc.

So in the past week I have done the following:

I ran Stinger, Ad-Aware, Malicious Removal Tool, CC Cleaner, Housecall, HS Remove, cwshredder, Kill2Me, all of which found nothing, and did a System Restore which had no effect..

Then I ran Malwarebytes and Stopzilla both of which found some Trojans, Malwares, Ad cookies etc and deleted them. (No worms that I could see.)

Since then I still have the following problems:

When I load Firefox - before the page loads in the upper left hand corner I get the following box:

"Java Application Type Error: spElement is null." (A search of "spElement is null" on Google turns up nothing.)

When I click OK, the message box disappears and Firefox loads. Sometimes a few different pages load, Ask.Com, My * 10.Com, etc. A couple pages sometime try to load but there is a message box that says the locations couldn't be found. I click off those pages, I seem to be able to use Firefox without any further problems.

If I try and load Internet Explorer, a bunch pf pages try to load, all with the same internet address with numbers, letters, and symbols that I have never seen before (not a foreign language, but symbols which aren't on my keyboard, letters, etc) Luckily for each page that tries to loa... Read more

A:A few leftover's that I can't seem to shake??

I would do the following.....Use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....LINK 1LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.After running Rkill update and run MBAM. Next I would install AFT Cleaner check the box for select all and then run it. Finally, I would run SUPERAntiSpyware. If you have more than one username then you will need to scan each user account seperately with this.

Read other 1 answers