Over 1 million tech questions and answers.

I think I am infected or have a Windows 7 problem.

Q: I think I am infected or have a Windows 7 problem.

Hi everyone (again).
 
First and foremost I want to thank all the help I have had here over the past year or two. I have sincere appreciation for the free help you guys give.
 
Well last time out, I thought I had a virus and it turned out I hadn't after getting a slow running pc, slow boot up and lots of crashes in which I never had over the years with the same pc and same windows install.
 
A few nights ago, my pc took a very long time to boot up. It usually boots up in 25-30 seconds, thanks to Raid 0 of two SD drives.
 
Anyhow, there were no updates installing or configuring - it just booted the same as ever, but it was very slow when it got tot he Windows logos. It took probably 2-3 minutes to finally get to my desktop and a popup came up saying some windows file was corrupt. Sadly I pressed a button by accident and I didn't get the message.
 
I ran check disc and all was fine, no windows errors. So I proceeded to run my avast and also got no viruses. However I tried running some of my other virus scanners and they wont run, coming up with windows error popups saying the file cannot be run for whaetver reason. I tried using tdskiller and malwarebytes and these windows errors would pop up.
 
My games, music and movies all run fine! The only errors I get are from my soccer game which happens when I exit it every time and that is a known issue from a mod I use, so nothing related to my pc.
 
Any help would be great. I kinda feel it's suspicious that files I download from this site to virus check all get similar erors.
 
Thanks!
 
 
 

RELEVANCY SCORE 200
Preferred Solution: I think I am infected or have a Windows 7 problem.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: I think I am infected or have a Windows 7 problem.

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 28 answers
RELEVANCY SCORE 38.4

Thanks in advance for any and all help. :)

This one got me by surprise.
Either somethg snuck past Kaspersky, or I clicked on something other than Deny by mistake when a Trojan warning popped up (which was probably the case).

When booting up my computer,
I was greeted by a Windows - No Disk - exception processing message.
If I clicked on Cancel, it would continue to pop up periodically.

Also, the Windows Security Alert box keeps telling me Windows Updates are disabled, and that I have no Virus protection,
even though I am running a continually updated Kaspersky Anti-Virus 7,
and the Windows Update menu in the Control Panel says Updates are enabled.

After running through all the steps you have laid out,
the pop-ups seem to be at bay, and the Windows - No Disk error hasn't popped back up yet

But the machine is sluggish, the Windows Security Alert problem still persists, and my browser continually refreshes as though it is trying to load something.

Below is the HiJackThis log,
as well as the attached Panda scan log.

Thanks so much for all your help!

-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:31 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\... Read more

A:Infected machine? - pop-ups / Windows Security Alert problem / Windows no disk error

BUMP, please

------
Also, an update since I originally posted this.

I already had Spybot installed prior to the problem, so I loaded Spybot Tea Timer to give me some sort of added protection while waiting.
It nuked numerous attempts by Run32dll.exe to access various dll files in the System32 directory, as well as adding various strings to the Registry.

During this time, the machine was extremely sluggish, but I could still use it to some degree.

But something happened yesterday, and now my machine won't even boot up. :(
I can't boot up in regular mode or in Safe mode.
All I get is the dreaded blue screen with a C000021A error. :(

I'm fortunate enough to have a backup drive that had all my working files, so I could continue my work on another machine.
But I stopped the backup when the problem popped up to avoid infecting any of the files on my backup drive.
So all of the data from the 3 days the virus problem started up is lost to me at the moment.

Please advise.
Thanks in advance for all your help.
If we clean this up like you did when helping me a year ago on another machine,
I'll be sure to donate again, like last time! :)
Thanks!

Read other 9 answers
RELEVANCY SCORE 36.8

Hi there,Yesterday morning I downloaded a windows update.Ever since I have following problem:When I boot my laptop (acer) it does start any of my programs correctly. I get a mesage regarding a windows installer...a little while after I receive a note from Trend Micro Antivirus "suspiscious activity blocked lmanager.exe and somethinga program tries to change the library....The computer also doesn't recognize the wireless connection automatically, but need to be repiared and than it works...Outlook doesn't function as well. I have no idea how the problems are related, but that everything worked fine just the night before. I am also not surewhether the update has anything to do with it.Do you guys have any ideas? Suggestion?Thank you.MauriceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:14:20 AM, on 11/27/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exeC:\Program Files\Tr... Read more

A:windows installer problem, am I infected? please look at my hijacktihis log

any ideas? does the log look bad?

Read other 5 answers
RELEVANCY SCORE 36.4

I've fallen victim to the "black screen" and "Windows detected a hard disk problem" malware, complete with mis-spelled words and poor grammar in the warning box. Ran Malwarebytes and it did identify infected files, but the problem did not resolve after the files were "cleaned." Please help!

A:Infected - Windows detected a hard disk problem

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 36.4

Dear Malware debuggers,

My system (Windows XP machine) came under attack by Window Repair malware on 27march , 2011.
I tried my best to thrash it out from my laptop but only have been partially successful so far.
I have listed down my current problems below:

-- Browser redirect problem.
-- Plays system alert sound every minute.
-- I might not be aware of any more hidden problems.

If you can help me in getting my machine back into healthy state that would be grand. Moreover, any suggestions to
save my computer from future attacks are most welcome.

I have attached all the logs which are of your interest.

NB: running gmer.exe on my m/c crashed every single time, though i somehow managed to save the logs and not sure if they
solve the purpose.

Many Thanks,
XXX

A:Infected with Windows Repair + Browser redirect problem

Hello kodar, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the f... Read more

Read other 5 answers
RELEVANCY SCORE 36.4

i have a problem. as i login in windows for some time everything seems ok, but after some time, a windows in internet explorer start to opening. and it says pcantimalware download, your computer may be infected, download tihs and stuff like that. it seems my computer is running a little bit slower but nothing special. i started spyware doctor and spyware search destroy and they found nothing. but windows are appearing as before! every 5 min or so. if i leave computer running while I'm away like today, when i get back there are 20 or more windows oppend in internet explorer. please help

A:I Have A Problem With Appearing New Windows In Internet Explorer Saying I?m Infected

Just wait until it is moved to a more appropiate Forum, Mate?

Read other 3 answers
RELEVANCY SCORE 36

It's a Windows 7 64-bit machine. I have tried using this guide: http://www.bleepingcomputer.com/virus-removal/remove-system-fix

and a few other things but in regards to the link referenced I am at a point where I need to run Malwarebytes but I am not able to run it. So I'm not even able to check if I can update it or not. Below is the DDS report.

Any help is greatly appreciated.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Fazlic's at 23:49:52 on 2011-12-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1519 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svch... Read more

A:Infected with "Windows dected hard disk problem" virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 34.8

I've been infected with Windows 7 Antivurus 2012.

- I used Malwarebytes Anti-Malware


The malware seems to be removed but I found many problems

- I can't print on my wifi printer
- Microsoft firewall doesn't work
- Some gadget and program can't access internet (gadget accuweather, program HideMyIp)

I removed McAffee because I think the Mcaffee firewall is the problem. I installed Norton Antivirus 2012, and I have a strange error (Error norton 5013,3). I removed Norton and now, I'm with AVG 2012 trial.

To enabled Microsoft Firewall, I applied this correction : http://answers.microsoft.com/en-us/windows/forum/windows_7-security/error-code-0x80070424-with-windows-firewall/ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee?page=7&tm=1327722759954

Broni help me here : http://www.bleepingcomputer.com/forums/topic440667.html

But we are stuck !!!

NOTE on GMER: I don't have all the option enable. Only Services - Registry - Files and ADS are enable. Show all is not enable

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Fred at 22:38:51 on 2012-01-31
Microsoft Windows?7 ?dition Familiale Premium 6.1.7601.1.1252.2.1036.18.12270.8748 [GMT -5:00]
.
AV: Protection antivirus et antispyware McAfee *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-... Read more

A:Infected Windows 7 Antivirus 2012 Malware: Problem with wifi printer + accessing internet

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 54 answers
RELEVANCY SCORE 34

Referred here from: http://www.bleepingcomputer.com/forums/t/218785/i-think-i-have-a-keylogger-problem/ ~ OBHello there. I first posted on "Am I Infected" because I had a keylogger problem. That was solved, but apparently the member working with me said I was still infected which was the reason my computer slowed down in the past couple of weeks. He said he couldnt find the AntiVirusSentry file with all the MAMB and SAS scans I did after getting rid of my other problems, so he sent me here. I know my computer is slow, only have 512 of RAM and some of my drivers and BIOS need updates, but its never been this slow. Sometimes while opening a new window, the internet freezes (quite often lately), and sometimes I have to shut them down by using CTRL+ALT+DEL. Other times an error message about runtime appears and says the window has to be closed. I've read it was a problem with the latest Adobe, but I dunno. I just know its painfully slow at the moment. Please help me.DDS (Ver_09-03-16.01) - FAT32x86 Run by Andr? Caetano at 17:21:17,58 on 18-04-2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.418 [GMT 1:00]AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scan... Read more

A:I'm infected - "am I infected" couldnt solve the problem

Should I post a new log? A member told me after I post a log I shouldnt change anything but I did check the disk for errors and I disfragmented the disk. Not sure if that affects anything?

Read other 59 answers
RELEVANCY SCORE 30.8

The short version of my problem is that at some point after a reboot, certain web pages fail to load.  I'm not sure what the root cause is, at all.  I am running Windows 7 SP1 and was up to date with updates when this started.
 
When it started happening:
Thursday night, the power flickered at my apartment and made my computer reboot.  I figured it was a good a time as any to install Windows updates since I hadn't done that in a while.  After doing so was when I first noticed the problem.
 
The problem:
What happens is after I reboot, at first, everything works fine.  At some time after, some web sites just don't load.  The sites that don't load are consistent (if I reboot and wait, all the same ones fail).  A couple examples are bleepingcomputer.com itself and any of Valve's (the game developer) sites.  It doesn't seem that computer help/anti-malware sites are all not working, since MBAM and AVG's sites work.  Google itself always works and when Googling for info on this problem, I seem to find more sites that don't work than do, once it starts happening.
 
I don't know specifically at what point stuff stops loading.  I tried rebooting then going to read a book for an hour, and it was working when I tried immediately after.  If I reboot and open Firefox with a ton of tabs and start browsing around, it might stop within a few minutes.
 
What I tried:
At first I thought it was my Internet connection or ... Read more

A:Infected? Hardware problem? Software problem?

Hello knismaps, let's see if we can find something.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner Skip or rerun it.

Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.ex... Read more

Read other 3 answers
RELEVANCY SCORE 30.4

I'm at the end of my rope here. A "friend" gave me her computer to clean up. The thing was so full of malware it was unbeliveable. I've got most of it, but there is this one nasty bit of adware "Cool Web Search" that remains... I've tried running the latest versions of Ad aware, Spybot, and CWShredder. They seem to find and remove the cool web stuff, but when I shut down and start up again, it's back. I've gone to the trend micro site, but I keep getting a .dll error when I start downloading the definition files.

When I shut down, the machine hangs and tells me that it is waitng for a response from "Win Min".

It also occasionally freezes on startup, leaving me with a blue screen and a mouse pointer stuck in the middle. (This seems to be mitigated somewhat if I move the mouse around during startup!)

The log file from this machine is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 25/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DE... Read more

A:Infected Windows Me PC Hangs on Shutdown - "Win Min" infected with Cool Web Search

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.


How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/... Read more

Read other 15 answers
RELEVANCY SCORE 28.8

Hello,
 
So sorry, but I'm new on this site and I think I had posted in the wrong forum when searching for help. I had posted for help in the Windows 7 forum and have received some guidance but a couple people told me there are specific forums here and I finally found it. 
 
Here is my original post...
 
 
http://www.bleepingcomputer.com/forums/t/538503/my-anti-virus-program-keeps-telling-me-its-blocking-a-virus-help/#entry3401910
 
 
I wanted to make sure I get the help I need so I wanted to post here and make sure if this was the place to post, that it was posted.
 
 
Anyway, I really appreciate any help that I get. I apologize again for posting twice, I just wanted to make sure I asked for help in the correct place because I really miss feeling safe on my computer.
 
 
Thanks again
 
 
 

A:Not sure what the problem is... am I infected?

Can you tell me what issues are you facing currently?

Read other 2 answers
RELEVANCY SCORE 28.8

Hello,

Please forgive my uniteligible ramblings. I have read the tutorial, but my memory (brain) is shot because I am worried about my computer issue. Please forgive some of my terms, I am a motorcycle guy, and learning computers. So here goes:
Some of these issues have taken place in the past 96 hours and have taken alot of my time to try and repair. The offsite helpdesk for my company has been some help, but now they want it for a week to "wipe it" and start again. I can't be without the system for that long, So I am turning to help here.

Issues:

Can not restart in safe mode, the "DOS looking" screen allows me to select safe mode, then I get a blue screen that says, "if this is the first time windows has shut down please restart your computer....." it just keeps looping me back to the main DOS start up and I have been able to restart only in windows normal

When searching with Google, I get redirected to some rather unusual sites, newspaper, porn, etc..

A new toolbar has been added to my outlook called "pre spam" with C cleaner and so forth. Outlook will continue to open and as soon as I select an email, I get a new window that says the program is unresponsive and must be closed etc... Then it starts all over again. So I know I need to prevent that from starting when outlook starts up. I can remove it by right clicking and deleting the tool bar, but everytime I open outlook it starts again. (this is new today)

The machine has... Read more

Read other answers
RELEVANCY SCORE 28.8

I recently downloaded a microsoft office to my computer from my schools website. Not sure if that was the reason though. Whenever I use a full screen program it seems to alt tab me back to the desktop every 5-10 minutes. I removed my keyboard to make sure it wasn't the problem and happened even when I went away for a few minutes to test it out. I used malwarebytes and CA Antivirus and found a backdoor and a trojan and removed them. I'm still having the alt tab problem and I'm unsure what it is. It doesnt alt tab while i'm on a broswer though.

A:Not sure if infected, ALT Tab Problem

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Download update and do a quick scan with malwarebytes and superantispyware
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

REmove all that each of the programs above find and reboot.
Post the logs.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
http://download.sysinternals.com/files/Autoruns.zip

Read other 37 answers
RELEVANCY SCORE 28.8

Hello,
 
So sorry, but I'm new on this site and I think I had posted in the wrong forum when searching for help. I had posted for help in the Windows 7 forum and have received some guidance but a couple people told me there are specific forums here and I finally found it. 
 
Here is my original post...
 
 
http://www.bleepingcomputer.com/forums/t/538503/my-anti-virus-program-keeps-telling-me-its-blocking-a-virus-help/#entry3401910
 
 
I wanted to make sure I get the help I need so I wanted to post here and make sure if this was the place to post, that it was posted.
 
 
Anyway, I really appreciate any help that I get. I apologize again for posting twice, I just wanted to make sure I asked for help in the correct place because I really miss feeling safe on my computer.
 
 
Thanks again
 
 
 

A:Not sure what the problem is... am I infected?

Duplicate here.

Read other 1 answers
RELEVANCY SCORE 28.8

As stated in the topic description it wasn't allowing me to access any google site, redirecting all searches from any engine, and was undetected by MBAM and AVG.After trolling through these forums for a while, and trying Registry Cleaner (Several times), I resorted to desperation and tried ComboFix. I would've loved to have done it under the supervision of someone on these forums but as stated before I was not allowed to access the email I registered to the forums under. Now I want to make sure I'm clear of everything. Scans with MBAM and AVG come up clean.ComboFix showed a rootkit, which I believe it removed, and I had a friend help me by loading RegistryBooster on this machine.Thank you in advance for your time.Humbly waiting for a response,Lukin.PS. I am also getting strange new tab openings, to random websites.So, one more thing to add to the list. The computer has taken to freezing when I visit sites that seem to be heavy in flash... and I mean full out freeze to the point of Crl+Alt+Del does not bring up Task manager.I am unsure of what steps to take now since last night MBAM only reported Combofix and nothing else. After that the computer became fairly unresponsive, even after several restarts. Now it is functioning, it seems, as long as I don't visit any Flash websites.Allright, pardon me for being a bit frustrated and seeming, perhaps a bit rash. But I don't know when my system will freeze next so I've taken the liberty of generating a HijackT... Read more

A:I was infected with a serious problem but I'm not sure if it's gone

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 28.8

Hello, hope someone can find the problem with very slow pc.Thanks..DDS (Ver_11-03-05.01) - NTFSx86 Run by Doug E at 11:39:08.23 on Sat 04/23/2011Internet Explorer: 8.0.6001.18702.============== Running Processes ===============.C:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEc:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\Doug E.DOUG-7IPR6139R9\Desktop\dds.scrC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [SystemExplorerAutoStart] "c:\documents and settings\doug e.doug-7ipr6139r9\local settings\tempo... Read more

A:INFECTED OR OS PROBLEM?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 13 answers
RELEVANCY SCORE 28.8

Well...

This happened before I reinstalled my OS, then everything was FINE.
I had to reinstall because I was infected with Win Sality. ( Wiped and reinstalled. My old thread was deleted? )

I googled to see if it was just a problem with the computer type.. But other computers have this problem too.

It seems, from the day I bought the computer, after a few days it does this and I have to reinstall ( I've only reinstalled once actually.. )

I found this yahoo answer post that explains exactly how it happens with me.

"
Problem -
This computer is about 3 years old, worked fine until last week. The computer has been a bit sluggish for about a year, but it worked well enough. Now, the computer will work for a while (anywhere between 10 minutes to an hour).
The computer starts fine. At some point, the computer will completely freeze. At this point, I cannot bring up the "clrl+alt+dlt" menu. However, the keyboard is still getting function (I can turn on and off the caps lock key), and the mouse functions. The computer will not recover from this. If I continue to click around, or push keys, the computer will completely freeze, and I will hear a continuous beep from the CPU. Just one beep. My only alternative is to hit my power supply switch and restart.
"
Only difference? This computer is older, and it started after about 2-3 weeks of reinstall.

When I play games after awhile the game will freeze, but.. I was playing an online one and I noticed the chat w... Read more

A:Am I infected or is this some other problem?

Hello take a look at this topicSlow Computer/browser? Check Here First; It May Not Be MalwareWe also need a deeper look.You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

Read other 2 answers
RELEVANCY SCORE 28.8

Ever since I turned on my Malware Byte Protection Module, with Malicious Website feature turned on, about every 30 seconds it reports a website being blocked and from there, windows security essential stopped reporting anything from "c:/windows/system32/temp/setup.exe" so from there I knew I have some hidden virus somewhere blocking them.

I did 4 Anti-virus-malware scan from various trusted AVs and none of them found a virus.
The AV-Malware I use were:
Windows Security Essential
Anti-Malware Byte
Spybot Search & Destroy
and SuperAntiSpyware Portable

None of them found a virus and were up-to-date virus-check up database.

My MSCONFIG found nothing suspicious trying to run in the background.

Also, sometimes when I login the explorer.exe doesn't load, even though it is running so I have to manually go to Task Manager, Kill the process and start it again to load explorer.

Yeah a lot of problems, not even found by the AV-M. I'm not looking forward to formatting and reinstalling.

---

Ok I used Avast! but it found nothing.

I'm running a Avira AntiVir Rescue Disk to run a scan and apparantly thinks "Taskmgr.exe" is a trojan.

---

I got 13 infections from bullguard but most of them were from my visual basic programs. the others were a poor fellas. LOIC.exe

soo i'm still stuck i'm running a avast! full scan.

---

In safe-mode, the computer would load up faster then normal, but normal mode takes 10 minutes to load explorer.ex... Read more

A:Am I Infected? Whatever it is, i've got a problem

Can you please post the logs from any of those scans you did?

it would greatly assist us in helping you.

Read other 4 answers
RELEVANCY SCORE 28.8

Good day.. Pardon me if this topic is not supposed to be posted here, but this is the only forum familiar to me, that I've used before. I don't really know if I'm infected or just have so many startups . At first I thought it was the latter that's causing the delays. However, these past few days, i'm thinking otherwise, because now, my computer is not only slow to start but also hanging and automatically turns off sometimes. I already posted in Startups-autoruns forum a month ago but there were no replies. I also downloaded autorun. But when i searched for the items in my startup so that I'll know which ones to remove, most of the items revealed ITEMS NOT FOUND. I'm all the more confused. I'm using avast antivirus and if i get the time, I also do online scanning using spybot, ad-aware, superantivirus courtesy of a very kind and generous moderator (my eternaL THANks). And all the many programs that i can see (all of which I don't understand) keeps me thinking if they are all important and if not which are useful and needs to be retained and which ones are useless and needs to be removed. Please advice and if anyone could give some light to my dimmed problem, and if nothing can be done, to please advice me also to just get used to the slow functions of my computer . thank you very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:02:20 PM, on 9/3/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explore... Read more

A:Infected or another problem?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 28.8

I have a home built computer that's a few years old.
XP SP2 P2.4 512 RAM

The problem started a couple of days ago where it just reboots in the middle of what ever I am doing. Also I use FireFox for browsing and FF will crash often during my surfing the net. I get the FF crash report and then restart it and it will crash again in a minute. It doesn't happen constantly, but often enough that it is very bothersome. The reboots happen no matter what I am doing and that gets very frustrating.
I though it might be a problem with my RAM, but someone told me it might be infected so looking for answers here. Any help would be very much appreciated.

Thanks.
 

A:Problem: Is it infected or RAM or something else?

I wonder if maybe one of your addons is acting up. Start firefox up in safemode and disable any addons you have and see if the problem goes away.

Any ram problems most often result in BSODs so i don't think thats it.
http://www.technipages.com/start-firefox-in-safe-mode.html
 

Read other 3 answers
RELEVANCY SCORE 28.8

I have run all virus protection - Norton 360, spybot search and destroy, superantispyware, malwarebytes' antimalware. I am still having problems. At start up, the command prompt box opens up, one,two or three times, then spybot antispyware boxes pop up - about four of them. Also I get intermittent strange screens that just pop in when I am on the internet. Please help if you can.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 AM, on 9/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Java\... Read more

A:Problem - May Be Infected

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.I will be back as soon as possible with your first instructions!Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and an Uninstall List (instructions forthcoming)Step # 1: Make an uninstall list using HijackThisTo access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Read other 3 answers
RELEVANCY SCORE 28.4

I am trying to help my brother troubleshoot what seems to be a virus.  It also could quite easily be a hardware issue.  He has a HP DV16X Laptop. The screen flickers and random windows keep opening.  Google chrome loads so many pages when opening. Internet is so slow it is pretty much unusable.  Tried to reinstall W7 from the installation DVD and it gets just past the stage of loading windows and gives a stop error.  I will include the stop error in this email.  I guess I just want to rule out a few things to see what this could be.  Any ideas or troubleshooting steps would be appreciated.  Thanks
 
 
 
 
 
http://

Read other answers
RELEVANCY SCORE 28.4

hey,
lately my laptop had been freezing up, crashing and running very slowly.
I have windows 7 running.
I have been getting this (failed FsUsbExService, No existing FsUsbDevice) error message each time I start my computer and will not go away till I view it, but will return once the computer has started. I have run a number of different virus scans to see if it was a virus but they have all come up clean. also it will not allow me to do windows updates, it says update failed error(s) found: Code80070643 Windows Update Encountered an Unknown Error. I tried to fix that using the Microsoft support page because it had a link for that error but to tried both methods on the page and neither of them fixed it. is anyone able to help me with this or will my computer need to be seen by a technician.

thanks
Shan

A:Am I infected or do I have a system problem?

Hello shan..
The error message you are getting is related to Samsung New PC Studio.
Either reinstall or remove the application and let us know if the issue is resolved.

Read other 1 answers
RELEVANCY SCORE 28.4

Hey all:

I created a topic in another thread, see here:

http://www.bleepingcomputer.com/forums/topic438860.html/page__gopid__2562619

In there, they had me do all sorts of scans and post logs. After the last log posting, they directed me here.....

I followed the directions, but could not 'enable' the firewall. That is part of the problem I was having to begin with....

Here is the DSS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jason at 14:55:17 on 2012-01-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2166 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\s... Read more

A:Infected with rootkit problem

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 41 answers
RELEVANCY SCORE 28.4

kaspersky antiviurs say this appliction infected

Possibly infected: riskware Hidden object C:\WINDOWS\System32\SMSS.EXE 49.5 KB
look pic on Attach

and scan my computer by tool ComboFix
look repot ComboFix.txt
I think so file infected

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8947b313-c6ec-11dc-b188-806d6172696f}]
\Shell\AutoRun\command - F:\ibvtcgv.exe
\Shell\explore\Command - F:\ibvtcgv.exe
\Shell\open\Command - F:\ibvtcgv.exe

Whta I can do for this?

A:problem with SMSS.EXE is infected

Uppppp

Read other 1 answers
RELEVANCY SCORE 28.4

I have some kinda infection I cant seem to get rid of .. constantly crashes my programs .. slow web.. slow to open anything .. slow downloading/uploading redirecting Google CPU is constantly pegged and interwed data light is constant

Need help .. what is my first step ?.. I need to get this fixed .. Its finally drove me insane

A:Infected.. Cant resolve the problem

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 28.4

I really think my fiance got our computer infected. I don't know what to do and Im pulling my hair out. While on firefox it keeps opening up a new firefox window with 2 tabs over and over and over. It says on the first tabFirefox can't find the server at www.xn--3u-bdacz1i5lja1hxhl1by61y.com.the send tab goes to this sitehttp://www.xn--3ca.com/;%03%1C%1D%E2%84%A2...3%B1%04a%C6%92/If I close it out it just keeps opening it over and over every few mins. If I don't close it I will rack up a bunch on the bottom.I have very limited knowledge the first thing I could think of was run our trend micro anti virus software. I didn't get anything. I ran malwarebytes and a few things showed up not sure what they were I cleaned up and restared reran and nothing and still I keep getting the new pages. If anyone could help I would be so greatful.Thanks so muchChuck

A:Firefox problem. I think infected

Hello Chuck. Let;s do this and see what we get. Is this XP,Vista????Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: ... Read more

Read other 5 answers
RELEVANCY SCORE 28.4

Hi guys, hopefully someone here can help me out.

I know I have a problem, but it may be more than one.
I first knew something was wrong when I found a Windows update shield in my systray that would not go away despite installing it.
(Its the Microsoft Malicious Software removal tool)

Also a BHO makes Google search results go haywire !

jusched.exe fails soon after startup saying it has a problem and has to close.

Have tried system restore but although there are many checkpoints, after reboot the restore has failed.

Tried running ad-aware which just will not start.
Spybot search and destroy gives:
'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.'

Tried Spyhunter, ESET, Hotcpu, MBAM (followed the instructions re zztoy etc, but it didn't update).
Nothing starts or else starts then disappears straight away.

Really feeling lost, its a family computer with 6 identities, so really do not want to re-install from scratch. Last time I repaired from a genuine XP disk there were a few files skipped. Never got to the bottom of that either.

I have a genuine copy of XP sp3 with Avira, Spybot, Ad-aware and Spyware Guard !

Any help would be MOST appreciated !

thanks,
Martin.

A:Infected but cannot clear problem

I'm going to be honest with you. This is not going to be a quick processWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tater.scr

Read other 1 answers
RELEVANCY SCORE 28.4

HijackThis directed me here and i'm in sore need of some help. My computer has been throwing up error messages indicating it can't run some programs/processes because the .exe file is infected. I found something to run called RKill that stopped those messages, but there are still obvious problems with getting things to run and keeping other things running.I've run a HijackThis system scan and will post the log below:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:18:43 PM, on 5/17/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files\BOINC\boincmgr.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\V0500Mon.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Desktop Sea... Read more

A:Application is infected problem for win XP

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 28.4

Hi
I have multi OS on different partitions, But the ones involved now are vista 32 ultimate and windows 7 64.
On Vista 32 I uninstalled some 2 months ago KIS 2010 to try Zone alaram firewall free combine with adaware pro which I bought.
I scanned full my pc with adaware pro and found 2 trojans which was moved in quarantine( recomended by adaware), can't remember the name.

Atm on vista32 system is just the zonealarm firewall and superantispyware as adaware pro kept freezing my PC( while doing anything on the PC it hang and after hit ctrl -alt-del it can come back in 5 min or so, installed and reinstall the adawre pro 3 times with same results) so I removed adaware as I though might be a fault with their last update. Now the computer doesn't freeze but the PC might be still infected.
Last scan on vista 32 with the malware bytes was clean, also with the trojan remover and superantispyware. I disable system restore from the time when scanned with ADW pro.
Last night I started a full scan with the setings deep scan with KIS 2011 from windows 7 partition, in the morning was still scanning when looked was kept scanning a file of direct x "xinput1_3.dll" which was in directx folder in program files on vista 32 partition. I left the scan but after almost 3 hrs was still scanning that file. I hit ctr-al-del and KIS 2011 seems running, consuming 1590 ram but 00 CPU, the HDD led wasn't blinking. I pressed few times the button to stop the scan but no avail.
From task manager... Read more

A:infected or KIS 2011 problem

BUMP, please

Read other 1 answers
RELEVANCY SCORE 28.4

Hi, I am continuing my problem thread in this forum at sempai's suggestion.My WinXP Lenovo T500 laptop was infected with a root-kit and the AV cleaned up the infected files which were important system drivers.Sempai helped me clean up the machine, and now (according to the logs) it is supposedly mal-ware free.However, I am still suffering the consequences of the infestation.The virus scan (Avast) found some infected files and root-kit and quarantined a bunch (8) of .sys files: - afd.sys- cdrom.sys- redbook.sys - serial.sys - ipsec.sys - netbt.sys - i8042prt.sys - mrxsmb.sysSempai has helped my restore my Internet connection and cleaned up my system.However, there are still some remaining issues:- No CD/DVD drive- No built-in keyboard and trackpoint- I cannot see other computers on the LAN, nor print to remote printer in my LAN.There may be other issues that are due to the infected drivers, that I am just unaware of right now.Can anyone help me restore functionality?Thanks,Adi

A:Infected driver problem

Download Windows Repair (all in one) from the link below.
http://majorgeeks.com/downloadget.php?id=7141&file=15&evp=18a37c9c3804bd022748a38eb328614e
Run this program in advanced mode.
Install the program then run it go straight to option 4 Create a system restore point,Also back up the registry. leave all checked.Leave restart system when finished checked.And hit the start button this can take some time,just let it run Make sure and close all applications prior to running this even your browser. Post back and let me know how it goes.

sfc /scannow
Go Start and then to Run ("Start Search" in Vista),
Type in: sfc /scannow
Click OK (Enter in Vista).
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.
In Vista you will receive the following message: "Windows resource protection did not find any integrity violations".

For Vista users ONLY: Navigate to C:\Windows\Logs\CBS folder. You'll see CBS.log file.
Usually, it's pretty big file, so upload it to UploadMB.com - Free File Hosting, Upload unlimited files, Simple and Easy. 100% Free , and post download link.
If you don't have Windows CD....
This applies mostly to Windows XP, since Vista rarely requires use of its DVD while running "sfc"
Note This method will not necessarily work as well, as when using Windows CD, becau... Read more

Read other 46 answers
RELEVANCY SCORE 28.4

Hi,

I have a WinXP machine T500 Lenovo laptop, that which started behaving strangely. A virus scan (Avast) found some infected files and root-kit and quarantined a bunch (8) of .sys files:
afd.sys, CDROM.sys, rebook.sys, serial.sys, IPSec.sys, netbt.sys, i8042prt.sys and mrxsmb.sys.

Once rebooted, there is no keyboard and track point since i8042prt.sys is gone, there is no CDROM (CDROM.sys), and no Internet connection (IPSec.sys).
I tried restoring the missing files with the following methods (as suggested in various posts here and elsewhere): copy from another machine, use regsvr32 to register them (fails), expand from xp cd install dir, use sfc. None of these methods made any difference.

I ran various additional cleanup tools including ComboFix and TDDSKiller, but to no avail.
Additionaly the the access connections service AcSvc.exe and it's child SvcGuiHlpr.exe processes immediately begin consuming 50% CPU each choking my pc. I can only resume work by suspending them using Process Explorer.

Please advise,
Thanks,
Adi

A:Infected driver problem (?)

Since you ran combofix, Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

Read other 5 answers
RELEVANCY SCORE 28.4

Hello.
Firstly let me say that i am sorry to join the forum and immediatly be asking for help/ advice, but i really need to get this sorted.
Last night i was on my computer and all of a sudden my I.E page crashed and my wallpaper changed to a blue background with a black rectangle placed in the middle of the screen.
Inside the black rectangle there are the words 'Your system is infected!' in a bold capital red font, and then the words 'System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommeded to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed.' in a smaller non capital white font.
And yes, 'Recommeded' is spelt like that on the desktop.
When i switch my computer off, during the shutdown procedure my normal wallpaper flashes up for a minuite or two, however i cannot change it when i try (either through graphics properties, control panel or when i try to right click on a image and 'Set as Desktop background' i cannot click the button.)
When i go into display on my Control Panel and click on the tab 'Desktop' it says that my current desktop background is a internet explorer file named: 'critical_warning'. And i cannot change it as it will not allow me to click on any of the other desktop backgrounds such as 'Windows XP'.
Once i discovered this, i immediatly scanned my files and found a internet file called 'critical_warning' and deleted it instantly.
The virus or whatever i... Read more

A:'Your system is infected!' problem, please help.

Hi,

Boot the computer into safe mode and perform a virus/spyware scan in safe mode. If more viruses and spyware are detected, make a note of the path of where they are located and try to delete them in safe mode. If successful, the next step would be to perform a windows repair on your computer. Good luck and hope this info will help you out.

Read other 5 answers
RELEVANCY SCORE 28.4

OK , I just recieved help before from you guys but , I think my computer is still infected.I did everything instructed before with Malwarebytes, SUPERAntiSpyware Free Edition & Smitfraudfix and Ithought my computer was clean. Now here is the problem and why I think my Explorer exe is infected.I just installed ZoneAlarm firewall and I had the following Malicious IP 216.24.138.135 Blocked ( which this site is known for spreading Rogue-Ware !). OK, now here is the problem , when I put http://update.microsoft.com/windowsupdate/...ault.aspx?ln=enin the Trusted Zone it gives me the same Malicious IP 216.24.138.135 !! So I looked up update.microsoft.com & obvisiouly it's not IP 216.24.138.135 ! Their IP is 65.55.52.148. OK so I block http://update.microsoft.com/windowsupdate/...ault.aspx?ln=en with the IP 216.24.138.135.Then I put update.microsoft.com with the IP 65.55.52.148 in the Trusted Zone.However no matter what I do everytime I go to update.microsoft.com it keeps coming up with this Malicious IP 216.24.138.135 !!An everytime I try to go to update.microsoft with this IP 65.55.52.148 !! I keep being redirected to http://update.microsoft.com/windowsupdate/...ault.aspx?ln=en with this IP 216.24.138.135 !! I keep scanning my computer & nothing shows up. So what do I do ?

A:New Problem : I think my Explorer exe is infected

Sorry to double post but am I the only one having this problem ?

Also still having a drag-n-drop problem with my Windows XP mouse.

Read other 1 answers
RELEVANCY SCORE 28.4

Hello, when using Chrome i get popups and also constantly redirected to a different websites. I am also having problems with programs like antivirus which i cant uninstall. Cant download antivirus because im getting error messages. I cant do anything when on internet because im always redirected or my browser crashes. I cannot upload Addition.txt, i get error "Upload skipped (Error503)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-11-2015
Ran by Famelie (administrator) on VEDRANMARIJA (21-11-2015 03:58:37)
Running from C:\Users\Famelie\Downloads
Loaded Profiles: Famelie (Available Profiles: Famelie)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosti... Read more

A:Infected PC and browser problem

hi,

​Iam only online once or twice per day so you may not get a reply back from me until the following day. We will use FRST to remove some items.

​Copy/paste whats below in the code box into notepad. Save it as fixlist.txt
in the same location you have FRST.

Start FRST like you did before except this time click on the fix button once. Machine may reboot to finish. Upon restart you will find a new log in the same location as FRST called fixlog.txt. Please post the fixlog.txt in your reply.

HKLM\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs [178 2014-04-10] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2242160561-2063767234-543261399-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
C:\Program Files\PCDApp\start.vbs
2015-11-18 14:02 - 2015-11-20 23:47 - 00001006 _____ C:\Windows\Tasks\Mfq2zLRigZ5Oi.job
2015-11-18 14:01 - 2015-11-21 02:27 - 00000000 ____D C:\Program Files\ca373d01-2b6e-4153-b669-af6ed8d41ee2
2014-08-16 19:19 - 2014-02-06 19:06 - 0070210 _____ () C:\Program Files\EULA.eng
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Famelie\AppData\Roaming\Mfq2zLRigZ5Oi
2015-11-07 15:38 - 2015-11-07 15:38 - 0022328 _____ () C:\Users\Famelie\AppData\Roaming\PnkBstrK.sys
2014-03-03 00:11 - 2014-03-04 23:43 - 1626786 _____ () C:\Users\Famelie\AppData\Roaming\temp.bmp
2014-03-06 01:25 - 2014-03-06 01:25... Read more

Read other 1 answers
RELEVANCY SCORE 28.4

I got some sort of virus or something so I shut down went into safe mode and ran Malwarebites. It picked a couple of things and I restarted.

Now I stilll have this weird program called "Ngokab.exe" running at like 80,000 mem usage in my processes. I looked it up and it gets no returns on google. What could this be and what should I do?

A:Got infected, ran Malwarebites still have problem

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 28.4

Hello, and first off I want to say thanks for your time in helping all of us who aren't as knowledgeable with computers. I would like to think I know more than average but you guys really know what you are doing. Ok, yesterday I was infected to be what I figured was a vundo(A .rar file, trying to download software). I lost C:/D: drive access, lost task manager, had a new background with threatening biohazard symbol and phrase, computer was slowed down to just about a stop with some process labeled: ppxcs.exe, had pop ups, and was unable to run any of the very few apps that I had access to. After some time I was able to grab SUPERantispyware from a friends comp with a flash drive and run it. That go rid of most of the problem, still however, I was unable to run HJT or any other apps. After hours of trying I was able to get my malwarebytes software to run and that helped a little, still had that unknown process which was using 99-100% CPU. But I was finally able to run HJT (Log posted below) Oh, also, when I log into windows XP there is a black box that appears in the top left hand corner for a split second, I know that isn't good. Any help would be appreciated, and I would love to know if it's safe to delete that process. Also, my SUPERantispyware log is available if you need it. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:58:52, on 2008-08-27Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning proces... Read more

A:Fixed Most Of The Problem, But Still Infected

Hello Catnap and welcome at BleepingComputer,Sorry to have kept you waiting for so long, but the forums are really busy.If you still need help :1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. After reboot,Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Owner\sccs.exeO4 - HKLM\..\Run: [Css] C:\Documents and Settings\Owner\css.exeO4 - HKLM\..\Run: [ppxcs] C:\Documents and Settings\Owner\ppxcs.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO20 - App... Read more

Read other 1 answers
RELEVANCY SCORE 28.4

Been having trouble removing a "spyware"? or something lately. It has changed the homepage of Windows IE to www.safetyhomepage.com and it says that I have spyware installed and says to download one of the following AV's Spy Heal, Pest Trap, The Spy Guard, Brave Sentry and Malware Wipe. I google searched Spy Heal and found your site and followed the steps of running antispywares and AV's. I don't know if I got the Spyware removed from my comp, but the homepage of IE is back. Anyway I am still going thru the steps so here is the last of it. Thank you.Logfile of HijackThis v1.99.1Scan saved at 1:22:55 AM, on 8/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Real\Update_OB ... Read more

A:Infected With A Spyware Problem?

Hi and welcome. My name is kairis and I will be helping you.You have some crap there! But don't worry, we'll get you cleaned up!Please follow my steps in the right order...We'll start with this:Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.______________________________Please download the trial version of Ewido anti-malware 3.5 from here:http://www.ewido.net/en/download/Install Ewido anti-malware.When installing, under Additional Options uncheck Install background guard and Install scan via context menu.When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.The program will prompt you to update. Click the Ok button.The program will now go to the main screen.You will need to update Ewido to the latest definition files.On the left-hand side of the main screen click the Update Button.Click on Start.The update will start and a progress bar will show the updates being installed.Once finished updating, close Ewido.If you are having problems with the updater, you can use this link to manually update ewido.Ewido manual updates. Make sure to close Ewido before installing the update.______________________________Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files ... Read more

Read other 41 answers
RELEVANCY SCORE 28.4

My computer hs been infected with a.doginhispen, b.skitdayplease. I was getting repeated notices and did not know what they had meant. Now I do not get the notices anymore, but I think they are still there. Now everytime I get online, I get a notice from my Internet Security about a k8l.info. I need help on what is wrong, and how I can get rid of the problem. My computer is super slow right now and doing anything online is a challenge. Any help from expert would greatly appreciated!

A:Help! I Am Infected With A.doginhispen; Problem W/ K8l.com

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.DoginhispenSkitodaypleaseIf your homepage has been changed, go to Start > Control Panel > Internet Options > General Tab and under Home Page, click Use Default. Add default homepage you want to use and click Apply > then OK. Open a new web browser and check to ensure you have the default homepage you selected. When done, "Clear your browser history" by following the instructions provided for your web browser.Download FindAWF.exe by noahdfear and save to your desktop.Double-click on FindAWF.exe to start.If a "Security Alert" shows, allow the program to run.A command prompt will open and ask you to "Press any key to continue...".You will be presented with a Menu.1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXITPress 1 then 'Enter' to scan for bak foldersThe FindAWF tool will begin scanning your computer for the infected AWF files and backups created by the trojan.It may take a few minutes to complete so be patient.When complete, it will open a text file in notepad called awf.txt which will be saved to your desktop.Copy and paste the contents of the awf.txt file in your... Read more

Read other 14 answers
RELEVANCY SCORE 28.4

Here is a notepad file of my HijackThis Log. I do appreciate your time and efforts in helping to solve my problem with thanks in advance.
 hijackthis.log   12.61KB
  1 downloadsI tried to backup my files, but the program shuts down upon start up. I receive security warnings informing me that files consent.exe and dllhost.exe are infected.Merged posts. ~ OBI also cannot run the dds tool or rootkit provided in the preparation guide for this forum.. In fact, any program that I've tried to run to help fix this problem has been shut down. The only reason I have a HijackThis Log is because I downloaded the executable version, which I assume is a remote version.Got my firewall up and running.. still getting security warnings however..Wed 11/11Well, my problem seems to have been resolved. Impatient as I was, I decided to try to get some help from about.com on reading these logs. It gave me examples of what malicious files would look like. Based on that, I chose to fix a few files. It didn't seem like anything happened when I fixed them, but when I turned my computer on today, my computer has no symptoms.. I'm going to post the most recent HiJackThis Log that I have, and would still appreciate it if someone with knowledge could take a look. I didn't write down which files I fixed, so I'm not sure what the exact names of these files were. But I'm sure I didn't delete anything important.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:00:40 PM, o... Read more

A:I think my computer is infected; not sure what the problem is

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimized

Read other 2 answers
RELEVANCY SCORE 28.4

Hai,

I am facing a problem. My system taskbar & Icons often disappears.
I am getting an alert that Norton Antivirus is out of date - from notification area. My norton is not update as its a trial ware.

I had also used SDFix, Adaware, Mc fee & cleaned the system.
Each time i am running task manager for opening My computer & it get closed in just 5seconds

Kindly help tosort out.

Vijay

A:Infected (or) Its A Problem? - Could'nt Guess

Hi and welcom to this foruma few concerns to start with; you say you have Norton on board ? but you also say you have McAfee ( is that the antivirus program?) if so you actually have TWO antivirus programs on board could you please clarify that?It would also be helpful to know which windows version you are running ?who suggested you run the SDfix? as that tool is only intended to be run under strict supervision when recommended by Trained experts(please see this thread and http://www.bleepingcomputer.com/forums/ind...82&hl=sdfixthis quote by Boopmee ( moderator ) from it Tools like SDFix are specialized tools normally used by malware removal experts who are helping others to investigate and remove malware infections in the Hijackthis forum. They are intended to be used under the guidance and supervision of an expert. Using a specialized tool incorrectly could adversely impact your system.)

Read other 9 answers
RELEVANCY SCORE 28.4

info.txt logfile of random's system information tool 1.05 2008-12-22 20:17:07

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe&... Read more

A:Infected with "you have a security problem"

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

Read other 1 answers
RELEVANCY SCORE 28.4

Hi,

Summary thus far:

I have a WinXP machine T500 Lenovo laptop, that which started behaving strangely. A virus scan (Avast) found some infected files and root-kit and quarantined a bunch (8) of .sys files:
- afd.sys,
- cdrom.sys,
- redbook.sys,
- serial.sys,
- ipsec.sys,
- netbt.sys,
- i8042prt.sys
- mrxsmb.sys

Once rebooted, there is no keyboard and track point since i8042prt.sys is gone, there is no CDROM (CDROM.sys), and no Internet connection (IPSec.sys).
I tried restoring the missing files with the following methods (as suggested in various posts here and elsewhere): copy from another machine, use regsvr32 to register them (fails), expand from xp cd install dir, use sfc. None of these methods made any difference.

Not knowing the forum rules, I also ran various additional cleanup tools including ComboFix and TDDSKiller, but to no avail.

Along the way I occasionally get the dreaded bluescreen of death.

Additionaly the the access connections service AcSvc.exe and it's child SvcGuiHlpr.exe processes immediately begin consuming 50% CPU each choking my pc. I can only resume work by suspending them using Process Explorer.
I have disabled the AcSvc service to allow things to run without interference.

Preparation Guide:

DDS ran without trouble. Log below and Attached.txt attached.
After running for over 1 hour (file scanning phase) GMER produced an error dialog saying that drive c: cannot be found (I couldn't save it), then similarly other app did not se... Read more

A:Infected driver problem

Hello _Adi and welcome to BC.You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.================================= Please post the resulting log of Combofix when you run it, the log is located at C:\Combofix.txt. Download OTL to your Desktop.Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Copy and Paste the following code into the Custom Scan/Fixes box.
%systemroot%\*. /rp /s
netsvcs
CREATERESTOREPOINT
/md5start
afd.sys,
cdrom.sys,
redbook.sys,
serial.sys,
ipsec.sys,
netbt.sys,
i8042prt.sys
mrxsmb.sys
/md5stop

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

Read other 41 answers
RELEVANCY SCORE 28.4

Hi all,

I seem to have a bad infection of trojans and stuff. I get popups intermittently, my default homepage changes to some search page (the default now reads 'about:blank') and some dodgy links get added to my favourites. I ran Spybot S&D but it found nothing. I also ran adaware which found some probs but seemingly not all. I then ran Spoydoctor which found over 200 threats but I haven't purchased the software so cannot delete them. I tried to paste the log that it produced but this site won't accept it due to the rule about URLs. Can anyone advise me on a course of action to get rid of these irritating probs?

Many thanks in advance,

Mark
 

A:Solved: Infected Pc problem

Read other 9 answers
RELEVANCY SCORE 28.4

Hallo , i have a serious problem with my pc.
In the last month i have one or more daily BSOD - of my Windows 7 - 64 bit. 
In this machine i use Photoshop, Illustrator , Indesign , Maxon Cinema 4d and Autodesk autocad.
I dont use overclock - i have 8 gb ram - ATi radeon hd8500 - 3 hard disk - processor AMD 
 
Looking for a solution in internet i read about Blue screen wiever and i discovered that the driver tha alway cause the crash is "NTOSKRNL.EXE"
 
I also read that there are many reasons that may block this driver. Then i did the following steps :
 
- a full scan with Malaware Byte 
- a full scan with Kaspersky Pure 3.0 antivirus (it found and deleted a visrus attached at cad file)
- an hour scan with Mem test (no - errors)
- scf scannow
- updated the ati HD8500 drivers and tested the hardware with OCCT
- used hijack this (but i cant understand a lot of the report
- used CPUID monitor : temperatures seems normal
 
After these steps the situation is chanced because the system crash specially when
 
- i run Combofix in normal mode (in the safe mode of windows Combofix complete the scan and deleted a file in flash player folder.......dont know why)
- i run Windows defender
The processor  always run  between 5% and 25% and ram  used is always about 1.9 GB : this is not normal for this machine i think i never seen this values before. The fans run very fast.
 
Can it be a virus ? Or some other hardware problem? .......... Read more

A:Problem with NTOSKRNL.EXE........am i infected?

A little update............
- i tried Malware antirootkit..............pc crashes;
- I tried aswMBR .............pc crashes.
 
now i havent BSOD when pc crash but only a messed up screen and total block of machine. I have to restart with the button in the case.
 
Any suggestion?   

Read other 3 answers