Over 1 million tech questions and answers.

Large infection; No internet connection, possible TOTOUR.EXE responsible.

Q: Large infection; No internet connection, possible TOTOUR.EXE responsible.

Hello,

This is my first time on your forums. I have tried everything, but my DIY has reached its wit's end. I am running a Windows XP (using Mozilla Firefox as my browers) system with a wireless DSL connection. I have been plagued by issues and I am left unable connect to the internet while still had an IP address . . . When I logged into Windows, I got a dialog box warning that mmwnd.exe was unable to load. I searched online for solutions and was lead to the spyware removal software PREVX 1.

I installed this and it found several infections, which it was able to isolate and remove. However, I was still unable to connect. Occasionally PREVX would trip on a piece of malware it called TOTOUR.EXE, upon finding this and isolating it (although it never showed in up as isolated) I was able to connect to the internet. However, when PREVX was unable to locate it on a restart I still had no connection.

So I again searched online, and saw that i should remove TOTOUR.EXE with killbox. This didn't work, apparently.

Further searching lead me to another virus checker called Superantispyware Pro. I installed this and ran it. It found, around 200 of pieces of malware/tracking cookies on my machine that it removed without incident. (To be extra sure, I ran it in safe mode too. It found a couple of hundred more(!). I scanned another time, and I actually think that it's finding the same pieces of malware but unable to remove them.

So this is where I am at. I have no internet connection (my wireless card hangs on "locating network address".) I get dialog boxes that Symantec Antivirus is (clearly) broken because it's virus definitions are missing, and I am lead to believe that my Spybot Search and Destroy is no longer functioning either.

Finally, upon logging onto XP I am get a dialog box that says, "CCapp:ccapp.exe failed: Because mswsock.dll wasn't found." After clicking OK, I then get: "Ordinall 1109 couldn't be located in dynamic link library."

Here is my Hijack this profile:

Logfile of HijackThis v1.99.1
Scan saved at 8:50:33 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Hunchback Fairy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C91CFA9E-DEC2-4B0B-9AF9-FA98FC1A52D2} - C:\WINNT\Drivers\rdvsis.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINNT\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Welcome.lnk = C:\Temp\Welcome.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\mswsock.dll' missing
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {819F4767-7EFB-11D2-B7D1-0000F67E39D0} (WrkTimes.ctlWorkTimes) - https://ptaweb.state.wi.us/PTAWeb/DLLs/WrkTimes.CAB
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = doa.wistate.us,doa.state.wi.us,state.wi.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = doa.wistate.us,doa.state.wi.us,state.wi.us
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = doa.wistate.us,doa.state.wi.us,state.wi.us
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: origami - C:\WINNT\system32\hlolink.dll (file missing)
O20 - Winlogon Notify: rdvsis - C:\WINNT\Drivers\rdvsis.dll (file missing)
O20 - Winlogon Notify: ulspjpxu - ulspjpxu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ieupdater22 (Microsoft IEUpdater22) - Unknown owner - C:\Documents and Settings\ie_updater.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TSCensus Collection Client - Unknown owner - C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe (file missing)

---------------

Thanks in Advance for any Help!
Thorubos

RELEVANCY SCORE 200
Preferred Solution: Large infection; No internet connection, possible TOTOUR.EXE responsible.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Large infection; No internet connection, possible TOTOUR.EXE responsible.

Hi, thorubos

Welcome!

Ty the following options:

First run SFC /Scannow

In the event there is a missing file it will be restored.
Enter your Control Panel and double-click on Network Connections
Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL, or AOL Connection.

Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen
Restart the computer
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer and Test

If that does not resolve the issue follow these steps:

Reset the Internet Protocol (TCP/IP)

Go to Start->Run, type CMD and click Ok. The MSDOS window will be displayed. At the prompt type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
Exit
Restart the computer.

Warning Programs that access or monitor the Internet such as antivirus, firewall or proxy clients may be negatively affected when you run the netsh winsock reset command. If you have a program that no longer functions correctly after you use this resolution, reinstall the program to restore functionality.

Run the following commands:

regsvr32 netshell.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll

Restart the computer and test.

If still having problems connecting, check if the DNS Client service is either Stopped or disabled.

1. Click Start, click Run, type services.msc, and then click OK.
2. In the list of services, click DNS Client.
3. Make sure that the Status column displays Started and that the Startup Type column displays Automatic.
4. If the service is not set to Started or if the startup type for the DNS Client service is not set to Automatic, follow these steps:
a. Right-click DNS Client, and then click Properties.
b. In the DNS Client Properties dialog box, click the General tab, and then click Automatic in the Startup type list.
c. Click Start, click Apply, and then click OK. ​
Restart the computer and run ipconfig /flushdns at the command prompt. Restart the computer again and test.

Last Option, rebuild the Winsock:

Step 1: Delete the corrupted registry keys

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

4. When you are prompted to confirm the deletion, click Yes.

Note Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.

Step 2: Install TCP/IP

1. Right-click the network connection, and then click Properties.
2. Click Install.
3. Click Protocol, and then click Add.
4. Click Have Disk.
5. Type C:\Windows\inf, and then click OK.
6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

If Internet Protocol (TCP/IP) does not appear, follow these steps:

a. Click Start, and then click Search.
b. In the Search Companion pane, click More advanced options.
c. Click to select the following three check boxes:• Search system folders
• Search hidden files and folders
• Search subfolders

d. In the All or part of the file name box, type nettcpip.inf, and then click Search.
e. In the results pane, right-click Nettcpip.inf, and then click Install.

7. Restart the computer and test

Read other 1 answers
RELEVANCY SCORE 63.6

I messed up my desktop horribly. I clicked a tracker link because I wanted to investigate why my torrent (being used on BitTyrant) was taking so long. My machine immediately started to lock up and run very slow. In my stupidity I restarted it used an external restart button. So unlike all other posts I've seen where the user's could still get into Windows I cannot. Every time it tries to boot it gets to the Windows loading page and the blue screens and restarts. I can get into safe mode after 1-3 tries and have miraculously got some anti-virus software over there. Most helpful being SUPERAntiSpyware. I still cannot get rid of C:\cd1041.nls and Trojan.Spam-RUCrzy seems to keep regenerating itself, Will post a HiJackThis log asap.

Thank you for any that help.
 

A:totour virus? cd1041.nls appears but no totour

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:20, on 2007-07-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: remotepu - {DC16B899-EB0A-CA48-750E-2C262E8BC74E} -... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

Well, this is the first time that I have had to post here despite the numerous virus and malware infections I have had to deal with. For the first time the combination of CA AntiVirus and MalwareBytes has failed to clear a problem. CA Antivirus reports an infection of Vundo.CEH in a file "C:\Windows\system32\cyzystno.dll", and I cannot get this file deleted. CA-AV cannot quarintine the file, MWB cannot deal with it, Killbox cannot touch it (Rename function over-ridden by a system process), etc. There are no other viruses detected by the antivirus scan. I come waving my white flag and posting my log file. I consider myself an expert PC user, programmer and system builder, but I confess I am beat. I'm planning on having a backup boot partition from now on to better facilitate the deletion of such files in the future. <sigh>...I remember when Vundo was easy.

Here is the log - I suspect a link with the unnamed BHO entry:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Greg at 22:43:52.20 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2710 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService... Read more

A:Vundo.CEH Infection - Cannot Delete DLL Responsible

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 6 answers
RELEVANCY SCORE 56.8

Ok, before you get all angry that I didn't follow all the steps in the list at the top of the page, I have an excuse. I CAN'T GET ON THE INTERNET. I'm using my roommate's computer (which is not connected to my own, thank god) to post this.

I have a multitude of issues, but I have a feeling that they are all a result of one BIG issue. I'll list them as well as I can, in no particular order:

- No Internet. Just get the annoying "Page cannot be displayed" page. This is a big one.

- Most of the time I can't even get to my desktop. When starting up, I get this EVIL Blue screen of death, that says something IRQL Error and something having to do with NDIS.sys.

-Sometimes, if I restart my computer enough, it will allow me to get to my desktop, but then nothing loads. Just the icons and the wallpaper, but none of the icons in my taskbar are showing.

- A few days ago, I had sporatic internet access but my AVG kept alerting me of a Trojan called totour.exe. And now most recently one called msnetax.dll as well.

I think this may be all of them. My computer is loaded in Safe Mode at the moment, and there it shall stay until I figure out what to do next. I realllllllly need some help, you guys. Please?

And since I know you'll ask, here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:46:01 PM, on 4/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIND... Read more

A:totour.exe, msnetax.dll, no internet, blue screen of death, etc...AKA, HELP!

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 2 answers
RELEVANCY SCORE 56

Ok, before you read this, keep in mind that the infected computer has no internet access, so my solutions are limited. I'm using my fiance's computer, so I can do a little with going back and forth between computers if I copy things to disks..

I have a multitude of issues, but I have a feeling that they are all a result of one BIG issue. I'll list them as well as I can, in no particular order:

- No Internet. Just get the annoying "Page cannot be displayed" page. This is a big one.

- Most of the time I can't even get to my desktop. When starting up, I get this EVIL Blue screen of death, that says something IRQL Error and something having to do with NDIS.sys.

-Sometimes, if I restart my computer enough, it will allow me to get to my desktop, but then nothing loads. Just the icons and the wallpaper, but none of the icons in my taskbar are showing.

- A few weeks ago, I had sporatic internet access but my AVG kept alerting me of a Trojan called totour.exe. And now most recently one called msnetax.dll as well.

I think this may be all of them. My computer is loaded in Safe Mode at the moment, and there it shall stay until I figure out what to do next. I realllllllly need some help, you guys. Please?

And since I know you'll ask, here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:46:01 PM, on 4/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running process... Read more

A:totour.exe, blue screen of death, no internet, etc etc...my computer is hooped. Help!

Hello? Is anyone out there?
 

Read other 1 answers
RELEVANCY SCORE 54.4

Hi Everyone,

I am wondering if anybody can tell me which plug-in is responsible for loading Excel documents into the Internet Explorer browser when I click on an Excel document hyper-link?

I have been able to find instructions on how to stop Internet Explorer (or other browsers) from opening Excel documents but this information is of no use to me.

My challenge relates directly to an issue that I am experiencing with SharePoint Online as described below:

Browser view of documents is not accurate!

Any help with this will be greatly appreciated.

Kind Regards,

Davo
 

A:Which browser plug-in is responsible for opening Excel docs in Internet Explorer

Read other 7 answers
RELEVANCY SCORE 51.6

Is there a virus, trogan, worm,etc. that can cause limited or no connectivity to the internet? I have a Dell Dimensin 8250 computer on which I am running windows XP, all of a sudden I get a limited or no connectivity warning. It is not the internet connection or company, because I can access the internet using the my older computer and I have contacted the internet provider and had them check. It started with programs not shutting down properly when shutting down the computer. Then, windows defender was disabled and I can no longer even get into windows defender, from there it went to not internet. If it is a virus, trogan, worm etc. how do I get rid of it without accessing the internet. I have run hijack this and will post the log.Logfile of HijackThis v1.98.0Scan saved at 12:09:10 PM, on 1/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program File... Read more

A:Can Infection Cause No Connection To Internet?

You did not post the entire logOpen the log in notepadEDIT - SELECT ALLEDIT - COPYThen come to this message, and in the quick reply box click in the white space and then EDIT - PASTE=============================You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{5695FB9A-707F-4EB2-AF2A-1ACDDBEF458B}: NameServer = 85.255.116.148,85.255.112.10O17 - HKLM\System\CS1\Services\Tcpip\..\{5695FB9A-707F-4EB2-AF2A-1ACDDBEF458B}: NameServer = 85.255.116.148,85.255.112.10If you have connection problems after this* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .? Double-click the Network Connections icon? Right-click the Local Area Connection icon and select Prope... Read more

Read other 7 answers
RELEVANCY SCORE 51.2

Hello All: I think that I have picked up something elusive.  My svchost.exe keeps connecting to traffic.acwebconnecting.com.  I have at least 10 DNS client errors daily. My intenet connection has been slow and my Chrome extensions have been erased twice. Comodo recently started blocking 224.0.0.252 yesterday.   
 
I am using Windows 7 Home Premium 64.   Windows Essentials antivirus, Comdo Firewall 5.12, and Mvps Hostman. 
I have scanned with, Malewarebytes, Spybot, Windows Essentials, Hitman Pro, TDSSKiller and the scans report clean.  Can someone please help?  My DDS.Txt are below.  Thanks.
 
 
 
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.11.9600.16518  BrowserJavaVersion: 10.51.2
Run by Cynda at 16:57:14 on 2014-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4009.2690 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svch... Read more

A:Internet connection slow, possible infection?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===It migh just be that you Hosts file is malformed.I suggest you reset back to the default.How To:http://support.microsoft.com/kb/972034Use the Fix it button on the page.When all is well you can install the 3rd party hosts file you normally use.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double... Read more

Read other 10 answers
RELEVANCY SCORE 51.2

This may seem like a simple problem and it is annoying rather than being too serious but I wondered if it could be an indication of a more serious problem.

I have Vista and run McAfee Internet Security Suite as well as SUPERAntiSpyware. The problem is that if we visit any sites with any "live" chat - and to be fair the only sites are my partner's bingo sites then she can never connect to their chat rooms. When we operated XP she could and also when we first got Vista she could (although initially she could only connect to some of the chat rooms) but now all her sites fail to connect to the chat, but the actual connection to the site and playing bingo is fine.

And the end of the day, to me the less time she spends on bingo the better , but I thought I would ask in case it suggests other connection problems. We have no other problems with internet connection.

A:Poor Internet Connection Or Infection?

Hello, reggieboy.It is likely being firewalled by McAfee. I doubt that suggests a malware problem, but we can check if you like.If you want to check:Please go to ESET OnlineScan (NOD32)You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of UseNow click StartShould you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click YesClick StartNote: (the Onlinescanner will now prepare itself for running on your pc)To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"Press ScanThe Onlinescan will now start and scan your pc (this could take a while)When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the windowClick Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txtThe Scanresults will now open in NotepadClick into the text area, right-click and chose "select all" (or use <Control>+A)Right-click again and chose "Copy" (or <Control>+C)Close/Exit NotepadNavigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this... Read more

Read other 14 answers
RELEVANCY SCORE 51.2

Hi; I posted previously in another forum, and after I was helped along, I was asked to post my topic here. I am trying to restore internet accessibility to my sister's laptop and get rid of all her malware as well. I have previously scanned with Malwarebytes, which removed 23 threats.Some things I have tried before posting on the last forum include:-Using command for "netsh int ip reset reset.log", resulting in the message "Resetting Echo Request, failed. Access is denied. Reseting Interface, OK! A reboot is required to complete this action."-Using command for "netsh winsock reset catalog", resulting in the message "The system cannot find the file specified."-Using command for "sfc/scannow", which seemed to run fine.-Running msinfo32, to find under Components>>Network>>Protocol that the list was empty.-Scanning with FSS, which showed that "Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: other errors. Attempt to access Yahoo IP returned error: other errors".What I was advised to do by the previous BC Adviser:"Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Download FSSCheckmark all the boxesClick on "Scan".Please copy and paste the log to your reply.Download mini toolboxCheckmark following boxes:Flush DNSReport ... Read more

A:No internet connection; Unsure of infection

Hi,

I noticed that my topic is the oldest one with no reply, and I have seen many topics posted days later than mine that have already received support feedback. I read the guidelines for the forum, and the note to please be patient as the "average response time is 5 days". It's been 5 days now, and I wanted to check and see if this topic was simply missed or that I was told to post it in the wrong section so it is being ignored.

Thanks, and hope to talk with you soon.

-tdzhgf

Read other 14 answers
RELEVANCY SCORE 51.2

Hello, my parents were using the computer and I don't know what they install and now the internet connection is slow.

I can't even get on Google.com
Looks like the page was been redirected.

I scanned with Avast and nothing is detected. With MBAM, it detected around 30 infections and I will post the log below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2011 3:41:28 PM
mbam-log-2011-11-28 (15-41-28).txt

Scan type: Quick scan
Objects scanned: 194663
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 30

Memory Processes Infected:
c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> 1796 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegistryHelper.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service (Rogue.RegistryHelper) -> Quarantin... Read more

A:Infection that slow down my internet connection

Can you perform a complete scan?

Read other 7 answers
RELEVANCY SCORE 51.2

Hello All
 
I noticed during virus scan checks that when I remove the plsapp.dll I have no internet afterwards? So naturally I went to the virus vault and added it to the exceptions as a work around for the time being. Well now I'm tired of my connection dropping every time my scan removes this file even though I've added this to the exceptions? I love the work you all do here and would love to learn what I did that caused this to happen and prevent it happening again not only for myself but others also.
 
Please help
 
Thanks In Advance

A:Plsapp.dll infection no internet connection

Hello and welcome to Bleeping Computer! 
 
From my research of the plsapp.dll file, it seems to be from a program called PureLeads. However, I still need you to do some preliminary tests:
 
1. Download Mini Toolbox and save it to your desktop. Run it, and please checkmark the following options. Note if you do use a proxy, be warned that this tool will reset your Firefox and Internet Explorer proxy settings.
 
Flush DNS
Report IE proxy settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Setings
List content of Hosts
List IP configuration
List WinSock Entries
List last 10 Event Viewer logs
List installed programs
List Devices
List Users Partitions, and Memory Size
List Minidump Files
List Restore Points
Hit Go  and post the result of the file Result.txt. It should be on your desktop.
 
_______________________________________________________________
 
The next program we are going to run is called Security Check. Download and save the file to your Desktop.
A command prompt window will appear when you open it.
This is NORMAL.
 After this a text document will open automatically called checkup.txt at the top . Post that into your next reply. 

Read other 25 answers
RELEVANCY SCORE 51.2

Hi, I was redirected here from the Networking forums.

my computer was recently attacked by a very nasty fake antivirus program. I have managed to get rid of it (or at least it seems that way), however, now my internet connection isn't working. My computer is connected to a router via ethernet cable. It shows that it's sending out packets, but won't receive any.

I have tried many different things already. I've unplugged the router, reinstalled the broadcom drivers, ran the winsockxp fix, etc.

When I do the run~cmd~ipconfig /all command this is what I get:


Windows IP Configuration

An internal error occurred: the request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional Information: Unable to query host name.

C:\Documents and Settings\Paul>

I also cannot start windows firewall. It gives me an error message saying it cannot start the windows firewall/ ICS service.

I have also enabled the obtain the IP and DNS server address automatically in the protocol settings as well.

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 21:00:01.57 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.462 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32... Read more

A:Malware Infection / No internet connection

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 50.8

The laptop won't connect to the Internet (it connects to the notwork, but wont connect to the Internet). I did a malwarebytes scan and it had 21 infections, and I "fixed" them all with malwarebytes, but it still won't connect to the Internet.

I know it's not a network issue or anything on my end, because I have 4 other computers and my cellphone all hooked to the same Internet and none of them are having issues.

Here's my hijack this log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:30 PM, on 3/18/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 ... Read more

Read other answers
RELEVANCY SCORE 50.8

Hello,
 
running windows 7 home prem service pack one on HP pavillion dv6 notebook.
 
I suspect a malware infection as in IE the home page is http://i.e.redirect.hp.com/svs/rdr? there also was infection by delta search.
 
The internect connection does not work. Yellow triangle symbol over icon on taskbar, although is connected to wireless network.
 
Through network and sharing center an unidentified network is listed with a red cross between that and the internet. Windows diagnostics and troubleshooting do not resolve the problem. Becuase I have lost the internet connection it is not easy to cut and paste error messages and logs and am posting from a mac which has no problem in accessing the same wireless network.
 
Help would be greatly appreciated as I've seen from other posts that these issues can be complex if malware is involved. Can the malware subvert the internet connection and set up the unidentified network.
 
thanks in advance and look forward to hearing from you.

A:possible malware infection that has knocked out internet connection

Hello -
Please read and follow This topic. first as Delta Search is the same type of program.
Then select your browser type and reset your homepage back to normal.
These are advertising programs that will try and redirect you to their contacts.
 
You may need to use 1 or 2 Flash Drives to transfer information (or try Safe mode)
 
After you disable the Add on or Extension, please run these programs, and we will check for remains.
Please download all programs to desktop, and use Copy and Paste for your replies.
Windows Vista / 7 / 8 users may need to Right click and select Run as administrator.
 
 
First -
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.
 
 
Next -
Please download MiniToolBox to desktop and run it.
Checkmark following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the... Read more

Read other 13 answers
RELEVANCY SCORE 50.8

Hello All,First of all, in advance thank you for your help and contributing to this site.That being said my issue is this. On a wireless internet connection, worked fine for over a year. However about 2 weeks ago i installed and ran Malwarebites Anti-Malware and found some trojans and other misc viruses. After quaranting and deleting those i thought my comp was clean however now it is blocked from accessing the internet.First it wouldnt connect period and then I discovered that my ip adress, subnet mask, and gateway numbers had all been changed to 0.0.0.... So i manually entered those in, now what happens is that the internet will connect for a brief second and then close down and again a couple times before giving up. I have no ping to any sites. Attached is a Hijack this log Thanks again for your help. I have enabled auto-updates for this thread as well to ensure timely responses

A:Internet Connection Issues after Malware Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 50.8

I went through a major infection today.  MalwareBytes attempted removal but failed.  I downloaded Avast and ran a bootup scan, which removed most of it, but a nasty SYSWOW64/dnsapi.dll virus remains.  My connection to the internet is terrible, and some websites fail to load at all.  MalwareBytes and another program refuse to install, and Avast bootup scan finds the virus, but fails to remove it.
 
I am using Windows 7 64 bit

A:Major infection - affects internet connection

Welcome aboard  Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 50.8

Recently noticed pop ups frequently coming up even though I use AdBlocker. They said that they were from "DNS Unlocker". I realised this was likely malware and ran Malwarebytes to try to get rid of it along with Avira Antivirus. I had a approximately 60 hits in total and told the programs to quarantine them.
Once I reset my computer my internet connection no longer worked, I can't work out why
 

A:DNS Unlocker infection, tried to remove but now I have no internet connection.

I also just ran AdwCleaner, here is the file.
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hello,
 
I have run through the malware detection and removal with nokojon (see another post). He advised me to run DDS and post the logs here (See below).
 
The problem that I have is that due to possible malware infection it has knocked out my internet connection probably by messing with the connection setting. The sytoms of this are:-
 
1. Not being able to connect to the internet.
2. A small yellow triangle with an exclamation mark over the status of my connection on the taskbar, however when clicked on it says that i am connected to my wireless network.
3. An unidentified public network is shwon and I can't get rid of this. In the network and sharing center it appears between the lapto and  the internet.
 
As an aside I know the wirless is ok as I connect another laptop to it fine.
 
Please let me know if you require any other info. For the previous logs re: malware detection and removal please see the thread with noknojon.
 
Many, many thanks in advance.
 
Andy
 
DDS.TXT =>
-----------------
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798
Run by Chippy at 8:46:18 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3999.2227 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated... Read more

A:possible malware infection that has knocked out internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530568 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 11 answers
RELEVANCY SCORE 50.8

I opened what I thought was a folder, but what was in fact an .exe with a folder icon..stupid of me
I ran scans with NOD32, Ad-Aware, Spybot S&D. Spybot detected a .bat in the temp folder constantly trying to run after infection and I chose to delete it.
Combofix got rid of a few things afterwards (neglected to save the log file).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:20 PM, on 14/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SteamWatch\SteamWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Documents and Settings\LukeB\Desktop\X-Fi Changer\XFiMode.exe
C:\Program Files\Lavalys\EVEREST Corporate + Ultim... Read more

Read other answers
RELEVANCY SCORE 50.8

Downloaded a file that I later found out has a trojan attached. Here's the logs:



DDS (Version 1.0) - NTFSx86
Run by Daniel at 0:16:11.78 on Sun 11/16/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.417 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k i... Read more

A:Trojan Infection & Slow Internet Connection

*bump*

Read other 5 answers
RELEVANCY SCORE 50.8

Hi Bleepingcomputer ^^

I have been going nuts for allmost a week now and desidet to get some help =S

So to start from the beggining:

1. Got the win 7 security 2012 virus.....
2. Did the removal with FixNRC, then Rkill and finaly deleted it with MBAM
3. Afterwards i could'nt get connection to any internet at all just keept identifying
4. I tryed ALOT of things to make it work and finaly by reinstalling the win-sockets i got back on the internet =D
5. I took a closer look and it turns out only the things not connectet to microsoft could connect to the internet (firefox & skype) when i try to run Internet Explore (IE), Windows update, MSN or a pc-game it says that its offline/not connected.
6. I diagnosed the problem in IE and it said that the proxy couldnt be connect automaticly.
7. I've tryed to put in a proxy server (did'nt work) and reseting it (did'nt work)

Now i've tried for 5 days to make it work and nothing has done it for me =(

Pleace help, i'm awaiting orders =)

A:Microsoft has no connection to the internet after malwere infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Hi everyone - New to site.
 
My nephew was using PC IExplorer and said a Notification pop-up saying something like - encrypting files - he tried to exit the page and couldn’t so he powered off the PC.
 
Now PC doesn’t recognize my broadband connection (hardwired connection). Went to Control Panel-Internet Options-connections. It lists Broadband Connection and never dial a connection. Clicked LAN Settings show a check at Automatically detect settings. The Proxy server section is not checked.
Closed out with ok Clicked Connect to internet - Clicked existing option "Broadband" next - unable to connect - clicked diagnose response was detected a problem but was unable to fix. Went back to internet connection cleared everything and reapplied as above. Now when I click Connect to Internet I get Error 797 modem not found or was busy.
 
Removed the hardwired Ethernet connection from the PC and connected it to Laptop. Laptop connection works fine.
 
I don’t know how to proceed.
 
As per the posted guidelines, I downloaded DDS to a flash-drive and then copied to PC and ran DDS.
7-13 DDS.TXT is below and 7-13 Attach.TXT is attached.
 
Any help is appreciated - Jim

 7-13 Attach.txt   9.64KB
  1 downloads
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by Jim at 12:34:33 on 2014-07-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1972 [GMT -4:00]
.
... Read more

A:Infection - Vista PC - No Broadband connection to Internet

Hello 3Jim3,My name is Cody and I'll be helping you clean up your computer. I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.==========================================================================Some points for you to keep in mind:Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I w... Read more

Read other 26 answers
RELEVANCY SCORE 50.8

I am struggling with the after effects of a System Tool (rogue anti-spyware) infection on a Vista machine that has left me with no Internet connection.I believe the System Tool infection has been successfully removed. There are no proxies set in Internet Options > Connections. Computer will connect to LAN & WLAN but only with local connection. No Internet connection from this computer. LAN and WLAN reset themselves to APIPA addresses on reboot even though DHCP is working fine and even after I save manual IP addresses for each interface (i.e. they aren't saved permanently).ComboFix reports the following message in the Command window on launching (and then continues) and again at Stage 38, even though I am signed into the Administrator account and "Run (ComboFix) as administrator":Access Denied. Administrator permissions are needed to use the selected options. Use administrator command prompt to complete these tasks.It seems like some network settings have been compromised in Registry &/or some permissions have been altered by System Tool before removal.Any help would be greatly appreciated and the helper will receive my undying admiration.The contents of the ComboFix log are as follows:ComboFix 11-02-28.07 - xxxxxxxx 01/03/2011 13:31:27.1.2 - x86 NETWORKMicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.44.1033.18.3068.2619 [GMT 0:00]Running from: F:\ComboFix.exeAV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4... Read more

A:No Internet connection after "System Tool" infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 50

I somehow got the virut virus 2 days ago. I have tried a number of different scans to get rid of it and the last 2 McAfee scans did not uncover any objects. However, I am concerned that when I now connect to the internet there appears to be continuous activity on my connection even when I do not have a web browser open.

I have Windows XP with Service Pack 3 (ver 5.1). I have McAfee installed with the latest updates. On a few occasions since this happened my protection suddenly becomes disabled. I have also run scans with Spybot and Dr. Web Antivirus 1st Aid. I have performed around 10 scans in safe mode with system restore turned off. I tried to download the AVG virut virus remover but my computer was not able to download it.

This may not be related but I will mention it just in case. Two weeks ago I installed Registry Utilities Pro by Avanquest. Now when I try to run it I get a "file corrupted" error message. Is there any reason to suspect that recently cleaning my registry would have made my computer more susceptible to getting a virus?

Any guidance anyone can offer will be greatly appreciated. I don't know much about computers but I have been reading anything I can find about this virus and how to get rid of it. At this point I have more or less resigned myself to having to reinstall everything but want to get advice from an expert before giving up.

Mike

A:virut infection - internet connection appears corrupted

Hello and welcome. First please uninstall the registrty tool from Control Panel,Add Remove..These tools can do more harm than good.Next run SDFix:Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 15 answers
RELEVANCY SCORE 50

Recently, I have a hard time loading each page on my Desktop Computer. I went to the speedtest.net to test the speed. It turns out that the speed goes down to 1.60 Mbps. (My service is 12 Mbps)I thought it would be the problem on the internet provider side so I opened up my laptop to check the speed. It reported that the speed is around 12 Mbps. I thought this was strange.I disconnected my Desktop Computer (It runs Windows 7 64-bit) from the internet and ran SpywareDoctor with Antivirus in "Intelli-Scan" mode. It found 300+ infections. It told me to restart so I did. I ran the scan again in the same mode but there is no infection. However, I am not sure whether my computer is not infected. I ran DDR and got the following log file. (I cannot run GMER because it says "C:\Windows\system32\config\system: The system cannot find the file specified.")What should I do? What indicates that my computer is not infected?Thank you very muchDDS (Ver_10-03-17.01) - NTFSX64 Run by thaipokecard at 9:16:28.90 on Mon 09/13/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4255 [GMT -5:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Window... Read more

A:Slow Internet Connection. Possible Malware or Virus Infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 12 answers
RELEVANCY SCORE 50

Hi,
 
Thanks in advance for your time.  
 
Windows 8.1 having trouble maintaining a connection or the connection is really slow.
 
flushed dns, released and reset ipconfig.  
 
ran malwarebytes....nothing found.
 
Found some suspicious programs allowed into application rules /firewall of Kaspersky....so reinstalled Kaspersky.   
 
New Kaspersky  did speed up the display some, and the connection has less tendency to drop.
 
However, I wonder if there my be an infection somewhere that is not being found by either kaspersky or MBAM.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Jean (administrator) on HARDWOODMAIN (01-10-2015 09:52:07)
Running from C:\Users\Jean\Desktop
Loaded Profiles: Jean (Available Profiles: Jean & Rolly & Admin & Guest)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe... Read more

A:8.1 Internet connection drops or is extremely slow -possible infection?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Why is the file attachment option missing?Next time you post a reply before you press the Post button, select the More Reply OptionsFollow the instructions to attach the Addition.txt file.Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> Defau... Read more

Read other 25 answers
RELEVANCY SCORE 49.6

Hello,

I have a Sony Vaio desktop computer running XP with SP3 installed.

I accidentally picked up Antivirus Soft on Tuesday night and thought that I repaired with Malwarebytes in safe mode that evening by removing the 6 infected files that were found. However, some issues appeared after running MBAM: there is a serious hang upon loading the desktop when I first turn on the computer (only the wallpaper appears and it stays there for ~5 minutes); when the desktop finally appears, a "service manager" box pops up and runs something that I can't catch because it goes by too fast; when I try to open internet explorer (8), that also hangs for an eternity before telling me it can't open my homepage; my internet connection is wonky (no connection at all, when I try to release and renew my IP it says that "RPC server is unavailable").

Tuesday night I limped through my homework and somehow (I really do not know what I did that allowed access) connected to the internet. I left the computer on overnight and Wednesday continued using the internet. I was attacked by Antivirus soft again (by opening what I thought was a pdf file), swore, and attempted to use Malwarebytes to fix a second time. That repair found more infected files than the fix on Tuesday night (10 I believe), which I removed. For good measure I also ran AVG antivirus. Both scans reported a clean computer. The desktop hanging issue, service manager script and inability to connect to the in... Read more

A:Antivirus soft infection twice in two days; no internet connection after repair

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix and the Microsoft file to a USB drive on another computer and transfer the files to your desktop.

------------------------------------------------... Read more

Read other 9 answers
RELEVANCY SCORE 49.6

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

A:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 18 answers
RELEVANCY SCORE 49.2

I recently resurrected my computer from a 2 year old HDD failure and have undergone the long process of OS reinstall, update and recovery (SP3 for XP BSOD'd my computer until I system restored), but everything finally seemed to be running smoothly. Unfortunately this didn't last long, since I managed to pick up a few nasties before getting around to adding anti-malware programs (Spybot & Ad Aware) or an Anti Virus (Avast, alas, now I cannot download!). After series of dreadful hijacks of the IE browser (obvious since I almost exclusively use Firefox), several malicious anti-spyware and malware programs were being foisted upon me in pop-up after pop-up (to it's credit windows firewall managed to catch at least one troublemaker trying to wrack evil upon my computer). Good times!

I downloaded both Spybot and Adaware and ran a series of scans after updating definitions (under safe and normal modes) with all internet connections disabled. Virtuemonde and pws.IdpinchIE both seemed to be resisting fix attempts (I also ran a scan of files recently modified and found a small bundle of .exe files in the C: directory with names like prylxoqb, cslokf, etc. and in every instance, a google search returned a link to an AV software page called Prevex, which leads me to wonder about their scruples...)

OK, sorry about all the background here, long story short, I followed the bleeping computer guide on removal using Malwarebytes (which yielded a number of other undetected prob... Read more

A:Virtuemonde/Vundo & ldpinchIE Infection, Possibly Another Worm, No Internet Connection

Aha! I just realized that the proxy settings were fiddled with, hence I could not connect through the browser, but after setting to no proxy, I can now!

I'm downloading Avast! at this very moment. Still though... I'm a bit concerned there may be something lurking insidiously within my computer...

Read other 3 answers
RELEVANCY SCORE 49.2

Hello,
I was looking for some assistance with my home PC. My computer started acting buggy last week. First it started when Internet Explorer would not open. I also notice that my VPN connection that I use for work had been somehow disabled or corrupted. I tried running Windows Defender and my anti-virus McAfee AT&T Internet suite to diagnose if there was some type of virus on my desktop, but both programs freeze in mid scan. Lastly, I tried a system restore to a point 2 weeks back with a slight hope it might help, but no luck.

I also noticed that my wireless connection only shows packets being received, but nothing being sent. I only noticed this because I tried to update the virus definition file for McAfee, and nothing was happening. I disabled the wireless connection on the desktop, and thus I can't download anything directly to the desktop, I have to use a memory stick to transfer any data from the desktop.

Also, I tried running programs like iTunes or Windows Media Player, and both progams never run. I tried doing an add/remove program, to remove iTunes, and add/remove programs does not work.

My desktop is a Dell Dimensino E521, running Windows XP Home Edition. Pasted below is the most recent DDS log, and attached are the DDS-Attach & GMER zip as requested. Any help is greatly appreciated...my wedding is in 1 week and I'm needing badly to jump on the PC and burn some music. :(

Thanks!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Armando Me... Read more

Read other answers
RELEVANCY SCORE 48.4

I'm helping a friend with a computer... here is my MB scan. I have removed the ones in this scan. Any help?Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4720Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187029/30/2010 12:26:26 AMmbam-log-2010-09-30 (00-26-26).txtScan type: Full scan (C:|D:|E:|F:|G:|H:|I:|J:|L:|)Objects scanned: 330077Time elapsed: 59 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 17Registry Values Infected: 2Registry Data Items Infected: 6Folders Infected: 1Files Infected: 18Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOTCLSID{15c138b7-c828-88dc-9c89-aac4585eaad1} (Trojan.Hiloti) -> No action taken.HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{15c138b7-c828-88dc-9c89-aac4585eaad1} (Trojan.Hiloti) -> No action taken.HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{15c138b7-c828-88dc-9c89-aac4585eaad1} (Trojan.Hiloti) -> No action taken.HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5... Read more

A:Large Infection

Hi ,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------It looks like the TDSS infection has borked your machine.We have to use a recovery system to try and boot the Pc so we can attempt to fix the problem.Installing Java and Kaspersky online scan with Ubuntuhttp://noahdfear.net/downloads/kavscan.shhttp://noahdfear.net/downloads/ujava.shTry this please. You will need a USB drive.Download UNetbootin to the desktop of your working computer.Download xpud-0.9.2.iso from noahdfear.net and save it to the desktop as well.Once the download(s) have completed, double click the unetbootin-xpud-windows-387.exe file to run the installer.Select the DiskImage option then click the browse button located on the right side of the textbox field.Browse to and select the xpud-0.9.2.iso fileVerify the correct drive letter is select... Read more

Read other 50 answers
RELEVANCY SCORE 48

You'd think that between Spybot S&D, AVG Anti-Virus, SpywareBlaster, AdAwareSEPersonal, Microsoft Anti-Spyware, CWShredder, and Avast! Antivirus, these things would have been able to remove and prevent this spyware from hijacking my computer. I've been trying to remove the following files for weeks without success. (All of the following spyware files are preceded by CoolWWWSearch): Feat2Installer, IELinks, SearchKlick, and HomeSearch. I know they're there because Spybot S&D keeps finding and removing them, but they keep coming back up on startup of the computer. My internet connection has slowed to nearly nill, I keep getting popups under the ruse "looking for (Whatever I typed in recently)?", there's a list of sites installed in my favorites (mostly sex and porn sites) which I definitely didn't bookmark, and my homepage has been hijacked by at least 2 different browser hijackers (one of which is about:blank, the other is xmpbq.dll). I'm posting my hijack this log here in the hopes that I will get an answer faster than I did on the other forums... while I was waiting there, the infection got worse and spread. Here's my logfile:Logfile of HijackThis v1.99.1Scan saved at 8:12:46 PM, on 1/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Coolwwwsearch... Large Infection! Need Help.

Hello,It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!? Download AboutBuster. Unzip AboutBuster.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlYou may not run it aboutbuster yet, that's for later.* Download and install CCleanerDo not use it yet.* Download this regfix: HSfixUnzip it and place it on your desktop, don't use it yet!* Please download Ewido anti-malware ; it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menuLaunch ewido by double-clicking on the icon on your desktop.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't ... Read more

Read other 8 answers
RELEVANCY SCORE 47.6

Hello everyone,
I have AVG antivirus, yesterday it detected a huge infection by expiro. The scan found about 2,000 files infected, asked me to reboot but avg alert windows are still popping up because of the expiro infection.
My SO is Windows 7 Home Premium, I have 2 internal HDD and 1 external. Checking the files in the scan report it seems that the infection is quite everywhere.
Can you please help me?
Thanks a lot.

A:Large infection by expiro virus

I'm afraid I have very bad news. Your system is infected with a nasty variant of Virut, a dangerous polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus names Threat aliases for Win32.Win32.Virut Threat aliases for Win32.Virtob.Gen.12 With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected... Read more

Read other 4 answers
RELEVANCY SCORE 46

Hi there,

About two days ago I noticed my internet speed was becoming intermittent and much slower. I originally thought this was an ISP problem as I've had issues there previously, but everything is stable their end and my phone does not experience the same issues.

I looked at the data packets sent and received and in the past 45 mins my laptop has uploaded over 350MB of data whilst receiving only 60MB. I have not tried to upload anything at all (and never do).

The uploading is choking my internet speed to the extent that downloading things has become an issue.

I have run virus scans using AVG (Free) and McAffee (Subscription that came with my laptop). I also have ZoneAlarm (Free) installed on my laptop.

Below are the results of the SysInfo:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 16282 Mb
Graphics Card: Intel(R) HD Graphics Family, -2016 Mb
Hard Drives: C: Total - 933257 MB, Free - 763440 MB;
Motherboard: Dell Inc., 0F35HR
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
The Laptop is a Dell Inspiron 15-7537
 

Read other answers
RELEVANCY SCORE 45.6

Hi all
I haven't seen something like this since mainframe days but what I would like is to be able to connect a SINGLE very large monitor to 4 different computers (at the same time) where the screen is divided into 4 (25% for each computer).

Is there "any such animal" or do I have to go down the multiple monitor route.

These type of terminals were actually quite common many years ago as IBM mainframe Operators consoles for running multiple machines -- of course in those days the terminals were text based and either monochopme or 4 coloured 3279 type devices.

Cheers
jimbo

A:Very Large monitor for connection to 4 computers

Don't have any idea if they have such a thing; however, you might try contacting Matrox: they have specialized in controllers for the financial sector -- where strange configurations are the norm -- and just might have such a beast. (I realize that most of their variants are multi-monitor, but they might have something or might be able to provide direction - it's worth asking.)

Read other 1 answers
RELEVANCY SCORE 45.6

I noticed that when I try to copy over a 4.02GB file from my desktop to my laptop it goes for about 10-15 minutes and then stalls before telling me that the file destination/source no longer exists and cancels the transfer. But if I leave it alone they'll see each other in a few minutes time. This does not effect internet connection or connection with any other network devices, just these two homegroup computers.

I'm running Windows 7 Ultimate 64-bit on the desktop and Professional 64-bit on the Laptop. Also using a Linksys 160N v3 with DD-WRT firmware.


As a secondary question, do Windows 7 computers running different versions (32-bit vs 64-bit) not see each other in a homegroup? My girlfriend's laptop has never been able to connect to the homegroup and she has a 32-bit Windows 7, though I CAN connect to her through the regular network browsing.

A:Connection drops with large transfers

  
Quote: Originally Posted by TheColdOne


I noticed that when I try to copy over a 4.02GB file from my desktop to my laptop it goes for about 10-15 minutes and then stalls before telling me that the file destination/source no longer exists and cancels the transfer. But if I leave it alone they'll see each other in a few minutes time. This does not effect internet connection or connection with any other network devices, just these two homegroup computers.

I'm running Windows 7 Ultimate 64-bit on the desktop and Professional 64-bit on the Laptop. Also using a Linksys 160N v3 with DD-WRT firmware.
As a secondary question, do Windows 7 computers running different versions (32-bit vs 64-bit) not see each other in a homegroup? My girlfriend's laptop has never been able to connect to the homegroup and she has a 32-bit Windows 7, though I CAN connect to her through the regular network browsing.


Both problems can directly be traced to homegroup. You can test this by setting up a new network connection using workgroup. If it works (and it should) you can disable Ipv6 and kill homegroup

Let us know if you need help with this

Ken

Read other 4 answers
RELEVANCY SCORE 45.2

What connection have I missed? It wont turn on and it did before I moved it over.
I moved everything from a small case to a larger one because the CPU fan was directly behind the PSU so it overheated and made scorch marks on the side of the PSU box too but when I put it back together in the new case it doesn't turn on.

I think its to do with the wires I am holding in the 1st pic and I reckon they go into the connector I am holding it infront of but I have already tried every combination I think of and they SHOULD have been straight forwards because they have labels on.


If you need any more info or pics to help you guys help me solve it, just ask.
 

A:Solved: Mobo connection. (large images)

Sorry guys, I solved it myself. The labels on image1 are incorrect, when I shorted the pins that said "speaker" the computer got past post and turned on.

Thanks whoever looked anyways.
 

Read other 2 answers
RELEVANCY SCORE 45.2

- Win7 Ultimate
- Dlink DIR 655 router
- Windows Firewall only thing running
- device drivers look good

About 800GB transfer, it would occasionally drop connection, but looks like most (maybe all?) files were moved. Had to restart transfer a couple times. Left overnight.
Today can't connect at all. Did ipconfig/renew, rebooted, reset other box. Poked around

Other boxes can see my Win7 box, but Win7 can't see other boxes on LAN

ipconfig: (removed dns suffix)





Quote:
Windows IP Configuration

Host Name . . . . . . . . . . . . : WillPC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxxxx

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xxxxxxxx
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : BC-5F-F4-E8-9B-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d98b:574c:73b5:ba5e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : July-30-15 12:52:13 PM
Lease Expires . . . . . . . . . . : July-31-15 12:52:13 PM
Default Gateway . . . . . . . . . : 192.168.0.1
... Read more

A:LAN dropping connection large xfer, then can't see other boxes

Alright. Now an hour later it is showing the other boxes, but can't access, I get this

Read other 2 answers
RELEVANCY SCORE 44.8

I got the totour.exe and I don’t know how to get rid of it. Below is my HJT info can someone please help me to get rid of this stupid this. I have AVG and it keep telling me every so often I have the totour.exe

Thank You

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iT... Read more

A:totour.exe - HJT info - Please Help!

Hi, grantx01.

Welcome to TSG.

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Please post the entire log, including its heading, as to make sure of the software version..
 

Read other 1 answers
RELEVANCY SCORE 44.8

Hello, I am also having problems with this totour.exe virus. I use AVG free virus protection, and Spybot. I have a laptop and a PC, the PC was originally infected with totour, and the internet stopped working, only firefox, internet explorer, and itunes could not connect to the internet. Steam, xfire, and other internet-using programs worked fine. When I was online on my PC, my laptop could also not use internet explorer, but when my PC is disconnected from the internet, the internet works fine (I am working like this at the moment). I tried Killbox, and did as you said, the "PendingFileRenameOperations Registry Data has been Removed by External Process!" but I restarted manually. Again, my AVG notifies my of the virus on startup, goes to the virus bank, and I delete it. My internet works for about 3-4 minutes, then it stops. Any suggestions?
Thanks.
 

A:Solved: totour.exe

Read other 10 answers
RELEVANCY SCORE 44.8

hi, i think i may still be having problems with this virus/trojan. im running NOD32 2.7. Firstly NOD32 brought to my attention a trogon 'msnetax.dll' i deleted this which caused my internet to stop working, this was then fixed using LSPfix and is now appears to be working fine. However, everytime i use the internet after a couple of minutes, NOD32 comes up with the error,

file C:\WINDOWS\System32\totour.exe Win32/Agent.AFG trojan created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine.

NOD moves this to quarantine and the internet seems to work fine. However, after reading a number of threads on the totour trojan saying it is hard to get rid of I was wondering whether anyone here could help me at all. I have tried to delete the file however when I reboot it is not at the location NOD32 finds it.

My HiJackThis Log is below,

Logfile of HijackThis v1.99.1
Scan saved at 17:48:47, on 03/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files... Read more

A:Solved: Totour.exe

Read other 15 answers
RELEVANCY SCORE 44.8

Hi. I'm new here, and was hoping you could help. Lately I have been having a persistent problem with totour.exe
Pc-cillan detects and quarantines it...where I can delete it. But as soon as I reboot, it's back again. Most times...I have no net connection until totour.exe in quarentined. Very annoying. Thanks in advance for any help that can be offered.
PS. Keep in mind. I'm a novice when it comes to computers. So take it easy with the big words. lol

This is a screen shot of the pop up I get when being alerted by Pc-cillan.

Also. I've attached an image of the scan report I get after running Spybot.
Not sure if this is related.

I've noticed that most support people ask for a hijackthis log. So I've taken the liberty
of posting one in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:32:58 AM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\A... Read more

A:Solved: help with totour.exe

Read other 7 answers
RELEVANCY SCORE 44.8

hi everybody
my nod32 keep telling me that i have totour.exe is infected andr try to open explorer.exe and show that i got win32/agent.afg trojen

i flowed the link in goolge (http://forums.techguy.org/security/558440-solved-totour-exe.html)
at this site but totour notification keep coming back
i run "superantispyware" and it removes it (log is flowed)
what should i do???

thank for any help ...
Yaniv

here is some logging that i think i need

Logfile of HijackThis v1.99.1
Scan saved at 22:54:31, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UPSMON\UPSMON.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Log... Read more

A:plz help : how 2 remove totour.exe

Hi and welcome to TSG,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

Read other 1 answers
RELEVANCY SCORE 44.8

Need help removing totour.exe
Have looked through other threads and tried KillBox as per instructions given to others. No dice. Really annoying. Any help would be greatly appreciated. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 10:41:57 AM, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.... Read more

Read other answers
RELEVANCY SCORE 44.8

I am working on a PC that got hit by an infected web site. Probably via a Quick Time file accourding to the user.

Trendmicro cleaned out most of the junk but I am stuck with after 1 -5 minutes post boot it complains that c:\windows\system32\totour.exe is a problem. It claims that the virus has been fiexed but the file can not be and will be quaranted.

I have tried the steps I found here to use killbox and get the c:\cd1041.nls file. However after the next boot they come back. Also, when I try to go for the totour.exe file in kill box it always reports that the file already doesn't exist.

Thanks for any help on finally get rid of this nasty.

Roger Vicker, CCP

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:32:08 AM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\Photoshop... Read more

Read other answers