Over 1 million tech questions and answers.

Downloaded DaemonTools Lite and got nasty malware (Dragon Branch Ads)

Q: Downloaded DaemonTools Lite and got nasty malware (Dragon Branch Ads)

So I downloaded DaemonTools Lite for free and went for the express install (I realise now that this was a massive mistake). My computer now can't search on google without a bunch of ads (Dragon Branch), and I can't click anywhere on any webpage without being redirected to a site asking me to install malware removal software.
It's taken me several attempts just to make this post, and I need this computer to get coursework done for university, I have deadlines coming up next Friday and everything takes twice as long as it should to do. Does anybody know what I should do? I don't even know what information to provide here.

RELEVANCY SCORE 200
Preferred Solution: Downloaded DaemonTools Lite and got nasty malware (Dragon Branch Ads)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Downloaded DaemonTools Lite and got nasty malware (Dragon Branch Ads)

Hello, and welcome This should not take long - stay with me, and we'll get it done.MiniToolbox by FarbarPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesList Restore PointsClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.===Security Check by screen317Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.Regards,Alex

Read other 1 answers
RELEVANCY SCORE 78.8

Hi guys

I have dragon branch installed on my computer. i dont know how it got installed in the first place. i uninstalled it but now it keeps on popping up. Does anyone know what to do about it. ??

Thanks

A:How to remove dragon branch

Suggest you download and run Malwarebytes Free, not the trial version
Malwarebytes | Antivirus, Anti-Spyware, & Anti-Malware Software

Also see this for further assistance:
Remove Dragon Branch Ads (Adware Removal Help) | Tips to Remove Malware

Read other 2 answers
RELEVANCY SCORE 78

I have run AVG, Kaspersky, Bitdefender, Adaware, Malwarebytes, Hitman Pro, Ccleaner and Cloud System Booster. A few of these found files in C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage called https_dragonbranch-a.akamaihd.net_0.localstorage-journal and https_dragonbranch-a.akamaihd.net_0.localstorage. Both files have been deleted but they just came back. It came with a 'free' facebook video downloader a few days ago.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Derrick (administrator) on DERRICK-HP on 28-05-2015 13:13:53
Running from C:\Users\Derrick\Downloads
Loaded Profiles: Derrick (Available Profiles: Derrick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\E... Read more

A:Unable to Remove Dragon Branch Ads

I should also mention that it's not in my add/remove programs list or chrome extensions. Tried all the 'guides' I could find, none worked. They all seem to recommend Spyhunter 4, which is suspicious to me.

Read other 10 answers
RELEVANCY SCORE 77.2

Hi,
The backstory is... I clicked on a close pop-up X on B&H Photo's website and Chrome was quickly covered in ads. I had Kaspersky Internet Security 2015 on my pc but it didn't detect anything before then. I tried system restore to the day before but it didn't solve the issue. After upgrading to KIS 2016 it found Dragon Branch and treated it. After a reboot it was back.

So I went into safe mode, disconnected from the internet and uninstalled it (it looked like it was installed with another program back in April), reset my browsers to their defaults, deleted temp internet files and emptied the recycling bin. I thought it was gone for a while, but then I noticed that files were missing from at least one of my internal hard drives. The files would be gone in a folder, but sub-folders remained (but were empty). For other files, I could see them but they won't open. While others were unaffected.

I saw on one of the forum pages to rebuild the search index. I started that but after 12 hrs, it was still less than 1/3 the way through (I have a lot of photo files). So I paused that and ran Malwarebytes - it found DragonBranch.A, OpenCandy and AceWebExtension.A. It treated them and after a reboot, rerunning Malwarebytes didn't find anything.

I then ran sfc /scannow - it found corrupt files but couldn't repair them all. So I ran it two more times (the post suggested that it may take 3 or more runs). At this point, I went to see if the files were back, but the hard drive ... Read more

A:1st files gone, now the drive - cleared Dragon Branch & ran sfc

Hi all,
Looks like they were two separate events happening at the same time. I starting going down that line of thought thinking the hard drive simply failed. But on some reboots I get an error message that no keyboard is found, even with a usb keyboard. I read in a different post that that is a sign that the motherboard is failing. When I plug the usb keyboard into a usb slot on a pci card, there is no error.
I had tried reboots before and it made no difference with the current issue. Then, when I thought I was taking out the defective drive just now, I took out the boot drive instead. A reboot quickly pointed that out. When I put it back in, the missing drive was back!
So, I'm now thinking its a motherboard issue. I'm copying the files across to another drive, as I type, in case it is the drive and I got a lucky window of access. Its probably time to build a new PC.
Thanks

Read other 1 answers
RELEVANCY SCORE 67.2

I was making a comp for my friend and it's just not livng up to the speed it should be. It's a 3000+ (AXP) yet on POST it shows 2175MHz or something, which I assume is the normal clock rate for the 3000+. Though, in the BIOS, I couldn't find a way for it to show the rating, so at least they know that they payed for what they get (they probably don't know that 2175MHz or whatever is a 3000+).

His mobo is SOYO KT400 Dragon Lite, he's got 1GB DDR PC2700, GF4 ti4200, 80gb ata133 maxtor, 450W PSU (ISO), and proper cooling with thermal grease. The cooling is the Vantec AeroFlow. The power doesn't have the problem, I know that, but I listed it just in case.

I got it working and I remember when installing, Windows said something about messing up the installation twice (one the first install) and said it would abort, it continued. Windows booted up etc.

The performance is just not what it should be. It's a little hoppy here and there, the bootup and shutdown are incredibly long. He has a 1.8GHz comp thats loaded on the HD space and starts faster, it even uses PC2100 512 (on XP), so definately, he knows something is wrong)!

Is there anything I can do in the BIOS to solve an issue like this? Btw, what exactly is the correct multiplier for the 3000+ 333FSB? Any other suggestions for BIOS and performance? I'm not trusting auto here... also, the mobo book doesn't come with ANY BIOS instructions, except to flash it--thats it!


Tha... Read more

A:SOYO KT400 Dragon Lite + CPU

There's nothing wrong with the clock speed of 2.167 GHz although the Athlon XP 2800+ runs at a clock speed of 2.25 GHz which is odd. There's no harm putting auto on, it does less harm than manually tweaking it. Have you tried to do a clean installation of the OS which includes a full format of the HDD?
 

Read other 3 answers
RELEVANCY SCORE 66.4

Hey Guys...

I recently bought a Soyo Dragon Lite MB and a MSI Fx5600 VTDR 8x AGP, and to my surprise they seem to have a compatibility problem. When I install the 4in1 drivers for the 8x AGP support, I get flicker and distorted images (disapearing walls, color glitches, etc.), and when I dont install the drivers everything seems to work fine, except for the fact that the board runs in PCI mode. I have read the about people that have the same problem I have in this Forum, but I couldnīt find any answers to the problem. Can anybody help me PLEASE!

J.R.
 

A:Fx5600 & Soyo Dragon Lite P4X400

Read other 16 answers
RELEVANCY SCORE 65.6

I need a good graphics card for my system . The specs of it are
MBo - Soyo P4X400 Dragon Lite
RAM - 2x 512MB
HDD - 1x120GB, 1x80GB
Drives - 1 DVDRW, 1 CDRW
Power supply - 400W Max

I tried Radeon 9800 with no sucess and end up doing a RMA on it. Does anybody know which card work fine a Soyo P4X400 Dragon Lite with the above specs.
Is P4x400 Dragon lite compatible with Geforce FX 5700?
please let me know.

Thanx.
 

A:Is P4x400 Dragon lite compatible with Geforce FX 5700

Did you ever find out WHY the Radeon card did not work??????

You board has an 8X AGP slot with adjustable voltage...was the voltage set appropriate for the card? It's not obvious to me why any card on the market would not work for you.
 

Read other 2 answers
RELEVANCY SCORE 57.2

I opened an email I thought was from USPS and downloaded a virus! Ever since then whenever I try to open anything the only thing that opens is windows media player. I did some investigation and think that how I open .exe files was corrupted or my .exe files were deleted. I downloaded and installed SpeedMaxPC and a lot of things were restored. But then when I restarted my computer I was back to the original problem. I've tried to download and reinstall SpeedMax but I can't. It will download but not install. Now I'm lost. I don't know too much about computers but I can usually find and follow directions to solve my problems but not this time. Should I save any info I have left and reset to original settings? Please someone help. I posted this on a different board and was politely directed to a forum that included instructions on how to run some tests and provide the info to anyone who can help. I hope I have done it correctly. The reports are below.
Thanks for any help!

Thank you!

Carol

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2011 8:55:44 PM
System Uptime: 7/14/2012 5:10:20 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 1693
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 393.162 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.63 GiB free.
E: is CDROM (CDFS)
F:... Read more

A:Downloaded a nasty virus

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

As far as SpeedMaxPC, please read this > SpeedMaxPc Reviews - Legit or Scam?

------------------------------------------------------

It appears you didn't post the entire dds.txt or attach.txt logs. Both are incomplete.

Please make sure you copy/paste the entire logs in your next reply.

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\dds.txt

A text file should open. Save it to your desktop then post that file in your next reply.

Repeat for the following:

%temp%\attach.txt

A text file should open. Save it to your desktop then post that file in your next reply.

------------------------------------------------------

Also...

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
C... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Good evening!
 
I'm trying to rid my computer of some nasty malware my children apparently downloaded. It only affects the browser, and ads pop up EVERYWHERE (initiates new pages too). I've spent hours following malware removal instructions online to no avail. I'm running WIN 7, 64-bit, Firefox, and I've tried eight or nine malware removal programs. RogueKiller initially identified four pum.dns entries. I manually deleted them, but nothing has changed. I have several logs available, if needed. Any help would be greatly appreciated! Thanks!

A:My kids downloaded something NASTY ... "Ads by name"

I did a clean install of firefox, as suggested, and it worked like a charm.
 
http://www.bleepingcomputer.com/forums/t/571984/ads-by-name/

Read other 3 answers
RELEVANCY SCORE 57.2

I opened an email I thought was from USPS and downloaded a virus! Ever since then whenever I try to open anything the only thing that opens is windows media player. I did some investigation and think that how I open .exe files was corrupted or my .exe files were deleted. I downloaded and installed SpeedMaxPC and a lot of things were restored. But then when I restarted my computer I was back to the original problem. I've tried to download and reinstall SpeedMax but I can't. It will download but not install. Now I'm lost. I don't know too much about computers but I can usually find and follow directions to solve mt problems but not this time. Should I save any info I have left and reset to original settings? Please someone help.

Thank you!

Carol

A:Downloaded a nasty virus

Hi, we have a specialist security forum follow this link, and you should not use registry cleaners they have a tendency to make the situation worse.

http://www.techsupportforum.com/foru...lp-305963.html

Read other 2 answers
RELEVANCY SCORE 56.4

this is my fault because i downloaded a binary file i thought was a wmp codec that has caused many problems. Firstly it would not let me open malwarebytes or spyware snd or any programs you may expect to remove it, so i had to locate each program in program files and create a copy of the .exe then change the name so i could open it.

i have scanned and removed what was found. I keep getting redirected every time i use google or i click a link, then i get popups too. This will not go away even after avg virus scans etc etc. The popups seem to be directed to harrenmedia along with various other adverts and urls. It hijacks any advert i see with one called vimax.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 15:12:36.24 on 17/07/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1534.678 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
... Read more

A:Nasty Nasty Malware that wont give up

sorry just saw the edit to my first post, can i just ask if it is safe for me to use my credit card right now or not?

Read other 5 answers
RELEVANCY SCORE 54.8

Popup ad audio is heard even when browers are closed. One look on the task mangager shows several instances of Google Crome (which I never use and appear to be the source of the popup ad audio) being used and taking up a majority of the CPU. When I open a new window an extra one pops up with an ad.
 
DDS LOG FILE
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000  BrowserJavaVersion: 10.21.2
Run by trace at 12:34:03 on 2013-10-20
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.1918.364 [GMT -4:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Progra... Read more

A:Family member downloaded nasty bug on livestreaming site. (more inside)

Please do this next:  You have more than one antivirus (AV) program running.  Your logs show both avast! and Avira running.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.  Please remove one of the AV applications via Control Panel > Programs > Uninstall a program.  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
Post that log, please.
Please include the following in your next post:
TDSSKiller log
 

Read other 21 answers
RELEVANCY SCORE 52

? OS - Vista/ Windows 7 ? WINDOW 7 ? x86 (32-bit) or x64 X64 ? What was original installed OS on system? WINDOW 7 ? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? I think full retail? Age of system ( hardware) Bought it almost 1 year ago ? Age of OS installation - have you re-installed the OS? Same age as when the computer was built, never re installed the OS ? CPU I7 950 ? Video Card GTX 460 Sonic palit platinum 1GB SLI ? MotherBoard Gigabyte X58A-UD3R ? Power Supply - brand & wattage 750 Watt Thermaltake TR2RX ? System Manufacturer IBUYPOWER ? Exact model number (if laptop, check label on bottom)
Hello, this is my first time ever posting about computer stuff on the internet so forgive me if i failed to upload or show the information incorrectly :)
SO, the problem i am having is that when i try to run the game, the computer crashes. For Battlefield 3, when i am joining a server, the tab shows i am joining the server,
then initiating, then when logging on appears, my computer crash. When i run Bad Company 2, when i try to log into my account for multiplayer, my computer crashes, and the
same thing for dragon age origins, dragon age 2 and mass effect 2. I just hope i attached the files correctly =(

A:BSOD on most EA titles only, such as BF3, BFBC 2, Dragon age origins, Dragon age 2,et

i have asked someone to check the dumps

Read other 7 answers
RELEVANCY SCORE 52

I had several pieces of malware on my computer including malwarrior. I used sdfix, combofix and smitfraudfix alsong with Norton antivirus to get rid of them--but now Dragon freezes after a minute of two of normal operation, and my computer doesn't recognize removable drives. Any suggestions?
 

A:dragon naturallyspeaking freezes after malware removal

Read other 12 answers
RELEVANCY SCORE 50.8

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

A:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

Read other 6 answers
RELEVANCY SCORE 50

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

A:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

Read other 1 answers
RELEVANCY SCORE 49.6

I bought this new computer--Inspiron One--and I've been trying to follow the guides on the computer to get it running up to par, using the online backup, all the Windows updates, I did remove the McAffee security suite they had installed and instead downloaded and installed AVG 10.0.1170free edition. Well, yesterday I noticed a couple weird things--a couple programs I never added are on this, Clickpotato lite and Smart Shopper? I can't seem to uninstall or delete them. Also, I have a ton of ads on my computer, like a screen-saver, and a program called Blinkx? Is that normal? I don't want a bunch of retarded ads on my computer I did not ask for. I am paying an awful lot of money to have a good computer--I don't want ads on it, you know what I mean. Oh, and now my AVG says there is 3 entries called liveperson which are potentially dangerous, but it cannot do anything about it. And, my spybot found 36 entries in red (baaaaaaad!) but could not fix but 2, cause they weren't accessible?

I am using Windows 7 64 bit preinstalled on this All in One computer. I am so frustrated, I almost wish I'd never bought it. So far I have only been on facebook but my son was doing some kind of gaming he said was "streamed".
According to AVG: on the 9th (I got this computer delivered on the 8th): 19 spyware.. on the 12th (today), 4 separate scans showed 88/88 warnings in one, 6/3 in another, 6/6 in another, and 15/15 in another. The day is on... Read more

A:ClickPotato lite and a ton of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedBest Regards,oneof4.

Read other 18 answers
RELEVANCY SCORE 47.6

I have no idea what happend with my computer. I even stop using P2P programs a long time ago. I am posting this Hijack Log from another computer. I can barely touch the computer that it's infected. I was lucky to save the hijack log before it started to freak out on me..

Let me start with the symptons.s

1.It started to mess with my internet. My internet woudn't work in my house when it was connected to the infected computer. The Link light I have in my wireless antenna which connects to my computer keeps blinking non stop when it's connected. Like if it was downloading information non stop.

2.I started to get Blue Screens. I have to restart the computer every time I get the blue screen of death.

3.I just a message that gives me a countown of 60 seconds warning me that the computer will be shut down by itself.

This is my Log..

Logfile of HijackThis v1.99.1
Scan saved at 10:51:59 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=des... Read more

A:Nasty Nasty Nasty Viruses. (Hijack Inside)

Bump!

Read other 16 answers
RELEVANCY SCORE 47.2

Hi there, hope you can help me
My friend gave me a program on a disc the other day and I went to install it but it has seriously messed up my pc. it wont allow me to get onto firefox or internet explorer without crashing, or let me run any antispyware programs. i've run avg anti virus and it cant find anything.

i also think that its messed with google as everytime i click on a search result adverts come up and i have to press the back button to get to my search result.

I have tried system restoring earlier a few times but each time fails (something about the disc errors i think, can't remember now!!)

Anyway thanks for your help in advance

Here's my DDS.txt file and the rest is attached:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Woody at 20:18:29.43 on 20/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2814.1594 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost... Read more

A:Nasty malware

72 hour bump :)

Read other 7 answers
RELEVANCY SCORE 47.2

I have a winxp laptop that had a nasty malware that first hide all files, then even disabled task manager and my cdrom.
I have gotten back mostof the errors, but i still cannot access task manager, and keyboard shortcuts don't work either.

A:Nasty XP Malware

Have you got any System Restore points that will go back before the infection?XP System Restore GuideIf that does not help, have you got an XP disc, if so what service pack does it include. What sevice pack is installed on the PC.You could also try this as the infection may have simply disabled Task Manager.Task Manager disabled

Read other 17 answers
RELEVANCY SCORE 47.2

Has changed my background on my computer. Will not allow hijackthis to run or registry machanic or Malwarebytes. I am using Eset antivirus and It will not even acknowledge there is a problem. I have tried using Windows defender and the malware is detected but it cannot remove it completely. I think it is called Fakeinit. Any info would be great. thanks
 

A:Nasty little malware I cant get rid of please help

Ok I found a link for hijackthis on my HD that was renamed and was able to open it. Came up with this


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\Jim.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft A... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Hi, I am a newbie and would like to say hello to everyone and ask for a bit of help please. Through my own stupidity I have infected our windows XP pc with some nasty malware. A couple of years ago I purchased some software, but after having to re-format the hard drive last year, I lost the reg key, so when I downloaded the software again, I couldn't register it. As I had already paid for it once, I stupidly tried to obtain a reg key through another site, which has infected our PC. I cannot run Malwarebytes, Hijack This, Adaware or Spybot. I have tried running these in safe-mode but it says access denied. I have downloaded latest version of Malwarebytes straight ont a usb connected pen drive, and tried to run it off there, which started up and then stopped after starting a scan. The malware is redirecting Google search results onto various shopping sites etc, and slowing start-up.
We use I.E. as our browser, use AVG free, and Zone Alarm firewall. Any help would be greatly appreciated.

A:Need help to get rid of nasty malware, please!

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrDouble-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

Read other 12 answers
RELEVANCY SCORE 47.2

I'm getting a popup window and a balloon window, both impersonating windows security center messages.

The popup window says: WARNING: Windows firewall detected suspicious network activity on your computer. Malicious software codes try to steal your provacy information, such as credit card numbers, electronic mail accounts, financial data or passords. Do you want to download certificated software and protect your computer? [Yes] [No].

The balloon window comes up, along with a yellow security shield in the system tray, and tells me "YYour computer might be at risk. Your virus protection status is bad. Spyware Activity Detected. CLick this balloon to fix this problem."

None of the malware programs I've tried have rid my PC of this crap. I've tried AdAware, Spybot, Spyware Doctor, and Hijack This. Nothing seems to work. I'm attaching my current HiJack This log to this message. Hopefully someone can assist me in ridding my pc of this.

HJT Log follows:

Logfile of HijackThis v1.99.0
Scan saved at 9:41:09 PM, on 2/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\... Read more

A:Nasty Malware...I Can't Get Rid of It

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Right click on this link http://www.grey... Read more

Read other 13 answers
RELEVANCY SCORE 47.2

hi i hope you guys can help me. I have a very nasty problem, as do others who have sent letters to you. I have the same annoying red circle with white cross popping up and telling me that i have a malware infection. the following is the hijackthis log. please help me my hubby cant play total war and is getting withdrawral. thxx kazmac Logfile of HijackThis v1.99.1
Scan saved at 18:33:15, on 07.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.ht... Read more

A:nasty malware pop

Read other 12 answers
RELEVANCY SCORE 47.2

Hi
Hope someone can help me with this malware or spyware which i seemed to have picked up on my laptop.
I am running windows 7 64bit and something weird is happening sometimes i am unable to launch 32bit applications including my AVG and Malwarebytes programs and sometimes they work, i have been prompted a few times and virusscanner has cleaned but i'm not convinced everything has gone and need some advanced techniques for removal.

Hope someone can help me

A:Really Nasty Malware

Welcome to TSF :)

Download Combofix from this webpage: A guide and tutorial on using ComboFix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 10 answers
RELEVANCY SCORE 47.2

I believe I have a big problem with AntiSpy Protector 2009 + Rootkit.I have run numerous spyware, and antivirus programs with no luck. I cannot access the internet and am working from a second computer, downloading what I need and transferring.Root Repeal did not work. It never got past the 'Initializing please wait.....' window. (there is an update on RootRepeal at end of post). Then the computer rebooted. I tried three times with the same result.With Moderator garmanma's help I have been able to run Win32Kdiag. This is the only log I can produce at the moment.Log file is located at: C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB911280\KB911280Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB914388\KB914388Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB914389\KB914389Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916595\KB916595Mount point destination : \Device\__max++>\^Found m... Read more

A:Nasty malware, can't even run HJT.

I have reformatted my C Drive and have started fresh. I believe from reading other topics that ultimately this is the way to go if personal and sensitive information is on the computer. As a precaution I have posted the Hijackthis logfile from the reformatted computer. If there is anything amiss, or if a moderator thinks I should take further precautions, please let me know. Otherwise I think this matter is closed.

C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Xenophilius\Desktop\Programs\AV Spyware & Utility\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6... Read more

Read other 5 answers
RELEVANCY SCORE 47.2

Yesterday I got infected with fake Security Center / Anti-virus type malware that has disabled my task manager, won't let me run almost any executable file (I have even tried renaming ComboFix and Malwarebytes and that doesn't work), and gives me a blue screen of death when I try to run in safe mode. I have identified through a search one of the components of this infection: wscsvc32.exe. I renamed and deleted that file, but I am still very much infected. Again, I cannot run any anti-malware program - I get a message that says, "Application cannot be executed. The file ______.exe is infected. Do you want to activate your antivirus software now?" The "title" to this box says "Security Warning." Some of the random pop-ups I get are one for "Antivirus System Pro alert" and another that says "Spyware Alert !" where it asks if I want to activate antivirus system pro or stay unprotected. PLEASE HELP - THANKS!

In addition, I have tried to run several executables under the "run" tab to restore my task manager, and it will NOT let me run anything, from REGEDIT to taskmgr.exe, etc, etc.

One more thing that may be important in describing this: In my task bar, I have a red circle with a white x that keeps bringing up a bubble that says, "Click here to protect your computer from spyware!" with some other information below it. Also, there is a shield-looking object that is grey and silver... Read more

A:Very nasty malware - have tried everything

Hi,

I am only a user, not a specialist.

I am not trying to repair, because I don't know to

Just have a look in the posts, where your message is posted. 5 or 6 posts under yours, I have had a similar problem. read the posts that could help.

Regards

FMM

Read other 6 answers
RELEVANCY SCORE 47.2

Dear Helpers,

Tried Norton, McAfee, Spy Bot, and Malwarebytes - removed a lot of spywares, but still cannot identify this nasty malware.

All the ''check for updates'' function of the above programmes are still disabled.

Internet connection to microsoft.com and all the above antivirus programmes' homepages are being blocked - it's always the same message ''cannot find server - the page cannot be displayed". Whereas internet access to all other websites remain normal.

Current laptop info as follow:

Sony VAIO VGN-SZ18GP laptop.
Window XP service pack 2 version 5.1
Internet explorer version 6.0.2900.2180.xpsp.050928-1517

What else can I do next ?

Thank you

Kind regard

Jason

A:Please help !! Very nasty malware !!

Some of the new Virus are changing a setting in your control panel.
Goto Control Panel, Click on Internet Options, then the Connections Tab, Then LAN Settings
If use a proxy server for your lan is checked un check it.

That should get you back on line, but you probably still have parts of the virus and/or the same root kit I have.
Wait for a forum expert to give advice to the next step. Hint if you have Event 45 and 49 errors in your event viewer you still need help.

Read other 3 answers
RELEVANCY SCORE 47.2

Greetings. I have a very bad virus, rootkit or something on my firends pc that i'm trying to help her with. At first it was audio ads playing randomly and browser redirects. She did a system restore with last known good configuration then it started upa again and is now also not allowing me to open .exe files like MalwareBytes and blocking access to Control Panel items. I'm currently running in Safe Mode with networking on the Administrators account which semms to be working fine. I was not able to download DDS or the rootkit program. I'd appreciate some help if any one has any ideas. The OS is Windows XP hOme Edition.

A:need help with nasty malware

are you able to download those programs on another computer and copy them over on a USB?rename them to a .com extension - they may run with the .comTry the followingIf you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.Link 1Link 2Link 3Link 4Note:You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.At this point, you should now be able to run analysis tools.Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Read other 2 answers
RELEVANCY SCORE 47.2

This problem started about a month ago. I ran Spybot and had a few things found. I had followed instructions on deleting them and did so. My laptop was fine until I noticed graphical lag in a pc game. So I scanned again and the only thing found is SmitFraud-C which was one previously thought to be deleted. My spybot wont delete it. I ran Smitfraudfix and it also did not work. I am in safe mode almost permanently because when i log into normal mode i get bombarded with up to 2500 RunDLL32.exe error messages which puts my CPU to 100% and memory to 100%, thus my laptop wont function long enough for me to do anything. I have a Highjackthis log and notice that there are loads of RunDLL32 entries and they take up almost the whole log. Also i do have a BSOD (blue screen of death) but its just blue, no error message. Any help is appreciated.

Thank you

A:Nasty Malware

Hello miburowolf Welcome to TSF.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 47.2

Hi, hoping for some assistence regarding some spyware that seems to be able to keep installing itself on my machine.

I currently have an issue where a DNS changer keeps reinstalling itself on a machine.

I have run
ad-aware
spybot
spyware doctor
stinger
AVG antivirus

and have Zone alarm installed + behind a firewalled router.

I seem to be able to clear the infection but it keeps returning so it's obviously not quite gone.

Here is the Hijack this log which hopefulyl someone can asssist with.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:47, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Nap... Read more

Read other answers
RELEVANCY SCORE 47.2

Hello,

It seems that my computer as been infected by a nasty virus/malware since yesterday. I have tried to eradicate it with ComboFix but it keeps resuming its activities.

The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error

However I had web access via IE and Firefox.

Also HTML content was not anymore displayed in Outlook (images displaying red cross).

Then I could not install any new software, seems like the access to Registry was blocked somehow.

Even to start the GMER I had to go back to safe mode because it would not start.

Below are the following logs:
1. The last instance of ComboFix (Sorry I did not know about this website and the rules when I ran ComboFix, so I thought I would post the log for info)
2. The defogger log
3. The DDS log (plus the Attach)
3. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified.

Thanks in advance for your help.

Alex
ComboFix 11-02-22.04 - Alex 23/02/2011 20:38:48.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1595 [GMT 6:00]
Running from: c:\documents and settings\Alex\My Documents\Downloads\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

(((... Read more

A:Nasty malware and I can't get rid of it!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 26 answers
RELEVANCY SCORE 47.2

Symptoms - Pop-ups. disguised as Windows Security the malware stops all .exe files from launching, shows a page that says websites are compromised and doesn't allow access to most websites or search engines. Cannot run scans or any other programs in regular Windows mode. All scans are run from Safe Mode

a
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 13:00:26.76 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.806 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msi.com.tw
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java... Read more

A:Nasty Malware

Hello Danrick77,

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Boot into Safe Mode with networking as ComboFix will need internet access for a short bit.


====================================================


Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue... Read more

Read other 18 answers
RELEVANCY SCORE 47.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:16:14 PM, on 14/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\FolderSize\FolderSizeSvc.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\svchost.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\... Read more

A:Nasty Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Hello BleepingComputer community,I require some help, as my laptop seems to be infected with some malware. It's an old laptop, intel dual core @1.60Ghz with only 1Gb RAM, but perfectly suitable for small office-type tasks (such as e-mail, browsing, and editing documents). On it I have Win XP SP2 (yes, ancient, i know... I plan to upgrade it to SP3 as soon as I manage to solve the malware issue, hopefully with your help).There are 3 reasons which led me to suspect that there is an infection: 1. There are always at least 2 or 3 iexplore.exe processes running in background, even though i NEVER use IE. After terminating them and setting Firefox as the default browser in the "set program defaults" section of Control Panel, they seem to want to rise back from the dead, as I am constantly bugged by that pop-up window which says "IE is not your default browser, would u like to make it.."2. I am unable to access any antivirus website with any browser; can't go to kaspersky.com or eset.com, or malwarebytes.org3. A couple of USB memory sticks that have been plugged in this laptop have started to show that autorun.inf file, which i know is usually associated with malware infections (though I can't be sure this is the case)Below this post you will find the logs that are required. But first, I think I should tell you what I've tried so far: -installed, updated and ran Quick Scan with MBAM, it found various infections, and cured them all; I have the log f... Read more

A:Nasty malware

Please post the TDSSKiller and the ComboFix Log(s)

Read other 10 answers
RELEVANCY SCORE 47.2

Hello,

I have a virus that I have not seen before. Web pages are randomly popping up while in Internet Explorer. I have Norton Antivirus, buts scans have not been able to detect this. During a one hour period, I had 15 web pages pop up on my screen. It's obviously a rotator of some kind but I cannot find it. Here is my Hijack This! log:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:00 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\m... Read more

A:Nasty malware - please help!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

then when it has rebooted

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your... Read more

Read other 1 answers
RELEVANCY SCORE 47.2

Hi, I discovered strange entries in my startup menu and tried to remove them. I use Norton Internet Security which told me all was well and then I installed Malwarebyte' s Anti-Malware, SuperAntiSpy and ran the scans and cleanups all day yesterday but to no avail. The entries are still there. My options regarding access to a start in Safe Mode in Windows were also gone but I worked around that. I suspect that the Progam DivX Plus could be the culprit but I can't tell. Things are slow on the machine but it works for the time being. My Operating System is Windows XP, SP3.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:21:29, on 08/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
P:\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Fi... Read more

A:Nasty Malware

Read other 11 answers
RELEVANCY SCORE 46.8

Thank you in advance to anyone who can help me.I have some kind of virus on my Vista x86 installation. It causes certain URLs (including update.microsoft.com) to be redirected to a page that looks like an antiquated version of Google. Other URLs are simply unreachable/unresolvable, especially those dealing with virus removal.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:19 AM, on 2/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files&... Read more

A:Nasty URL redirecting malware

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of log.txt (<<will be maximized)

Read other 2 answers
RELEVANCY SCORE 46.8

this is my fault because i downloaded a binary file that has caused many problems. Firstly it would not let me open malwarebytes or spyware snd, so i had to locate each program in program files and vreate a copy of the .exe then change the name so i could open it.

i have scanned and removed what was found. I keep getting redirected every time i use google or i click a link, then i get popups too. This will not go away even after avg virus scans etc etc.

here is a hijack this log i have just completed:

Logfile of HijackThis v1.99.1
Scan saved at 14:44:51, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PRO... Read more

A:Ridiculously nasty malware

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 46.8

Sounds like I am having similar problems as other posters. Ran Adaware, norton, spy bot, etc. They either can't delete or fix, or these problems judt keep reappearing. Please help. Her is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:06:53 PM, on 5/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files ... Read more

A:Cant remove nasty malware

Hello ironhead1604 and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1First we need to remove a service.Part 1Click Start>Run, type services.msc into the Open editbox and click the Ok button.Locate the System Startup Service service and click the Stop button.In the Startup type dropdown select Disabled.Click the Apply button and then the Ok button.Close the Services windowPart 2Click Start>Run, type cmd into the Open editbox and click the Ok button.Copy/paste the line below into the Command Prompt window and press the Enter key:sc delete SvcProcClose the Command Prompt windowStep #2Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeO4 - HKLM\..\Run: [fkqwil] c:\windows\system32\sybnuq.exeNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #3We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) option.Click Yes to co... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

Helping my mom fix her laptop. On August 10th she had two programs with same file identification downloaded to her desktop. The file name is 6j5aq93iu7yu4.cn

I am unable to run any virus or malware scanners including her Mcafee. Also, when searching for tech sites via browser, once I click on the displayed items, if it is a antivirus site, it will not let me access that site. Attached is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:12 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1151107325\ee\AOLSoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Bonjour\mDNSRes... Read more

A:Nasty Virus or Malware

bump
 

Read other 2 answers
RELEVANCY SCORE 46.8

I keep getting "Security Center Alert" pop-ups every 10 seconds saying I have a fake virus and asking me if I want to block this suspicious software.

And I keep getting three porn icons on my desktop.

Aside from that, Firefox keeps freezing, which forces me to restart my computer every 30 minutes or so.

I'm really hopeless because I need this computer for school.

I attached my hijack this log.

If anyone could provide help I would greatly appreciate it.
 

Read other answers
RELEVANCY SCORE 46.8

This malware creates banner adds as well as other types of adds on websites otherwise add free. It even puts a long list of adds at the top of every google seach I perform. As well as popup adds specific to the type of thing I'm looking up. For instance, scholarship adds when I go to a school website. I have ran Superantispyware, Malwarebytes, CCleaner, and ComboFix. Nothing seems to help. I would appreciate any assistance I might receive. I can trade Math tutoring.
 
 
DDS Log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by One Cute Couple at 0:31:29 on 2013-05-21
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\SPDUpdater\updater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtua... Read more

A:Infected W/ Nasty Add Malware

Hello HallowedOri, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. 1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select Click the Delete button.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfile at C:\AdwC... Read more

Read other 13 answers
RELEVANCY SCORE 46.8

Hello everyone, I hope your evening is going better than mine. In short I'm having major issues with my computer all of a sudden. It being malware, trojans, or just user error I don't know, but I'm stumped to say the least.It all started when I noticed that I couldn't open my task manager. Pressing Ctrl/alt/delete revealed that the option to open it was completely removed. Obviously strange I was hoping a simple restart would help and that's when the real mess began. Upon logging into windows my desktop was completely gone except for the task bar, all my shortcuts and the background image where no where to be found. Going into the start menu under "All Programs" the folders were completely empty. Everything in my user folder was missing as well. After some tooling around I discovered that my folders were hidden (Strange) and after messing around with the "properties" most of them have returned. Some of my desktop icons came back alive as well after un-hiding "appdata", though not all of them are back.So I know Ive fixed part of the problem but there is still no task manager, I cannot open services.exe, I cannot "personalize" my desktop background or windows (again the option is completely removed), after multiple restarts I always get a message saying that windows service manager could not be started "Or something along those lines" and as I said before I still have plenty of missing shortcuts and folders. ... Read more

A:Nasty Trojan? Malware? Please help.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418015 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

Hi Guys, My laptop has been infected with a real nasty one. It closes taskmanager, all browsers, Ms Office etc after a few seconds. I Googled the problem and have scanned with Kaspersky Online, Panda Online, Symentec Online scanners, Spybot, MalwareBytes, Spyware Doctor, Ad-Aware Free. They found and removed some crap but the problems remain. I have also run ComboFix, Sdfix, Smitfraud Fix, All Virtumondo Scanners, Mutiple cleans with Atfcleaner but to no avail. During my struggles with the problem for the last couple of weeks, I have made some observations which might be helpful for you guys.

- The malware somehow executes a little while after the Windows startup, so if I put the useful programs in my profile's startup folder, they run OK but if I close them and try to run them again, they disappear after a couple of seconds. Any program which I manage to start during the time when startup processes/services are loading also manages to stay.

- If I kill explorer.exe and run it again, the explorer gets into a run/kill loop i.e the desktop and taskbar start disappearing and appearing.

- I renamed taskkill.exe in system32 folder but the original file was instantly recreated.

- I removed a suspicious messenger related dll using Hijackthis and the problem was solved for a couple of days, but a blue screen made me restart the laptop and the same old problem returned.

Here is the DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by dead horse at 9:39:07.01 on 2009-04-22
Intern... Read more

A:Infected with a Nasty Malware (Not sure which one)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

 hijackthis6.1.08.txt   8.98KB
  29 downloadsI am having problems with this warning on my desk top. Please help. "Warning spyware detected on your computer! Install anitivirus or spyware remover to clean your computer. I have run norton as well as several other spyware software tool.

A:Nasty Malware Problem

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

Read other 2 answers