Over 1 million tech questions and answers.

Possible Trojan infection of Robot type

Q: Possible Trojan infection of Robot type

Recent posting of sweetpack virus and redirect over a month ago. Since that posting I was unable to communicate for reasons listed below.
 
Scans performed were posted, however I have not been able to run any additional scans
My wireless netgear card drivers are now missing
I have 3 remote log ins
My C drive has been deleted or removed or moved, but no longer visible
Now have a D drive that contains more data then my C did
I am no long allowed access to my personal folders
I am unable to boot from DVD drive
After setting computer to orginal restore point (factory settings) all data is still there
When checking site information/heading etc information indicates Robot info
I still get redirect issues
When in safe mode I am still denied access to files
Windows 7 Premium Home is operation system...but from what I can see it appears I am running Windows NT x86
 
Unable to access any Lan or Wireless connection for internet and can not run programs through DVD ROM.
 
How can I rewrite my system bios to rid the hidden trojan?

RELEVANCY SCORE 200
Preferred Solution: Possible Trojan infection of Robot type

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Possible Trojan infection of Robot type

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502805 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 2 answers
RELEVANCY SCORE 59.6

Dear sir or madam,

First, thanks in advance to whomever takes the time to help me out. This is my first time posting, and I hope I am following the accepted protocols. I have been working on the "family" computer, a Gateway GT 5058 with 4 gig RAM and AMD Athlon 64 x2 3800+ cpu running XP Media Center Edition with SP2. The computer has current McAfee Security suite (VirusScan, Personal Firewall, Security Center, Site Advisor, Anti Spam, etc.) running. I think that my son or wife fell victim to some "human engineering" attack and clicked on or opened something they shouldn't. Anyway, a short while ago, the McAfee started alarming on suspicious activity (I did not actually read the messages, by family simply acknowledged them and kept doing what they were doing. I finally started to try to eliminate the problem as follows: Scanned with McAfee VirusScan and found nothing. Tried to download the current version of AdAware, and was stopped by a warning message in a box that looked like the XP theme. At top, it says "Security Alert", and in the box it says "Your current security settings do not allow this file to be downloaded". The only control in the box is an "ok" button to acknowledge and close the box". Turns out that this message pops up almost every time I try to download any of a number of AV / spyware / malware tools. I am suspicious that this message is being created by the infection as a means to prevent removal.... Read more

A:Backdoor/trojan Infection (unknown Type)

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

I used 8-10 trogan, adware, malware programs previously suggested. It helped in the sense that web/email access doesn't crash every 10 minutes, but still freezing often (a few times in an hour) and I can't use Explorer at all. Even when I tried to download hijackthis.log it froze! And then again when I tried to send this log. Here is the log. I'd appreciate help. Thank you in advance. LeesteffyLogfile of HijackThis v1.99.1Scan saved at 2:00:43 PM, on 11/25/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Sp... Read more

A:Don't Know Type Of Infection/problem -email & Web Still Freezing Even After Use Of 8-10 Anti-trojan, Malware, Etc Progr...

Please download LQfix.exe and save it to your desktop.Double-Click LQfix.exe and click Next > Next > Install.Leave the default settings, if you change them, the fix will Fail!Now make sure the "Launch LQfix" box is checked.Click the Finish button, after clicking the Finish button the fix will start.Follow the on-screen prompts.Your system will now reboot afterwards.Please be patient after the reboot, there is a script running in the background that needs to complete.Now do a scan with HiJackThis and post a new log by using Add ReplyDavid

Read other 7 answers
RELEVANCY SCORE 56

Hello,I'm new to this forum. I've tried almost everything else and still can't find a solution to why my computer continues freezing. in advance I apologize if I am posting this information incorrectly but I don't know where else to request help. I have run Panda Active Scan, BitDefender, Kaspersky, I would've run my initial MCafee Virus software but initially it didn't even boot; now it takes me to the menu interface but it freezes as well. I noticed this problem last Thursday night. I first noticed it when attempting to play music through ITunes. As of now, the computer tends to freeze the fastest when I'm opening Itunes. I know these Virus Scans might be irrelevant but I figured it's best to have more information. I've included the Hijack this log.DDS (Ver_09-05-14.01) - NTFSx86 NETWORK Run by Administrator at 22:22:44.34 on Mon 06/08/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.242 [GMT -4:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.... Read more

A:Computer Freezes when opening programs/Don't know Infection Type Possibly Security Toolbar or Virus/Trojan

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 36 answers
RELEVANCY SCORE 51.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 45.6

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

Read other 12 answers
RELEVANCY SCORE 45.2

Hi,

I'm not sure of the specific type of infection. Google searches point to vundo possibly. Symptons included a pop-up informing me that system was infected. I tried to close pop-ups by clicking on the red 'x' - I'm not sure if that's the right way to close those pop-ups.

AV software is a McAfee bundle provided to cable customers.
WinXP SP3

----------------------------------

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Admin at 19:13:15.20 on Sun 04/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1522 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4da... Read more

A:Some type of infection

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

With Regards,
Extremeboy

Read other 19 answers
RELEVANCY SCORE 45.2

I cannot get the DDS program to run. Whatever has infected my computer will not allow it to open. I could not open and run Hijackthis either. I finally got Hijack this to run by changing the file name to "scanner.exe"The main thing I am noticing is that when I do a google search, then click on one of the results, I get taken to an advertising website and not where I was suppose to go. I also "feel" as if things are running slower.Here is the log from HijackThis, as I cannot get DDS to run. Any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:05:11 AM, on 5/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CAPM... Read more

A:infection - do not know type

I have been working on my computer with malware and spyware removal software and have cleaned it up some. My searches are no longer hijacked, but things still seem to run slowly. I still cannot get DDS to run?? Here is a new HijackThis log. Please someone take a look and see if there is anything else that can be done. I really would appreciate hearing from someone.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:20:54 PM, on 5/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CAPM1RSK.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

Just a few hours ago as I was desperate to watch the Flyers/Sabres game 7, I attempted to install a plugin (ilivid) and as it would be, the program did not install but did leave me with a very some great headaches as I can no longer open any of the programs on my pc, none of these programs will run on startup, system restore will not run, it uninstalled from the "remove programs" field, but after looking in the "program files" field, I see that it is still there and will not let me delete it manually and thank god that despite taking forever to open up and prepare itself for use, IE will work. But I really need some help with this one guys/gals. I am at my wits end with this with no other options to turn to, please help!

A:some type of infection

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 45.2

I'm not sure what the issue here is...my system won't boot into safe mode it just goes back to the black menu boot option screen, and it won't do a system restore. I've attached my "main" and "extra" report logs. Can anyone see if there is something wrong here? Thanks for any help!!!

A:Not Sure Of Infection Type

Hello nikmarkWelcome to BleepingComputer ========================If you are still in need of assistance please post a new Hijackthis log.

Read other 1 answers
RELEVANCY SCORE 45.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:22:29 AM, on 8/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\windows\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\windows\system32\slserv.exeC:\windows\System32\svchost.exeC:\Progr... Read more

A:I Don't Know What Type Of Infection I Have

I think i got the vundo virus but i'm not sure. Ad-aware came up with that. How that helps out. Thanks for your time
Andrew

Read other 11 answers
RELEVANCY SCORE 45.2

I have run multiple scans with multiple programs: Spybot, Spy Sweeper, XoftSpySE, Spyware Doctor, and Malwarebytes. My modem is constantly running, even when I'm not using the internet. my computer will not open programs when I click on the desktop icons. I had to run these programs with my computer in safe mode.Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-17 13:48:16Microsoft Windows XP Professional Service Pack 3System drive C: has 10 GB (24%) free of 40 GBTotal RAM: 1023 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:48:16 PM, on 12/17/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Administrator.exeR1 - HKLM\Software\Microsoft\Internet Ex... Read more

A:Not sure what type of infection

Hello Simon_1,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you. If you can get just a HijackThis log in normal mode, that would be even better. Thanks,tea

Read other 2 answers
RELEVANCY SCORE 45.2

First, thank you very much for the willingness to help. In the past I've found answers to problems here just by looking at other threads, but this one is especially challenging. I'm running XP SP2, nothing special.

Here are the symptoms:
-slow Internet connection
-frequent shutdowns of the browser (primarily Firefox)
-the computer won't hibernate or Standby...if it gets to this point it stalls indefinitely on the page that states: "...preparing to standby [hibernate]"...I know this is periodically a problem in Windows, but this is a change that occurred recently
-periodically, without shutting down, while using the Internet things will just gave disgustingly slow
-these problems started about a month ago after I loaned the computer to my roommate (...I think he downloaded some porn, but I haven't found any, just speculation on my part)

What I've tried:
-SmitFraudFix
-SuperAntiSpyware
-both were newly downloaded and updated

Here is a HJT log and thanks again for the help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:42, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireles... Read more

A:Some type of infection...

Read other 7 answers
RELEVANCY SCORE 45.2

Several days ago my computer screen had vertical lines in it and went blank (I had a free version of Avira installed). I was able to restore to an earlier version but I uninstalled Avira and installed paid version of Webroot instead. Webroot didn't find any infections and every time that my computer boots up I get a message about Avira. SO Avira is not completely uninstalled and my computer is freezing up and is in a very unstable state. This is a computer for an office practice and I really need help as I can't afford to buy a new one. Operating system is Windows Vista HOme premium service pack 2. I know next to nothing about infection removal and I know something is wrong. Here is my Hijack this log file if anyone can help me:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:09 AM, on 12/21/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.co... Read more

A:I don't know what type of infection I have

Also when I run Hijackthis I get the following weird message:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run, and type

C:\Windows\System32\drivers\etc\hosts

and press Enter
Find the lines HijackThis reports and delete them. Save the files as 'hosts' (with quotes) and reboot

For vista simply exit Hijack this Right click on the HijackThis icon and choose run as administrator

Read other 17 answers
RELEVANCY SCORE 45.2

Hey there,Apart from receiving many pop ups, whenever i try to access popular websites like apple.com, itunes.com, youtube.com etc i get redirected to some other websites, most of the time this website www.miaminews365.net/look.php?aff=8131&subaff=1312&qq=games...I have used adaware, spybot search and destroy and norton anti virus to scan and destroy all the bugs found. However the same problem arises after a while.Would appreciate all the help i can get. Thanks.My log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:45 AM, on 7/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Apple\Mobile De... Read more

A:Not Sure What Type Of Infection My Com Is Down With

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 13 answers
RELEVANCY SCORE 45.2

Hi. I hope someone here can help me. I'm not sure what's gone wrong, but I'm hoping you can tell me how to fix it. My computer is running really slow and my windows media player is mucking up. It will play a couple of songs ok and then it will start skipping. It sounds like a cd skipping.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:39:58 PM, on 2/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CA\eTrust Vet Antivirus\ISafe.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\SnoopFreeSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exeC:\WINDOWS\system32\Search... Read more

A:Not Sure What Type Of Infection I Have

Hello helpme22,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 12 answers
RELEVANCY SCORE 45.2

Some weird stuff has been going on with my computer. I'm not much of a computer expert, so I don't know what's infecting my computer. Spyware, malware, or adware, I just want it gone.What's Been Happening1.) Ad. voices (ex. "Congratulations, you've won a free iPod.") coming from NOWHERE, even though I don't have the internet open.2.) Advertisements are popping up even though I don't even have a browser on.It's mostly advertisment problems, but I don't know where they're coming from, why they're here, or how.Here's the link where I got some help from and why it led me to here: http://www.bleepingcomputer.com/forums/topic178067-15.htmlHere's the log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:28 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Fil... Read more

A:Some Type Of Infection

Hello CuriousDude01,Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),Also remove the checkmark from the the Lock Desktop Items box if it is checked.Apply.Apply and Exit Display properties.Please delete SDFix.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 14 answers
RELEVANCY SCORE 45.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:26:14 AM, on 8/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Executive Software\Diskeeper\DkService.exec:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Novatel Wireless\Sprint\Sprint PCS Con... Read more

A:Not Sure What Type Of Infection

Hello dpoagWelcome to BleepingComputer ========================Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Read other 11 answers
RELEVANCY SCORE 45.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:22:22 AM, on 6/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Google\Update\GoogleUpdate.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\CyberLink\PowerDVD\... Read more

A:I'm not sure what type of Infection I have

Hello flavabrwn and welcome to Bleeping Computer forum,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.*************Disable Ad-Watch to make sure it won't interfere fixing.Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything)... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

Please Help Me... My computer freezes at the desktop startup. It will work fine if I disable the wireless connection before it completely load the desktop.I have scanned my computer several times with norton internet security. Please analyze my log file and let me know what you think. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:00:09 PM, on 11/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\3B Software\Windows Registry Repair Pro\Re... Read more

A:Not Sure Of Infection Type

Hi lakeroad434, Welcome to the forum,

We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like. If you still require assistance please post a new HijackThis log into this topic and I'd be happy to check it for problems.

Thanks

Andy

Read other 1 answers
RELEVANCY SCORE 45.2

Hi, I am fairly new to the world of computers and so when I seem to be having problems with my laptop. At my college I was using the wireless internet when my computer started acting strange. Everything was slower, things were not working, and it was just giving me all sorts of problems. I looked in my windows folder to find several items labeled with various forms of "twunk_32 & twunk_16 & Twaing Working Group". I know these files have something to do with the problem and so when I tried to delete them it told me that I did not have permission to access these files. I dont know what to do, you are my last resort. But, after finding your site I downloaded both HIJACKTHIS and AVG ANTI-SPYWARE. Here is the log of HIJACKTHIS-Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:10 PM, on 3/10/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\... Read more

A:Not Sure What Type Of Infection But Needs Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

Read other 2 answers
RELEVANCY SCORE 45.2

As the title says, I've got myself some type of bad infection, I don't have a paid/good antivirus or antimalware..I cannot afford it, so I've been using avira and super antispyware, free versions, for about the past 7 months. Nothing was ever perfect, as at times my resolution would go to a very large size, and I got a networks connection pop up continously a zillion times until I hide it. Getting to now, my computers been freezing every day and not wanting to FULLY start, it shows the windows logo forever, it never goes away, if it happens to it isn't until 15 minutes later and then it's just a black screen, after numerous on and offs it FINALLY works, but I know soon it's going to kill my hard drive, restarting that much. I also get a "disk check" when restarting each time, I figured though it has to do with my second hard drive on here that is currupt, because even when I use to get that message everything was fine/better. Anyways, I'm stuck as to what to do, if you can please help give me some advice on this, I'd very much appreciate it. I don't want to fry this hard drive.

I almost forgot, hah, most important (I think, could be wrong, but I think it'll help graciously nonetheless), this is an example of something I get thousands of EACH DAY, this is just one cache line of example:
C:\Users\UserName\AppData\Local\Mozilla\Firefox\Profiles\v4r8rlc7.default\cache\0\00�... Read more

A:I have some type of bad infection

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

Hello. This is my first post on this forum. Please forgive me if it's not in the right place or in the proper form. I have a malware infection of unidentified type. So far, I've run scans with Spyware Doctor, Ad-Aware and Windows Defender and fixed all problems found. However, I'm not sure if I've removed all the malware. I've run a HijackThis scan but do not know how to interpret the results. Any advice, comments or suggestions would be very much appreciated. Here's the log. Thank you in advance for your assistance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:52:57 PM, on 3/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\csrss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\System32\Ati2evxx.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\System32\brsvc01a.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\System32\brss01a.exeF:\Program Files\APC&#... Read more

A:not sure of infection type

Hello notsurewhattodo,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 44.8

I have run AVG Anti-Virus. I then removed it and installed McAfee Security Center and it did not find any infections. However, my mouse cursor goes out of control and windows start opening and the start menu pops up. Then a box comes up that asks if I want to close tabs. If I wait long enough, I can hit cancel on the close tabs window. Then, if I click on the start button, the start menu goes away and I am again in control of the computer. I have also run spybot and ad-aware in the past and I remove any infections they have found. Thanks for any help you can give. I am not sure what I am looking for when it comes to this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:28:28 PM, on 26/02/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\lxdicoms.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\S... Read more

A:Some type of infection/malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

DDS (Ver_09-02-01.01) - NTFSx86
Run by Natalie Roberts at 1:18:00.50 on Tue 02/17/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.341 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Progra... Read more

A:dont know what type of infection

Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked ... Read more

Read other 25 answers
RELEVANCY SCORE 44.8

Hello and Thank You in advance for any help. I'm not sure if I have an infection but anything I have running (games etc.) minimize for no apparent reason then often experience a problem and need to close. This has only been occurring for app. one week. I always have Windows Firewall enabled and I use AVG Free Edition anti-virus. I use CCleaner several times daily to keep cookies and temp files cleaned out. I also run Sybot Search& Destroy as well as Ad-AwareSE but all scans come back clean. It's almost as if a pop-up has been activated yet there is no visible pop-up window. Could it be a back door program? Since nothing has been found in the above scans I thought I would post here and hopefully get an idea what might be causing this.DDS (Ver_09-10-26.01) - NTFSx86 Run by Ed at 6:11:52.68 on Sat 11/14/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1115 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC... Read more

A:Infection type(if any) unknown

Hello and welcome to BC forums.Step 1Right click on the Ad-Watch icon in the system tray.At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: This will turn Ad-Watch On\Off without closing it. Automatic: Suspicious activity will be blocked automatically.Uncheck both of those boxes.Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 21. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two ch... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

I was infected yesterday with what I thought was this typical "Stealth intrusion" 'antivirus' bug that attacks my computer sometimes. Malwarebytes had usually removed it, but it wasn't finding it for whatever reason. So I updated Malwarebytes, found a bunch of Malware, and deleted that stuff. But Avira Antivirus is finding some white-listed stuff and I don't know what I should be looking for, or how to get rid of it. It's been doing some odd stuff to my computer like causing it to slow to a crawl, running debuggers, and I don't even know what's connected. I have a Hijackthis log. Avira says I'm infected with a file that hits explorer and something else vital, and it can't be quarantined.
Here's my Hijackthis log. I'm sorry if this is vague or not helpful, but I do appreciate any advice you might give me.

Oh, and I'm safe mode right now.
Windows XP SP3

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Stephen Flemming\My Documents\My Videos\Copy ... Read more

A:Not sure of infection type, but cannot remove it.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 44.8

**EDIT** - I ran a malware program and it took care of somethings, here is my latest HJT log.Hello,First of all I want to offer my greatest thanks for those who run, maintain, and respond to these threads. Thank you so much for your time! Here is my HJT log. I'm sure there is lots of junk:*******************************EDIT EDIT EDIT EDIT************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:53:30 AM, on 2/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Symantec AntiVirus&... Read more

A:Forgive me, not sure what type of infection (or if I even have one)

UPDATE: NOT A BUMP

Just received this email from my school.... speak of the devil.

All,

? This is a warning about AntiVirus2009 Spyware that has infected several student laptops over the past few weeks and months.



? AntiVirus2009 is a misleading application that may give exaggerated reports of spyware/virus/malware threats on your computer.



? A detailed description, with pictures of the Spyware, is available here

.



? Additionally, a video is available here

which details how one would become infected with the AntiVirus2009 Spyware.

If you begin to get pop-ups from your Internet browser asking you to install AntiVirus2009, the best way to prevent an installation from occurring is to immediately shutdown Internet Explorer and/or Firefox. To do so:

1. Hit Crtl + Alt + Del to open the Task Manager

2. Go to the ?Processes? tab

3. Find ?iexplore.exe? and/or ?firefox.exe? and highlight it

4. Click ?End Process?, and select Yes to continue

5. Repeat steps 3 & 4 if ?iexplore.exe? and/or ?firefox.exe? is listed more than once.

6. After you have ended all of the processes you can re-open Internet Explorer or Firefox and continue to use as normal

If your laptop has been infected with AntiVirus2009, or you suspect it has, please visit the SOP helpdesk in the Pharmacy Learning Center, room 133.

Best,

SOP Helpdesk

Read other 5 answers
RELEVANCY SCORE 44.8

I have been trying to resolve my malware infection issues over the last 2 days. Initially, I could not even boot into safe mode or run mwb. After repeatedly running the anti malware programs I have been able to peel away some of the malware and finally was able to boot nto safe mode. Today, I have run the following programs in safe mode in this order and have the logs saved if necessary:

SuperAntiSpyware
MBAM
Spybot S&D
Combofix
RootRepeal
MGlogs
DDS

I am not currently receiving support from any other source and would appreciate another set of eyes to take a look at my logs and see if I am clean. I suspect not, because everytime I run an antispyware removal program, new instances are found.

Here are the logs from DDS and RootRepeal:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Scott Barger at 14:01:21.51 on Wed 10/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.234 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMo... Read more

A:Am I clean? Infection type?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

For about 2 weeks now, since downloading something from limewire, my internet has been extremely slow, tons of pop-ups, internet says not responding...after that boyfriend deleted a lot of files from the add-remove program.... and my computer is just running horribly. Please help...this is the report from DSSthank you so much-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-29 16:10:41Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug... Read more

A:No Idea What Type Of Infection :(

Welcoming to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I'll try to help but I am coming in late and all the removal that has been done was information I should have seen. The lines from the Kaspersky Online Scan (KOS) are showing infected System Restore files, so do not use SR until those are cleaned ot the junk will get back on the computer. If you still need help, this is what I would like you to do. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do. This can be a tough infection to remove so do not expect fast or easy. I would like to see a complete KOS, create that like this:Run this online scan using Internet Explorer:Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner Next Click on Launch Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.* The program will launch and then begin downloading the latest definition files:* Once the files have been downloaded click on NEXT* Now click on Sca... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:55:00 PM, on 1/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\winvnc.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Network Associates\Common Framework\UdaterUI.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Network Associates\Common Fra... Read more

A:My Hijack This Log -- Don't Know Type Of Infection.

Welcome to the BleepingComputer HijackThis Logs and Analysis forum JoannaMMy name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerIf you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any othe... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

Here is the log file from HijackThis. I'm sorry I don't have a lot of details other than upon startup the Common Folder opens and the helper.dll file is present. My browser seems to be "hanging" quite a bit as well.

A:HijackThis Log - Not sure of what type of infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

After removing my viruses w/ Norton, my desktop is now blue and am unable to use the scroll key or "browse" key under the display panel. Googling told me to download HJT, but I'm computer illiterate and am apprehensive of what I'll do to my pc... pls advise

A:Type Of Infection? No Idea

What malware did Norton say that it removed?Go to Start > Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab and under "Web Pages", look for a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Make sure the lock desktop items box is unticked. Click "Ok" then "Apply" and "Ok".Download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.During the installation an icon will automatically be created on your Desktop.Double-click on the RogueRemover icon to launch the program.Select Check for Updates.If prompted, click Download to receive the latest updates. When completed, close the update window.Select "Scan" and follow the onscreen directions to remove anything found.The program will walk you through the remaining steps.Download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, m... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Thank you, in advance, for any help you can offer. I am beyond frustrated...I have, and use, Trend Micro and Spy Sweeper for both spyware and virus (actually Trend Micro is full protection) but I still have a computer going nuts! The scans conclude with various "spyware" but have never warned me about any other threat.At noon (I have no idea why noon, but the computer works fine until then) all sorts of trouble happens. I get a lot of messages saying that I can't perform functions because there is not enough memory (but attempts to clear memory don't make any difference.) I get spontaneously logged off and the computer shuts down. It takes forever to move between screens, I get blank emails (the heading is there, no message) and then I run a scan with Trend Micro and the message sometimes shows.The computer won't shut down when I try. Now, when I run a scan with Trend Micro, the computer shuts down before the scan is finished. Oh, and the words on my computer get reconfigured and appear on top of each other...sometimes the computer screen gets mixed up and vacant too.I downloaded Hijack This, I hope that someone can help me. I am really at a loss, I know nothing about computer language:Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:56:50 PM, on 4/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS�... Read more

A:Sorry, I Have No Idea About The Type Of Infection...

Hello jaxn,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 44.8

Morning,

Have a problem with one of my PC's. Constant popups about infection, and needing to download some software. The description I used to search this particular issue was "yellow triangle exclamation point system tray". I found info over a year old until I came across this sight. Saw a similar recent issue, so I thought I'd join the community for help. So....

Used the link above (prep guide for using Hijackthis) and ran Housecall last night. It found issues that Adaware and McAfee could not. From the housecall results, I believe I have/had "Freeloader Smitfraud". Prior to housecall and this community, I installed and ran Hijackthis, in preparation for communicating my problem. In retrospect, your guide was exactly what I needed. Thank you for that.

Housecall took over 7 hours to run; also, I recall a previous experience (with a work PC) where it was estimating over 5 hours. Is that software always slow? I run DSL.

Won't get back to that PC until after work tonight; I'll most likely try the next software on your list (Panda or Bit) if the issue still lurks.

What forum is the best place to post my history so others can learn?

Thanks

A:Some Type Of Spyware Infection

If you're still having problems see the following fix:How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid

Read other 14 answers
RELEVANCY SCORE 44.8

I am running Windows xp on a dell inspiron laptop. Lately I am having so much trouble typing, use has  become pretty much impossible. This is the best I can do to describe the bizarre behavior -
 I begn to type and it simply stops even though I am hitting the keys, it deletes words, letters or whole sentences I have typed or jumps back to something typed many spaces back and puts what I am currently typing in the middle of a new word.
 
Before posting on the windows xp for.um, I ran malwarebytes. It decected Tidy Network but failed to remove it. I ran several more scans with the help of someone on the windows xp forum  but the issue remains. At last I accidentally found tidy network on my, addon list for Firefox, and removed it there but the typing issue remains.
 
Previous posts - http://www.bleepingcomputer.com/forums/t/490451/typing-troubles-jumping-cursor-and-tidy-network/
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/21/2013 10:08:35 PM
System Uptime: 4/4/2013 11:11:29 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Intel® Core™2 Duo CPU     T5450  @ 1.66GHz | Microprocessor | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 51.518 GiB free.
D: is CDROM ()
E: is Removable
.
... Read more

A:Unable to type possible infection?

Greetings and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simpl... Read more

Read other 3 answers
RELEVANCY SCORE 44.8

Hello All -

First thing's first - thank you very much for providing this service. I consider myself to be reasonably tech-savvy and this one seems to still be biting me.

About a week ago, my Vista x64 desktop at home was identified by my ISP as in violation of their terms of service, and my connection to cable internet was blocked. I ran the appropriate scans, MBAM/HJT/ and used CCleaner to double check what was happening at starup. Seemed I had the braviax problem that's been going around lately.

Thru the use of MBAM/Trend Micro/Avira I've seemingly gotten rid of the problem. Got my network connection turned back on, and then, 1.5 days later, it was shut down again.

Went thru the entire process listed above again, and while I thought I got it taken care of (no notifications of any infected files), when connecting to another network with that PC, that network was also shut down (same ISP).

On MY network at home, I'm using Windows firewall. That's the only machine that is hooked up to the network at present. I'm not really getting any slowness/sluggishness out of the PC itself.

Also, I tried to run the DDS and RootRepeal tools, but apparently those do not work with 64 bit OS.

Here is a HJT log that I took this morning - any help would be greatly appreciated.

A:Not sure what type of infection - need some assistance

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hi there and thank you in advance for any assistance- I'm at my wits end.
I can log on in safe mode. However, I'm unable to start normally. I ran malwarebytes anti-malware and super antispyware. Both did show some problems. In both cases, I checked the fix sections and rebooted but alas, to no avail.
When I attempt a normal start, the log on takes my password. The background wallpaper comes up but no icons are on the screen, no start button, nor does it allow me to access any programs.
I have run the DDS software mentioned in the other section but it is well above my knowledge range to be able to use it's printout to help my problem, so I humbly ask for your help. Cheers.

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Administrator at 12:03:31.48 on 27/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.309 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: iolo AntiVirus? *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: iolo Personal Firewall? *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\... Read more

A:Unsure of infection type

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

I downloaded file that was supposed to install maps for my Garmin Nuvi GPS. I allowed program to install after the Vista warning (Allow). I suspected something was wrong so I ran MalWareBytes and it found 2 trojans and I chose to delete them. After rebooting, my firewall alerted me of a new network connection (169.254.32.129). I checked to make sure that wasn't the IP address my modem was currently using. I did not note the names of the infections, sorry. I didn't see in the tutorial what to do with the HijackThis log, so I attached it as well.

*EDIT: I've included 2 MalwareBytes logs from this that showed 2 infections.

DDS (Ver_09-09-24.01) - NTFSx86
Run by Home at 21:53:19.11 on Sun 09/27/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3316.1742 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Wind... Read more

A:Possible Infection (type unknown)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Dear HijackThis Team:
I would greatly appreciate your time and expertise in helping me analyze my hijackthis log to determine the type of infection I have, if any.
 hijackthis1.txt   15.32KB
  18 downloads

A:donot know the type of infection I have

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hey folks,

I'm currently trying to fix my girlfriends laptop as it was hit by a variant of the above. As far as I can tell the initial entry was gained through a prompt to update the flash player on a popular social networking site. Initial symptoms included a host of pop-ups and warnings (clearly false/suspect - this checks out against my PC's antivirus product database) and a browser hijack. I have run Spybot and Malwarebytes which has removed upwards of 30 infected files, many of which were Zlob related (I have a log of the initial quickscan and can post it if useful)

However, I'm still getting prompts from Spybot that something is trying to redirect the homepage from google to about:blank and it has a very suspect toolbar installed which cannot be removed through a regular uninstall process. When an uninstall is attempted it prompts for an immediate restart prior to uninstallation. This strikes me as odd so I have not tried it yet.

Any thoughts on this would be much appreciated.

Cheers

A:Zlob.N type infection

Please post the results of your MBAM scan for review.To retrieve the MBAM scan log information, launch MBAB.? Click the Logs Tab at the top.mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe? Click on the log name to highlight it.? Go to the bottom and click on Open.? The log should automatically open in notepad as a text file.? Go to Edit and choose Select all.? Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.? Come back to this thread, click Add Reply, then right-click and choose Paste.

Read other 7 answers
RELEVANCY SCORE 44.8

Hello, I ran combofix and it seemed to have cleaned the infection, but it quarantined all my media files (70 GB worth). I would like to know how do I retain all those files? At first I thought they were all deleted but they seem to be in a folder "Qoobox" where it added .vir at the end of each file. And is there anything else I need to do with combofix?

Thanks.

A:Need help with infection (not sure the type) and combofix

Please read about the problem and the fixhttp://www.bleepingcomputer.com/forums/t/290138/combofix-problems-and-resolution-for-legitimate-files-being-deleted/

Read other 1 answers
RELEVANCY SCORE 44.8

hmmmm not the best title but I didn't know what else to write!!Anyway I've been having loads a problems with my laptop recently and was told if I run a hijackthis scan (?) and post the logfile here someone here might be able to help me This is the logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:51, on 07/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Elantech\ETDCtrl.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\PersistenceThread.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Battery Meter\BTMeter.exeC:\Program Files\WSED\WSED.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exeC:\Progr... Read more

A:I have no idea what type of infection I have!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 5 answers
RELEVANCY SCORE 44.8

Downloaded malicious malware from keygen (site
h**://****.servegame.com/getfilez/Keygen.AV_MP3_Player_Morpher_4.0.83.exe)

Essentials discovered 5 infected files in C:\Documents and Settings\adrian\Local Settings\Application Data\4b737391\U\00000001.$

After deleting, they pop back in there when I connect to the internet.

Here is the log. Thank you!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:53 AM, on 1/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\explorer.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINXP\system32\RunDll32.exe
C:\WINXP\system32\keyhook.exe
C:\WINXP\system32\sistray.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINXP\system32\... Read more

A:Win 32 sirefef type infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hi All, As per instructions from boopme at, My link I am opening a new topic in this forumI ran OTL,exe and was expecting it generate two different logs, however it only produced s single log file . The log file that was supposed to have been minimized when the program had completed wasn't there, so I ran OTL.exe again and it still only generated a single log.Anyway, here is the log file that it generated:OTL logfile created on: 11/4/2010 2:40:00 PM - Run 3OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ADMIN\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 126.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 13.00% Memory free3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File freePaging file location(s): C:\pagefile.sys 2500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 51.05 Gb Total Space | 36.01 Gb Free Space | 70.55% Space Free | Partition Type: NTFSDrive D: | 4.87 Gb Total Space | 0.92 Gb Free Space | 18.87% Space Free | Partition Type: FAT32Drive E: | 678.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: WENDYS-BOX | User Name: ADMIN | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Cur... Read more

A:Possible Infection Type Unknown

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 11 answers
RELEVANCY SCORE 44.8

Hello I have had this problem with my computer for a few days now. Including:All searches being redirected (many times at once)Every 5 minutes exactly, ESET NOD32 detects an attack coming from hxxp://91.212.226.180 which keeps trying to download the file 2491.exe. Also this IP has been attacking my system32/svchost.exe. Which after trying to block the IP with NOD32, svhost.exe actually runs on my desktop when I've been idle for some time (freaking me out.)EDIT: The name of the threat(s) are-Win32/TrojanProxy.Agent.NFV TrojanWin32/Packed.ThemidaWin32/Agent.QOH trojanWin32/Induc VirusNothing else is detected after running Malwarebytes Anti-Malware, NOD32, Spybot, Ad-Aware, or SUPERAntiSpywareI have all the log files suggested to have attached here, will post in text if needed.Thanks for any help

A:Some Type of Infection/Attack

Problem Solved, read a few other posts similar to mine, RootRepeal and GMER revealed rootkits.After running ComboFix (at my own risk, I understand):c:\windows\system32\WORK.DAT deletedInfected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Voila! No more search redirections!Thumbs up to the creator of Combofix!

Read other 2 answers