Over 1 million tech questions and answers.

Previous infection preventing SP3 and Wireless?

Q: Previous infection preventing SP3 and Wireless?

I am working on a a family member Toshiba laptop. It was infected and cleaned by a an office chain before me. I don't think it was completely working because I found drtrans32.dll loaded. I removed this with UBCD4WIN boot disk, installed a fresh battery, and found that it was cluttered with autoruns. I cleaned up the autoruns, ran several virus checks including Runscanner. Next, I found that it would bsod at times. Turning off the wireless card would prevent the crash.
 
I updated the Intel wireless driver, and now the radio will not function. I uninstalled and reinstalled the wireless card. I have updated the Intel wireless driver using the Intel utility. The new driver from 2007 does not work, and the old one crashes when I rolled it back.
 
I discovered that SP3 was installed, but not reported. I uninstalled SP3 and reinstalled, but the installation hung after nearly two hours. I shut it down and rebooted. Now, it still reports to be SP2. I has some suspicion that limited RAM stops SP3 install.
 
Please help. Here is the URL for a report on the computer:
 
http://speccy.piriform.com/results/cpihwy0Q408MYis5jZTJrER
 
 
Cheers

RELEVANCY SCORE 200
Preferred Solution: Previous infection preventing SP3 and Wireless?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Previous infection preventing SP3 and Wireless?

Hi All,
 
I know it is summer, but I had hoped someone would offer an idea this weekend. I keep trying changes in the computer, but the wireless will not work.
 
I was able to get the wireless to work if I booted entirely from UBCD4WIN. This proves the radio card is working. However, I had to turn off encryption to get a connection. In that past with other laptops, I never needed to turn off encryption from the router. The driver on UBCD4WIN may not be ideal. I would need to rebuild the ISO with a changed driver to see if that would help.
 
(I really regret that the UBCD4WIN project has died, and even the forum has turned off. It was a neat project that I used often to fix problems, although it has limitations to XP to some extent.)
 
I have a suspicion that security updates that have been added are interfering with the wifi radio. I read some comments that some get relief from a small USB wifi dongle when the radio fails in a Mac or Windows computer. Therefore, I finally ordered a cheap small dongle to try.
 
I am trying to avoid getting egg on my face with this rescue project. I am sorry I volunteered to get it going again. It is a nice Centrino laptop that has a small drive and limited memory.
 
Cheers

Read other 1 answers
RELEVANCY SCORE 51.6

i use trend micro anti virus, just started using registryprot(i love it), and im reading up on spywareblaster right now (looks intresting)... what do you use? what do you suggest as the best & whats it the best at spyware, anti virus, preventing installation / spreading of infection / etc.
 

A:Preventing infection ... what do you use?

Read other 16 answers
RELEVANCY SCORE 51.2

Hello all. 
 
First, let me say thank you for what you all do! Second, I'm sorry if the description of the problem is not ideal. I'm helping my mother in-law and I wasn't around when this started. 
 
She texted me saying she got a pop up on her machine saying along these lines "Windows Firewall Infected..BSOD....." I told her I would be home in a bit and would call her. Well she decided she would save me the trouble and call the 1-800 number that the pop up displayed.... Yup....I'm banging my head on the desk. 
 
She said some guy dialed into the PC and started a scan. My father in-law told her that this probably wasn't a good idea and told her she should hang up.
 
By the time I got to the PC there was some remote support session in progress that I killed. Firefox was now the default browser and homepage was Rescue by LogMeIn. 
 
Now AVG won't run so I'm assuming something is preventing it from running. Ran Malwarebit Anti-Malware and it didn't detect any threats? 
 
So I'm following the instructions you provided. Ran the Farbar tool and FRST log in below and the Addition file is attached. 
 
Again, THANK YOU!!!! 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by Rita Bailey (administrator) on RITABAILEY (14-09-2015 21:10:12)
Running from C:\Users\Rita Bailey\Downloads
Loaded Profiles: Rita Bailey (Available Profiles: Rita Bailey)
Platform: Windows 7 Professional Servic... Read more

A:Infection Preventing AVG From Running

Looks like the Addition file didn't attach to my original post. Sorry about that. 

Read other 16 answers
RELEVANCY SCORE 50.4

Please help! An unknown infection is preventing programs from running on my PC; ie: Malwarebytes, etc.
Windows 7 64bit OS.
Thanks for any help with this dibilitating problem.
L J Mac

A:PC infection preventing programs from running

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it. If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

Read other 6 answers
RELEVANCY SCORE 50.4

My computer has been repeatedly infected by something calling itself Antimalware Doctor, a nasty piece of malware which effectively renders the computer unusable until I have restored it to a pre-infection state using an Acronis boot CD and a backup stored on an external drive. The fix is not hard, but it is time consuming.

The computer gets infected when we watch a TV show on this web site:

hxxp://wowpinoytv.blogspot.com/2011/04/mara-clara-april-15-2011.html

I'm sure the conservative advice would be to avoid the web site, but it is a ripper of a show!

The computer runs WinXP pro SP3, and has AVG free installed, along with Spybot S&D. Spybot will find the infection once it is there, and if I kill the process associated with it (k70ccreloc.exe), it seems to remove it. But after a short pause it comes back and reaks havoc, corrupting files, killing the network and so on. AVG doesn't seem to notice anything is wrong.

I am curious as to how the malware is getting on to the computer. Nothing is happening, except at TV show is playing in a Browser (Firefox - current version). No ads are being clicked, the mouse is not rolling over anything. The show is playing, and suddenly the Antimalware Doctor window opens up.

I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.

With many thanks

MCart

A:Preventing infection by Antimalware Doctor

Please do not post active links to malware or possible malware related sites to include links which may lead to sites where infections have been contracted and spread. I have disabled the one(s) you posted so others do not accidentally click on them.I am curious as to how the malware is getting on to the computer.Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered def... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

A:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Read other 2 answers
RELEVANCY SCORE 50

Greetings everyone. Thanks in advance for any help!

Our PC has been showing erratic behavior, including problems booting up. MBAM is detecting svchost.exe attempting to regularly hit various IP addresses. Re-booting after the MBAM check does not fix the problem.

Here are the specs on the machine:
Dell XPS L502X
Intel Core i5-2410M
6 GB RAM
64 bit system
Windows 7

Here is our MBAM log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zeynep :: ZEYNEP-PC [administrator]

Protection: Enabled

2/3/2012 9:33:52 AM
mbam-log-2012-02-03 (09-33-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211123
Time elapsed: 15 minute(s),

Memory Processes Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> 7956 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 7964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 

A:Trojan infection preventing boot (scvhost.exe)

Read other 16 answers
RELEVANCY SCORE 50

Link to original topic:Original postProblem Description: Was trying to access Gmail and getting an error that cookies were not enabled. I tried the suggested fixes but it didn't work. Finally, concluded that a virus might be the issue. I ran malwarebytes (Quick Scan) and it found a trojan which it quaranteened. Since it found something on quick scan, I then decided to run a full scan. Six minutes into that scan, the computer rebooted and since then, I can't run any programs. What happens is that when I double click on a program, the cursor will show busy for 5-10 seconds, but the program won't load. I booted into safe mode and I still could not run any programs (cursor would show busy for a few seconds but nothing would load). I was able to restore the computer to a point about a week ago, but problem continues after restore. I have tried other restore points but none of the other restore will complete successfully. My operating system is Win 7 home premium. Computer is Dell studio XPSWhat I have done so far: As suggested I have reviewed the prep guide. I cannot post the DDS logs because the program won't run. I downloaded DDS tool to a flash drive from a working computer and copied it to the desktop of the infected computer. When I double click on DDS tool, the cursor shows busy for 5-10 seconds, but the program does not run (similar to any other program I try to run). I tried running it in safe mode and it fails in safe mode as well.

A:Windows 7 - Infection preventing programs from running

tds1, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button but use the button instead.
In the upp... Read more

Read other 3 answers
RELEVANCY SCORE 50

XP Pro SP3 System Intel P4 using Avast AV and Commodo FW
When booted into Normal Mode desktop is displayed but most things just do not run or just hangs. i.e. click a desktop shortcut or run program from desktop or right click My Computer properties. Task manager shows task in list but nothing displays and machine just basically bogs down. No particular task in process list shows any excessive cpu usage. System has to be forcibly powered down to recover.
If system is booted into Safe Mode all apparently works OK.
Actions tried so far:-
Malwarebytes Scan - nothing found
Avast Quick Scan - nothing found
File asscociations fixed
CCleaner clean up
XP3 Pro SP3 Repair install performed
Dowmloaded suggested tools as per Preparation Guide.
DDS script will not run (even when script allowed by FW) - the usual command window is not displayed.
Not tried GMER yet - suspect it too will not run.
Running in Safe Mode for now!

A:Unknown Infection preventing normal mode use

Update to my original post:-

Defogger had been run.
Memory has been checked ok with MS and Memtest utils.
Disk drive has been checked ok
Device Manager list looks ok - nothing flagged.
Usual h/w checks performed - cables, dirt, cpu, northbridge, temps etc. -all ok.
MS System File Checker does not flag up any problems.

Eventually got DDS and GMER to run in Normal Mode by killing off both AV and FW apps.
Relevent DDS and GMER logs are now below and attached.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by jr at 21:00:21 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1600 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\... Read more

Read other 11 answers
RELEVANCY SCORE 50

Help please! On or about April 17 I apparently became "infected" with something that I cannot identify. Anti-virus programs are not finding anything, nor did Spybot, but I suspect that the file c:\windows\fonts\unwise_.exe may be involved somehow. Since that date, computer has been excruciatingly slow, and IE will not store anything in the browser cache (every web page is completely re-loaded on each visit - nothing restored from the cache).

I was told that this is the place to go for help with this sort of problem, so I really hope that you guys and/or ladies can be of assistance, thank you!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 21:31:35.12 on Thu 04/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.53 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EMS Free Surfer Companion\fs30.exe
C:\Program Files\Jav... Read more

A:unidentifiable "infection" preventing browser from caching anything

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 50

The laptop won't connect to the Internet (it connects to the notwork, but wont connect to the Internet). I did a malwarebytes scan and it had 21 infections, and I "fixed" them all with malwarebytes, but it still won't connect to the Internet.

I know it's not a network issue or anything on my end, because I have 4 other computers and my cellphone all hooked to the same Internet and none of them are having issues.

Here's my hijack this log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:30 PM, on 3/18/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 ... Read more

Read other answers
RELEVANCY SCORE 50

It appears that my desktop PC is infected with some malware/virus which is preventing my malware diagnostic/cleaning tools from running. When I try to run MBAM or Spybot, I get the Windows message "Windows cannot access the specified device, path of file. You may not have the appropriate permission to access the item". When I run Avira, it goes all the way through a full system scan, identifies about 13 infections (including ZLOB etc), then just crashes.

I've tried booting in safe mode then running the tools, but I get the same result.

I've also been getting inconsistent boot-up, the occasional blue/black screen and sometimes the PC won't boot at all unless I power off and on again (sometimes twice!!).

I followed the Preparation Guide, downloaded DDS, but when I tried to run it, it just sat there, cursor blinking but no reports, even after 15 minutes. I also downloaded RootRepeal and tried to run it, but it also crashed immediately.

I would greatly appreciate your expert help with this.
Hazmat99

A:Infection preventing malware tools from running

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 3 answers
RELEVANCY SCORE 50

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420
Run by debbie at 8:10:13 on 2014-12-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4044.1411 [GMT 11:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Fil... Read more

A:Previous crypto infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559636 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 51 answers
RELEVANCY SCORE 50

I got infected with Sality-I, and I'm pretty sure that I've removed it. However, I'm not 100% sure, so I'm posting here.This is what I've used:PC Tools Antivirus: This was the main tool I used to clean my infected EXEs (it was the Sality variant that spreads by appending its own code to as many executable as it can find.) However, it was unable to remove some of the core files of the virus. One was "C:\Windows\System32\wmimgr32.dll", also appearing in SysWOW64, which I deleted by using Process Explorer, killing all the programs that used this DLL, and then deleting it. I also had to remove several registry keys to a DLL claiming to be part of Windows "Offline Files", but the DLL didn't verify as actually being by Microsoft (a dead giveaway), and so deleting it has stopped further infections.After all this, I used the following utilites:PC Tools Antivirus: Comes up cleanSpybot Search and Destroy: Comes up cleanMalwarebytes' Anti-Malware: Comes up cleanThese are all very good signs, but considering how nasty this virus was, and that it reportedly has backdoor and keylogging abilities, I want to make absolutely sure it and any other Trojan/Virus are gone. What follows is a HijackThis log, made with the newest version:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:34:58 PM, on 8/15/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Program Files (x8... Read more

A:Previous Sailty Infection

Hello, koiulpoi.Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.DANGER!!!One was "C:\Windows\System32\wmimgr32.dll", also appearing in SysWOW64, which I deleted by using Process Explorer, killing all the programs that used this DLL, and then deleting it. I also had to remove several registry keys to a DLL claiming to be part of Windows "Offlin... Read more

Read other 7 answers
RELEVANCY SCORE 50

Hi,I was previously infected with an unknown virus. NOD32 caught a couple things, but wasn't able to remove anything. With some work, I got Malwarebytes to run, and it cleaned up, but my problem persisted (popups, etc). I finally cleaned out my Temp folder and the Run registry keys and everything seems peachy... except that I think there is still something left of the infection.Edit: I should mention that while I don't know exactly what infection I had, the popup ads and the desktop wallpaper were advertising a program called "Windows XP Antivirus 2009". This is all gone now, though.For some reason, when I boot, the normal Windows XP Silver theme is applied, but then after a few minutes it reverts to Windows Classic (all boxy and gray). The titles of window bars are still silver though, even though the text color is white (not black).Please take a look and see if you can find anything peculiar. Thanks!--------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:56:06 PM, on 3/6/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32�... Read more

A:Remnants of previous infection

never mind, I reformatted

Read other 2 answers
RELEVANCY SCORE 50

After cleaning my horribly infected computer. I was left with no sound, an empty device manager, no network connections, and more than 5 IExplorer.exe processes running at a time. All at once my computer became less functionable, after cleaning spyware, I tried to fix the device manager problem by checking My Computer/ Manager/ Services. Plug n Play was disabled along with other services I needed in my msconfig. I set plug n play along with any other services I recognized as automatic and my device manager appeared with everything intact except for sound drivers. I tried to update the Unknown Multimedia Controller using the cd that came with my card. The unknown multimedia controller did not recognize my cd. So I installed the drivers directly from my cd. As a result I ended up with my regular sound drivers, and still an unknown multimedia device! To make it worse, sound still did not work. A total of 3 issues, and I have no idea where to start. Id be greatful if anyone could help.

A:Help recovering from previous infection

sounds like the best thing to do is to re-format and do a fresh install of xp. just too many issues.

Read other 1 answers
RELEVANCY SCORE 49.6

Hello, I am writing for help on solving an issue on my friends computer. He must have downloaded a single bug which hijacked his internet and began downloading multiple viruses/malware. I was able to remove a good number of them with the a squared free scanner, but my problem is that when I read all the suggestion guides and forums people were asking for HJT logs and HJF logs. I have had minor success with this and many 'cleaner' programs listed, because I am pretty sure the bug is preventing these tools from scanning and identifying all the appropriate files. I have downloaded almost every single tool onto the laptop I am typing from, renamed, copied to a flash drive and then copied to the infected system, yet the infection still continues to identify these programs and kill them before I am able to see the GUI load up, or the scan to complete (or even get close, the bugs seem to squash these programs in their tracks as soon as an infected file is identified and attempted to be deep scanned. I am trying normal scans right now as was suggested in the 'read first' post.I have tried deleting the offending reg keys and files with no real success. the programs tell me that the files and keys have been removed yet the infected files are still hiding and are definitely still doing their dirty work.Since I was unable to produce an HJT or HJF log, and your guide said not t until asked for one I am just going to post the names and locations of identified files discovered by a squared.... Read more

A:multiple trojan infection preventing log tools from running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

A:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 15 answers
RELEVANCY SCORE 49.6

Symptoms: When trying to run Avast Home Edition Database/Program Updates, the first error indicated that the RPC communication failed. After following directions at http://www.avast.com/eng/fag-red-circle.html a new error 501 was received which indicated that the server proxy was incorrect?review of server proxy settings were not wrong?threads on Avast about error indicated that the program needed to be reinstalled?reinstall attempted, but would not run? the program install just halted; also noticed after rebooting that it took an usually long time to open the login box; and when using Internet Explorer to continue research it was hijacked?this made me suspect a rootkit program?so I downloaded several anti-rootkit programs (i.e. AVG Antirootkit 1.1, F-Secure BlackLight 2.2, Sophos Anti-Rootkit 1.2, and ASWar) from their respective sites onto a USB memory stick; booted up in Safe Mode with Networking and tried to run them starting with the ASWar.exe, but none would run. Next, after rebooting I tried following directions at http://www.bleepingcomputer.com/virus/viru...e-security-tool where rkill is run, then mbam-setup.exe, then launched from a new copy of the Malwarebytes? core executable. When rkill was run, the program appeared to run but ended without any notes; however, when Malwarebytes? was run the program halted before I could hardly click on the Update tab or the Scan button in both Normal and Safe Mode with Networking. At this point, I am stuck and need your help ... Read more

A:Infection Preventing Avast/Anti-Rootkit Installations

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 4 answers
RELEVANCY SCORE 49.6

Hi, I recently had spyware on my computer. I've used Malware Bytes for awhile now so I ran a full scan of my computer overnight, and the next morning cleaned the infections. When I restarted my computer it got stuck in an infinite boot loop. I repaired windows and now my computer is fine, but my Firefox google search is hijacked to go to something like search.search-go.net.

Also, I am having trouble with programs connecting to the internet. My internet works fine, but is a little sluggish. For example, I use World of Warcraft and when I start the launcher, it won't connect to the news server, but the game runs fine. I also have a program called Curse that needs to connect to the internet but can't establish a connection. I have a few other programs that use updaters, but fail to connect to the internet.

I know its the spyware preventing these programs access. Help?
-Thanks

A:Ghost infection preventing programs from accessing the internet

Alrighty, so the virus finally revealed itself as Antivirus IS. The problem is, I can barely run any programs now. Malware Bytes won't run, even if i rename it. It just says its infected and asks if I want to run my antispyware

Read other 1 answers
RELEVANCY SCORE 49.6

I think I have a virus infection,Symantec scan in safe mode found the following viruses W32.Virut.CF, W32.Virut.H and InfoStealer and quarantined them successfully.Nothing seems to be wrong with the system, except I cannot access any of the antivirus sites like www.symantec.com, www.free-avg.com etc.So suspect something is still wrong. Ran sdfix.exe in safe mode and it threw errors running Regsvr32.exe and terminated them but proceeded to complete the scan. Post which still not able to access the above mentioned sites.Then tried following instructions in http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/The DDS log follows. Replaced a single string involving company details.DDS (Ver_09-07-30.01) - NTFSx86 Run by Pradeepkumar.T at 13:23:34.08 on Thu 09/24/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1342 [GMT 5.5:30]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\... Read more

A:Unknown Infection preventing access to antivirus sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Hi:
 
windows 7 64-bit system
 
I haven't run a virus scan of my computer for some time.  After allowing my nephew to use my computer for several weeks, I decided I'd better run a scan so I attempted to run my 2013 Kaspersky Pure 3.0 program to check for viruses this afternoon.
 
It started to run, then went to a blue screen before going to a black screen before rebooting.  I attempted to run the scan three times with the same results.
 
I can surf the net as long as I don't attempt to go anywhere that allows me to update drivers and/or virus/malware protection.  When I visit any virus or malware site, I get the blue screen to black screen and my computer reboots.
 
I contacted Kasperky support.  They wanted me to create a System State Report.  Once it runs, I'm to click on Finish, then View Report, then Save Report.  The report will run.  I click finish, but it won't allow me to view the report so I can't save the report or send it to Kaspersky.
 
When I attempted to update the Adobe Flash Player, the same thing.  Blue screen to black screen and reboot.
 
I attempted to manually update my Kaspersky,  It failed to update giving me the following error message;  Task failed.  Cannot create folder.
 
Hoping for help.  Thanks.
 
*edit*  Now can't open any browsers.  I'm on wireless internet and tried to disconnect the computer and it wouldn't let me.  I had to t... Read more

A:Probable Infection Preventing Virus/Malware Programs

I am replying to this topic in order to update.  I definitely seem to be infected with something.  My virus protection is corrupted.  I had Iobit Advanced System Care 7 with it's Malware Protection.  It seems to have been turned off and/or become corrupted.  Both programs say they are working, but they're not.  I tried to boot from a Kaspersky rescue disk, it said the databases were corrupted.  I've tried to turn on Windows firewall, but it won't let me.  I tried to install BitDefender and received an error message indicating that it can't install the drivers, try again, which I did with the same results.  Unfortunately whatever is going on is preventing me from performing a screen capture or copying the message to my PAINT program so that it can be attached to this post.  My .32 dlls, etc are also becoming involved.  I ran a couple of the Malware programs, AdwCleaner and SuperAnti Spyware...they each found a few things which I had them remove but as soon as I rebooted they were back.  Again, things moved to quickly for me to try to write down what the items were and I couldn't use the screen capture.  I finally turned off my computer because it was only getting worse, not to mention there was no antivirus protection or firewall running.  I patiently await help.  

Read other 6 answers
RELEVANCY SCORE 49.6

I obviously have a deep infection. After numerous attempts at scans and fixes by numerous programs, still no luck. I have a thread going in one of the other forums here, and I was advised by one of the techs to move it to this forum for more in depth assistance. To save typing, I will post the link to that thread, so you can see my symptoms and everything that has been tried as well as log files. http://www.bleepingcomputer.com/forums/topic364026.html

I have also attached a copy of the DDS log here in this current post.
 DDS.txt   9.79KB
  0 downloads

I hope I've given you all the info you need to help. If not, I will do my best to get you what you need. Thank you for your help.

**NOTE** while typing this post, using the infected PC, I received the blue screen of death 5 times. Wasnt doing anything but typing this. And then each time I obviously had to reboot, as soon as it got to my desktop, the blue screen shut me down again. Each blue screen mentioned the ldqgakb.sys file. You will see the full technical info in my thread posting. I had to finally boot into safe mode just to be able to type this.

A:Malware or virus infection preventing scans or fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

Read other 3 answers
RELEVANCY SCORE 49.2

Hello everyoneI have a work computer that previously was infected with Zero Access. It was cleaned by IT and I have no information how they cleaned it but I do believe they ran ComboFix. When it was returned I ran Rogue Killer to check for Zero Access traces as a learning tool and I find strange named drivers still being downloaded which to me means it may still be infected.This is a Windows 7 Professional, 32 bit computer with 2 Gb RAM and running Service Pack 1. As a sidenote, you will notice Java 6 on this computer which we cannot update to Java 7 because our time management software will only work with Java 6 for the time being.We run MSE with real-time protection turned on as well as on demand ESET, MBAM, SAS and various other utilities. Here are the DDS and Rogue Killer logs along with Attach.txtDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16686Run by bridge at 11:28:51 on 2013-10-06Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1791.991 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32... Read more

A:Previous Zero Access Infection but still with problems

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your logs.Lets see what we can find.Download correct tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===

Read other 6 answers
RELEVANCY SCORE 49.2

Hi - You helped me clear a Vundo infection a few weeks back - I've not used the PC much since but have had a couple of popups today/yesterday similar to the original infection - popups opening on their own not like normal popups whilst surfing.I've attached a HijackThis log below and run Vundofix but that didnt find anytihng. Any thoughts? Thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 12:16:02, on 16/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sstray.exeC:\Program Files\ASUS\Probe\AsusProb.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonito... Read more

A:Possible Vundo Infection Not Cleared After Previous Help

You could have a variation that hides from hijack - right click hijackthis.exe and rename it to HJT.exe

post a new log

Read other 4 answers
RELEVANCY SCORE 49.2

Several weeks ago, my virus scanner (Avira 10.0.0.567 with updated definitions) detected EXP/Pdfka.dre as part of a routine scan, which it subsequently moved into a quarantine file. Since that time, I have had recurrent auto-restarts of my computer (without any associated BSOD). These have usually occurred while browsing or when going into sleep mode. I am running Windows 7 Starter and have disabled auto-restarts on system failure. I have also noticed some system slowing over the same time period. Subsequent Avira and Malwarebytes scans have turned up negative, but I am still having problems.I'm not sure if my issues are malware-related or just Windows-related. Any assistance you could provide would be fantastic. Thanks. Logs below/attached.DDS (Ver_10-03-17.01) - NTFSx86 Run by Kulzer at 20:16:08.72 on Fri 07/16/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.152 [GMT -5:00]============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k Local... Read more

A:Previous EXP/Pdfka.dre infection, but still having problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

First off thank you in advance for you help and time.

On about the 15th I was infected with a Trojan associated with consrv.dll. Very quickly Webroot got in there and shut most of it down. After running malwarbytes a few times and manually fixing some things (Firewall/BFE) it appears as if I've beat the virus.

However, I am still, seemingly, suffering from the fallout. About 3-4 hours after booting my PC I start getting quite the slowdown. Video's give off static sounds that aren't in the original file and after awhile video will only play at slo mo speeds. It happens in both WMP and VLC. A restart will get me 30 mins - 4-5 hours of ok performance.

Any help would be appreciated!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:41 PM, on 12/29/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkI... Read more

A:Can't fix the fallout from a previous Consrv.dll infection.

Read other 11 answers
RELEVANCY SCORE 49.2

Hi There,
i was infected with win32/kryptik.GH. I can't remember if it was ESET online or AVG which picked it up. My research say say most likely will need to reformat... Aside from being slower, i now have a windows security alert, stating that my windows update is turned off... i have no way to turn it on. Tried directly from microsoft site, something is blocking it...
Your help would greatly be appreciated.
Thanks in advance.
Martin

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:25:27 on 2011-07-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.183 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\Program ... Read more

A:previous infection with win32/kryptik.GH

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410672 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

Read other 16 answers
RELEVANCY SCORE 49.2

Fixing second computer with someone else's help. Everything looks okay with the removal of vundo. Only question is concerning the java entries of extra buttons. Any problems?VundoFix V4.2.35Checking Java version...Java version is 1.4.2.3Scan started at 5:30:07 PM 3/21/2006Listing files found while scanning....C:\WINDOWS\system32\vtutq.dllC:\WINDOWS\system32\qtutv.iniC:\WINDOWS\system32\qtutv.bak1C:\WINDOWS\system32\qtutv.bak2C:\WINDOWS\system32\qtutv.ini2C:\WINDOWS\system32\qtutv.tmpC:\WINDOWS\system32\qtutv.bak1C:\WINDOWS\system32\qtutv.bak2C:\WINDOWS\system32\qtutv.tmpC:\WINDOWS\system32\qtutv.iniC:\WINDOWS\system32\qtutv.ini2C:\WINDOWS\system32\vtutq.dllC:\WINDOWS\system32\qtutv.ini2C:\WINDOWS\system32\qtutv.bak2C:\WINDOWS\system32\qtutv.tmpC:\WINDOWS\system32\qtutv.iniC:\WINDOWS\system32\qtutv.ini2C:\WINDOWS\system32\vtutq.dll Attempting to delete C:\WINDOWS\system32\vtutq.dllC:\WINDOWS\system32\vtutq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qtutv.iniC:\WINDOWS\system32\qtutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qtutv.bak1C:\WINDOWS\system32\qtutv.bak1 Has been... Read more

A:Previous Infection Of Winfixer/vundo

Hello and welcome to the forum. Good job with the Vundo infection your log is clean. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:http://boards.cexx.org/viewtopic.php?t=957http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14http://www.bleepingcomputer.com/forums/topict2520.htmlhttp://cybercoyote.org/security/not-admin.shtmlSince you have a nasty infection you should clean your System Restore files: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namYou Java program: C:\Program Files\Java\j2re1.4.2_03 <<< is very outdated and leaves you wide open to bad script. See the information in this link: http://forums.spybot.info/showthread.php?t=2559Safe surfing Thanks...pskelleyBleepingComputerIf you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.

Read other 1 answers
RELEVANCY SCORE 49.2

Hi,
 
I would be much obliged if someone could take a look at my previous post, submitted yesterday. It took me a couple of weeks to respond with the reports, so perhaps it was overlooked.

A:My previous post regarding some sort of infection

I will look here.. don't know how we got lost/http://www.bleepingcomputer.com/forums/t/576244/some-kind-of-junkware-is-mangling-my-computer/#entry3706768I will close this one.

Read other 1 answers
RELEVANCY SCORE 49.2

I can not disable sharing on my HD's and I found the error below listed a few times in my event viewer.

Product: Windows Operating System
ID: 4226
Source: Tcpip
Version: 5.2
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.

The link to this complete help file is:

http://www.microsoft.com/products/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.1.2600.5512&EvtID=4226&EvtSrc=Tcpip&FileVer=5.1.2600.5512&FileName=xpsp2res.dll&EvtType=Warning&LCID=

I was hoping someone could look at the attached files and let me know if it looks normal..

Thanks in advance.

Conan

A:System Security from previous infection?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 5 answers
RELEVANCY SCORE 48.8

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

A:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 18 answers
RELEVANCY SCORE 48.8

Like others you have successfully helped, I too have a laptop with a nasty infection that is preventing me from accessing anti-virus/anti-malware sites. I have read some of the other posts and started the process of running combofix and hijackthis. Here are the log files for each. Awaiting further instructions. Thanks in advance.

ComboFix 09-11-25.01 - Zeny 11/25/2009 16:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.217 [GMT 7:00]
Running from: c:\documents and settings\Zeny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zeny\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1424024376-433878387-890889717-1003
c:\recycler\S-1-5-21-507921405-1563985344-854245398-1003

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 21:44 . 2003-05-22 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-03 08:15 . 2004-09-09 05:32 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-A... Read more

A:Nasty Infection preventing access to anit-virus sites

Can someone delete this thread. I did not post the results in the proper order and I have created a new thread.

Thank you.

Read other 1 answers
RELEVANCY SCORE 48.8

Hi guys,

I had a virus infection and have managed to get my system back to work, without having to re-install the Windows 7 and all applications.

But I want to be on the safe side and would like to enlist you help in confirming that it's all ship-shape again.

Please let me know if you could assist.

Thanks very much.

A:Can you please check if I removed my previous infection completely?

What issues/symptoms of infection did you have?
What actions (security tools, scans) did you take to remove the infection?

Read other 5 answers
RELEVANCY SCORE 48.8

Thanks in advance for your assistance. I believe I am experiencing some kind of malware. I recently received a buffer overflow error through my McAfee protection and ever since then have had a heck of a time bringing up web pages on IE (2-3 minutes) immediately after I boot up. After that the web pages load more quickly. I've also had a rash of talking banner ads "Congratulations you've just won a Nintendo Wii...", and "You've just won a Wal Mart gift card...". I have run Spy-Bot, Ad-aware, Malwarebytes' Anti-Malware, and SuperAnti Spyware already. A couple of addtional pieces of information that may or may not be relevant... (1.) A while back I was infected by the Anti-Virus 2009 malware (Brastk.exe?) and am under the impression it was removed entirely. I note a Karna.dat entry in my log, so perhaps I have a remnant? Also (2.) A process that is accessing mst120.dll from my Windows/System32 directory seems to be fairly active and from what I read that .dll file could be associated with a worm but I'm not experienced enough to know whether that is a problem. My Hijack this log follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:56:57 PM, on 11/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system... Read more

A:Previous Brastk.exe infection/Now very slow at startup

Hi Brennan,I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:Please open this page in your browser:http://www.bleepingcomputer.com/submit-mal....php?channel=32Fill in the link to topic field with a link to this topicCopy/paste the following into the Browse to the file you want to submit field:C:\WINDOWS\system32\mst120.dllThen press Send File, this will upload the file for analysis------------------------------------------------------------------------Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply------------------------------------------------------------------------Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.

Read other 9 answers
RELEVANCY SCORE 48.8

I have an HP Pavilion, The following is straight from System Properties: Intel? Celeron ? D CPU 3.33GHz, 1.93 GB of RAMMy computer is not quite a year old and was running at 100% CPU all the time - even when no programs were running. Boot up - 100% CPU. So I did a 'soft' system restore which didn't help. I then did a destructive system restore and one by one re-loaded my software. Ran great for about a week. Then it was back up to 100% CPU constantly and AVG reported the Trojan horse Downloader.VB.AXO, twice. It was first found in C:\Program Files\music_now\inetchk.exe (on the Feb 3rd), and again on Feb 8 in C:\System Volume Information\_restore{00EEFF988-5705-4D9A-BA78-7681A60AFB54}\RP15\A0001881.EXE. AVG deleted the files.I then googled the virus and found your site. I did some more research and have since ditched AVG and am now using Avast. I've known about Hijack this and have run it, but never know what to do with the results. When I saw I could receive help, I followed all the steps in the preparation guide. I ran 2 of the 3 online malware detectors. Avast reported the WIN32.CTX Virus/Worm when downloading the ActiveX control for Panda AnitVirus. I installed the Sygate Firewall. All scans come out clean. Most scans took from 15-24 hours to run, so I"ve been at it a week now. The computer is running better, but still 'clogs up'. Any help on the Hijack log, below, is appreciated.Thanks,JanP.S. When AVG reporte... Read more

A:Previous Infection Of Trojan Horse Downloader.vb.axo

Hello Jan,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 48.8

Boss's daughters laptop once again exhibiting slow web browsing as described by her. She ran Malwarebytes Anti Malware and removed 19 items -most seemed to be vundo. just wanting someone to take a peek at the dds to see if there are any other issues before she takes the laptop with her back to California.

Thanks for any help you can provide.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Jillian Oberlander at 18:58:20.29 on Fri 06/26/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.16 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Apoint2K\Apoint.exe... Read more

A:Slow web browsing - Previous Vundo infection

Hello J Kopp, She still has some infections on this computer. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.******************We will run ComboFix. You sh... Read more

Read other 21 answers
RELEVANCY SCORE 48.8

Hello. Earlier this year my XP machine had some issues and it looks like they're back? Yesterday I clicked on something at huffingtonpost.com and that darn XP security scan started again. This was happening alot in April and Blade81 helped me clean it up. I immediately ran malware bytes anti malware full scan and nothing was found. Then I ran Super Antispyware and some usual adware tracking cookies appeared so I removed those. I also ran my virus scan (Avira) and nothing was found. Is this thing gone or could it be buried somewhere ready to pounce again soon?

Also, is there no way to find ALL of my topics and posts? I went there first because I could not remember the name of this darn thing and I only got to choose from about 5 of my most recent posts and topics? just wondering also if there's a way to look at all of them.

Thanks again.

A:"XP security" scans - previous infection is back?

Hello..Please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Also, is there no way to find ALL of my topics and posts?Left click on your nickname,in the drop down menu select "Find members Posts or Topics"

Read other 19 answers
RELEVANCY SCORE 48.4

My desktop Pentium4 3.6Ghz with 3Gb ram on Win xp slows down. A major problem was a conflict between Microsoft Net software and ATI Catalyst control centre  -  which i have deleted and am just running with the ATI drivers. The software is up to date (win, explorer, adobe, quicktime all done recently), the disk cleaned and defragmented with plenty of space remaining. From some remnants in start-up and explorer I think I had wareout at some time. I've changed from AVG free to Avast and from Adawre to Spybot S&D. Avast/AVG found nothin, Adware found nothing but Spybot found a raft that helped immensely when cleaned. However if I run Spybot after no activity its finding between 60 & 80 changes - all low risk. I suspect there is still something untowards. Can anyone help me to check please.

A:Computer slows, previous wareout infection not cleared?

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 9 answers
RELEVANCY SCORE 48.4

Some files are still attached or hidden by the Spyware Process Detector that started the problem.
I can't install, uninstall, repair or change these programs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Home at 22:33:09 on 2014-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.2347 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k ... Read more

A:dds.txt scan for previous spyware process detector infection

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 44 answers
RELEVANCY SCORE 48

According to my ISP I should be achieving download speeds of 13 Mp/sec. Not the greatest, but adequate for our purposes. We have 4 computers (an old XP tower wired directly to our modem/router, a Windows 7 laptop, a Windows 10 laptop and a Windows 7 tower) and an iPad. Everything but the XP tower is wireless.

After the recent problems I had with the W10 laptop I figured it was time I had a W10 disk, but I can't ever seem to get it to complete. It's a 4.1GB file, that I got from here Windows 10 ISO Download - Windows 10 Forums, but no matter which browser or computer I use, it always fails.

When I turn off the wireless on my modem/router and run a speed test on the old XP tower I pretty much get that 13 Mb/sec download speed. When I turn the Wi-Fi on I'm lucky if I don't get a 'Latency Test Error' msg. If it does complete I get a DL speed of around 2.0 Mp/sec. When I actually try to download that ISO file (as I am now for about the 6th time), it'll start out giving me a rate of about 500 Kb/sec and telling me that it'll complete in just a few hours. But as time goes by the rate drops and drops and drops, and the estimated time to complete is soon up over a day. Right now Firefox is telling that it'll take 22 hours to complete at a rate of 39.7 Kb/sec. I know it won't complete.

We've got way too much going on with ipads and laptops for me to turn off the wireless for the amount of time this'll take to download.

Are my wireless devices causing m... Read more

Read other answers
RELEVANCY SCORE 48

The headers doesn't really explain what I need but I am at a loss for words here. What I really want to know is if there is a way to know how many people are connected on my network at the same time?

My PC is wired but the other 2 computers are running wireless. At some points, my browser crawls to a dial-up speed and I don't know if this is because someone else is running on my wireless network or not.

My thing really is not to see if I can make the intruders go away but more so if I can learn to see who is logged in at the time to start checking from there and make the necessary adjustments.

Thanks

A:Preventing Hackers on my Wireless Network

What sort of password protection do you have WPA or WEP.

WPA is more secure because its much harder to crack. since it is made from a mixture of words and numbers, hackers would need a very long time to crack your network. WEP Is just numbers, you cant guess them , but in my opinion is easy to crack.

Also have a look at this Cnet Article

Hope this Helps

Read other 2 answers
RELEVANCY SCORE 48

According to my ISP I should be achieving download speeds of 12 Mp/sec. We have 4 computers (an old XP tower wired directly to our modem/router, a Windows 7 laptop, a Windows 10 laptop and a Windows 7 tower) and an iPad. Everything but the XP tower is wireless.

After the recent problems I had with the W10 laptop I figured it was time I had a W10 disk, but I can't ever seem to get it to complete. It's a 4.1GB file, but no matter which browser or computer I use it always fails.

When I turn off the wireless on my modem/router and run a speed test on the old XP tower I pretty much get that 13 Mb/sec download speed. When I turn the Wi-Fi on I'm lucky if I don't get a 'Latency Test Error' msg. If it does complete I get a DL speed of around 2.0 Mp/sec. When I actually try to download that ISO file (as I am now for about the 6th time), it'll start out giving me a rate of about 500 Kb/sec and telling me that it'll complete in just a few hours. But as time goes by the rate drops and drops and drops, and the estimated time to complete is soon up over a day. Right now Firefox is telling that it'll take 22 hours to complete at a rate of 39.7 Kb/sec. I know it won't complete.

We've got way too much going on with ipads and laptops for me to turn of the wireless for the amount of time this'll take to download.
What is another solution?

A:Wireless Connections Preventing ISO Download

Originally Posted by boweasel


According to my ISP I should be achieving download speeds of 12 Mp/sec. We have 4 computers (an old XP tower wired directly to our modem/router, a Windows 7 laptop, a Windows 10 laptop and a Windows 7 tower) and an iPad. Everything but the XP tower is wireless.

After the recent problems I had with the W10 laptop I figured it was time I had a W10 disk, but I can't ever seem to get it to complete. It's a 4.1GB file, but no matter which browser or computer I use it always fails.

When I turn off the wireless on my modem/router and run a speed test on the old XP tower I pretty much get that 13 Mb/sec download speed. When I turn the Wi-Fi on I'm lucky if I don't get a 'Latency Test Error' msg. If it does complete I get a DL speed of around 2.0 Mp/sec. When I actually try to download that ISO file (as I am now for about the 6th time), it'll start out giving me a rate of about 500 Kb/sec and telling me that it'll complete in just a few hours. But as time goes by the rate drops and drops and drops, and the estimated time to complete is soon up over a day. Right now Firefox is telling that it'll take 22 hours to complete at a rate of 39.7 Kb/sec. I know it won't complete.

We've got way too much going on with ipads and laptops for me to turn of the wireless for the amount of time this'll take to download.
What is another solution?



Since you have the WinXP computer using an Ethernet port on the Router via a ca... Read more

Read other 0 answers
RELEVANCY SCORE 47.6

I recently started having redirection in Googles searches (to infomash.com, etc). Spybot saw nothing, Symantec Antivirus spotted the Trojan.sasfis worm. I went through removal steps per the symantec website (disable system restore, full scan, reboot, etc.) then had some problems with winlogon: Stops in Windows Logon Process System. Resolved those (I thought) using the Recoivery console and my WinXP disk.

Everything seemed to be working, for a few hours. Now I am seeing continued redirections in Google searches, but SYmantec, Spybot, and Malwarebytes Anti-Malware can't find anything to fix, other than tracking cookies.

Attached and included are my DDS and gmer logs, per the Prep guide.

Hope you can help.

Lloyd

DDS (Ver_10-11-10.01) - NTFSx86
Run by Lloyd at 23:37:04.42 on Sat 11/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2089 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.ex... Read more

A:Redirection in Google searches, previous infection with Trojan.Sasfis

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 47.6

Hi all,

Nutshell version: Anybody know of any 3rd party software available that would make it impossible for the legal minors occasionally in my care to tap into my neighbours' unsecured wireless networks, either purposely or accidentally?

Thanks in advance for any and all practical solutions that do NOT involve unsolicited lectures to/at me on my caregiving style, since it is NOT the issue.
(Such answers will be reported to forum moderators as abuse anyway.)

Backstory: I see many discussions here and elsewhere about limited/no connectivity to networks, via wireless and otherwise. My question is a little bit different - in fact is of the opposite nature.

I also see many discussions about parental control software packages (including the one built into Windows 7) that attach time limits to computer access and/or that deny access to various software/settings. Even though as the Administrator I disabled all abilities for ordinary users of my notebook to have any choices/effect on anything offered up (as a choice) to do with "WLAN", I see that ordinary users without admin rights can still log onto others' unprotected wireless networks if mine is down.

I found an extensive discussion on this topic here (http://www.dslreports.com/forum/remark,13566512) that is now FIVE years old but have not found, despite intensive searching, any 3rd party software that can be applied (as other stealth and/or parental control software would) to make access to unsecured neighbo... Read more

A:Preventing Access TO Unsecured Wireless Networks

Have you tried looking in gpedit.msc? I don't know if this will work, but look in user configuration -> administrative templates -> network -> network connections -> prohibit access to the new connection wizard, and set it to enabled.

Read other 2 answers
RELEVANCY SCORE 46.8

A friend owns an acer aspire T180 desktop unit, (running windows xp) which is hanging on the acer splash screen before windows starts booting.

I've determined that if the wireless mouse is connected to a USB port then windows won't boot. With the device removed, windows starts fine.
If you then connect the wireless mouse back up it works perfectly.

It just means you have to take out the mouse, turn on the machine and then re-connect the mouse, any ideas why this would be?

Thanks, Nick

A:[SOLVED] Why is my wireless mouse preventing windows from booting?

"Check the configuration in BIOS to see if the USB always on is enabled and ensure the boot order does not list the USB first , otherwise you could experience a hang condition on boot if there is a non-media device connected via USB, such as your wireless mouse. There is also an option to allow USB mouse / keyboard to wake the computer from sleep - unchecking this may help."

per: http://forums.lenovo.com/t5/W-Series...ot/ta-p/345767

Read other 1 answers