Over 1 million tech questions and answers.

older Dell running XP freezing, multiple threats removed I think

Q: older Dell running XP freezing, multiple threats removed I think

Hi, I am having a problem with an older Dell running XP. The owner of the computer bought Ascentive Proscan and installed it, and there is a freeze.com toolbar in the add/remove programs that I can't get rid of. I uninstalled Ascentive, as well as Symantec and Norton, and already removed around 20 threats using Malwarebytes in safe mode as Administrator. I ran the latest version of Spybot, and it removed win32.banker.fgv, and BPS Performance Center malware. I also ran CCleaner. I rebooted and ran both Spybot and Malwarebytes and its coming up with nothing, but when I log in one of the owner accounts and try to run either Spybot or Malwarebytes, it can't even make it through the scan before the computer freezes and has to be unplugged. Here is the Hijackthis log.. any help would be appreciated.

RELEVANCY SCORE 200
Preferred Solution: older Dell running XP freezing, multiple threats removed I think

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: older Dell running XP freezing, multiple threats removed I think

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER logThanks and again sorry for the delay.

Read other 2 answers
RELEVANCY SCORE 78

Hi there everyone I am so stressed. I never had a problem with viruses for like ever. But now I am pretty sure im hit. So i went and downloaded avg free right away. And the resident shield scanner kept picking up bad dlls and asking me to remove. If i dont click remove within like a second it says "AVG tried to remove but file not found" so i switched it to "auto-heal" so now its removing isntantly as it finds it. But the thing is, I think its not detecting the virus that is causing these threats. It finds theese threats every time i launch an application it says. Also onload after windows logon it throws an error saying "X dll cant be found" ill get that name for you all if it would help. But from what I've said so far anyone have an idea?

Oh the most commonly detected dll is called "pebshe.dll" There's like 60 occurances of that in my hour of using the computer.
Im using Windows XP
Firefox occasionally gets a pop up too which is real weird

Thanks very very much

A:Multiple threats removed on app open

OK, please start off by downloading SUPERantispyware from here: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE . Once installed, update the definitions and run a scan. If you have a big hard drive, run a quick scan, because the scanner isn't very fast... If you can, please post the log back here...Then run a scan with MalwareBytes, which you can get here: http://www.malwarebytes.org/mbam.php. Download the program, update it and run a scan. This has a much faster scanner so you may wish to run a full scan. Please post this log aswell (it should popup in a little text file when finished scanning)

Read other 2 answers
RELEVANCY SCORE 72.8

PC has been having lots of issues - super slow, freezing up, hanging on boot, etc. I ran MalwareBytes in safe mode and and it didn't find anything. AVG keeps popping up resident filter tracking cookie warnings. AVG removed healed all but one. It said it couldn't heal it. Here is the log:"Object name";"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVP""Detection name";"Found Adware.Generic""Object type";"registry key""SDK Type";"Core""Result";"Potentially dangerous object""Action history";"Moved to Virus vault"When I googled the object name above it came back as Virus:Win32p/Sapaq.A, but not much info on how to remove it successfully.I had another malware ?Antivirus soft? about a week ago that was detected and removed by superantispyware, and this was when I first noticed problems of running slow and locking up, but its gotten worse. Upon recommendation, I uninstalled superantispyware and installed Malwarebytes instead. It runs fine and doesn't detect anything.PC was hanging on normal boot - i ran chkdsk and it seemed to fix temporarily so I can sometimes boot normal, although when I go in safe mode it still hangs at crcdisk.sys for quite a while before it proceeds to login page. Any help greatly appreciated. I have run DDS & GMER (attached) as instructed in sticky.Here's DDS---------------... Read more

A:Multiple pop-ups for threats - PC freezing - hangs @ boot

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 8 answers
RELEVANCY SCORE 70

(Please pardon my redundancy - I have posted this to the Customer Care Board and Client Service forums - just hoping to correct what I hope was an accidental change in support policy.)
This is not a technical comment but it is a comment about Dell's Technology Support. Recently the support site for laptops, and I presume other areas though I have not checked, was revised to change its structure. In the process many items were removed notably having to do with drivers for older systems. Even if a system is past warranty that does not remove the responsibility for Dell to continue to provide the most recent (even if old) drivers especially since the cost of doing so is trivial. This is especially the case when Dell is the only source for specific drivers. A specific example is a Dell Vostro 3700 laptop which uses the embedded GPU in the CPU as well as outboard nVidia GPU; the hybrid video architecture is such that NVidia provides no driver and re-directs users to Dell's site. In the case of this specific model, most of the drivers that were present a month ago are now gone.
Dell laptops have two things going for them - good products at a good price and a great support site. This has prompted me to continue focusing upon Dell - e.g. two new 5759's in 2017, and to recommend Dell to colleagues and friends. I have had recent occasion to review some very old systems on HP's support site - all relevant drivers continue to be available. I strongly recommend that Dell c... Read more

Read other answers
RELEVANCY SCORE 67.2

I have a Dell Dimension 4700C that I purchased in 2005. Originally issued with Windows XP, the computer has been somewhat idle for the last 2 years since Microsoft support for XP ended. I am trying to put the machine back into some level of service but although the machine starts and boots up ok, after a short period of time, the whole thing freezes up. The monitor either goes blank or scrambles and the computer itself freezes up. I have connected the dimension to  a new monitor and again after a short time it blanks out while the machine freezes. At this point all I can do is hold down the power button for 10 seconds or so and the machine turns off. Then I press the power again and the computer boots up and restarts. After a few minutes or so, the whole thing freezes as before. Any ideas as to what could be causing this.
Thank you

A:Older Dell Dimension 4700C keeps freezing up.

BRUNETTO
What is the colour of the power button LED, solid green, or amber, or blinking green, or amber?Check the sequence of the four diagnostic lights on the back panel of the case.
Check the sequence of the four diagnostic lights on the back panel of the case.
Are there any 'Beeps'?The following is the Dimension 4700c owners manual and diagnostic guide:
http://downloads.dell.com/manuals/all-products/esuprt_desktop/esuprt_dimension_desktops/dimension-4700c_service%20manual_en-us.pdf
See pages 2 to 5.
Bev.

Read other 2 answers
RELEVANCY SCORE 58.8

Yea - i now have the same problem - only with this:

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-18\Control Panel\International\sShortTime
Removable: No
Notes: (type 1, length 16) "h : m m t t "

So, i'll be doing the Kaspersky online scan, and HOPE to find what Computer pro recommended and HOPING that i can find the things you talked about, and that i don't have to restore!

A:Threats are Still Not Removed

I moved you to your own topipc.Post the Kaspersky results.Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before per... Read more

Read other 1 answers
RELEVANCY SCORE 58

Please analyze this. I had the same problem as one of the users who had already been helped. I followed the same course of action as he did. Could someone please analyze my Logfile and make sure everything is alright on my PC?Logfile of HijackThis v1.99.1Scan saved at 5:35:59 PM, on 7/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exeC:\Program Files\AIM6\aim6.exeC:\Prog... Read more

A:Just Removed Threats (analyze Please)

Do not dual post! This wastes our time and causes back logs. I am locking this post because I am helping you here http://www.bleepingcomputer.com/forums/t/98231/system-alert-and-other-spywaread-warevirus-perhaps/

Read other 1 answers
RELEVANCY SCORE 58

Hello!I am using Windows 7, and I just purchased SUPERAntiSpyware Professional because, whenever I'd try to follow a result on Google, I'd be redirected to internet error pages with addresses like directdr.com. My default browser is Mozilla Firefox (though IE8 is still installed on this computer)Here is a log of the scan I finished perhaps 30 seconds ago:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/09/2009 at 03:42 PMApplication Version : 4.31.1000Core Rules Database Version : 4352Trace Rules Database Version: 2199Scan type : Quick ScanTotal Scan Time : 00:43:05Memory items scanned : 359Memory threats detected : 0Registry items scanned : 566Registry threats detected : 0File items scanned : 36015File threats detected : 11Adware.Tracking Cookie C:\Users\Catherine Blake\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Catherine Blake\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Catherine Blake\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Catherine Blake\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Catherine Blake\AppData\Roaming\Microsoft\Windows\Cookies\[email protected] Read more

A:On Restart, Certain Threats are Still Not Removed

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 37 answers
RELEVANCY SCORE 58

Hi
I'm experiencing, Browser Redirects, Multiple Chrome.Exe*32 showing up in processes , Freezing, Slow running and lack of memory.
The problem started first with a general slowing, which has been getting worse and now quite a few Not responding issues that right themselves after ten to 15 seconds. Redirects started this morning, which I thought I had got rid of trough SUPERAntispyware, however a single incident just occurred pointing to a page called WebCloud. I'm also quite distrustful of my Google page. It takes a long time to load, and there's something not quite right about the look!!! I also don't get the padlock icon on sites like Ebay, which I did before.
 
Thanks

A:Browser Redirect, Multiple Chrome.Exe, Freezing, Slow running

Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Step 4: Adware Removal Tool. Download Adware removal tool to y... Read more

Read other 31 answers
RELEVANCY SCORE 56.8

Hi, A friend reported strange behavior on his computer and has asked for my help. I know when I am over my head, so hear I am, asking for your help.OS: Windows XP SP3.1. Multiple pop-ups about various infections, could not access flash drive from Windows explorer, AntiVirus Scan app was present. Followed instructions on this site (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan) to remove AntiVirus scan.2. Downloaded and ran Super Anti Spyware. SAS found and removed ?rogue.pallidium? (this is correct spelling, no symptoms of ?Palladium Pro?)3. Ran Malwarebytes again, nothing found4. Performed ESET online scan. ESET found and removed ?JS/Exploit.pdfka.OMG.Gen Trojan?I suspect other threats remain on the machine, but I do not have the knowledge to find and clean it on my own. I will not do anything else until instructed.Thanks in advance,Brian A.P.S.Nothing has been updated since the last time this PC was infected (can?t remember exactly when). EVERYTHING is out of date.

Read other answers
RELEVANCY SCORE 56.8

I have used AVG for some time, but I recently installed superantispyware professional. I ran my test, and 1183 threats came up. AVG somehow missed all of these. When i rebooted, i had to pick a restore point, because it refuses to reboot. Of course none of the problems are fixed once i pick the restore point.

And i'm pretty sure that my computer came with xp already on it, so reinstalling doesn't even seem to be an option. I made a recovery disc after i set my computer up, it's 2 dvd's - is that my copy of an installation disc?

I usually know what's going on, but i'm lost. This computer is my livelihood, and it needs to be fully operational, glitch free.

also, it's offline, my 2ndary is used for the internet.
 

A:Solved: I removed my threats, rebooted, and my pc won't start

You don't want to go down the road of reinstalling if you can avoid it.

Don't fix the 1183 errors! Clearly some are not errors but effect your boot.

Fix only the critical ones. Quite honestly I would have dumped the product after the first misboot and simply used spybot or adaware as a source of a second opinion after AGV
 

Read other 2 answers
RELEVANCY SCORE 56.8

I dont know what happened or when. Im not having any issues with my PC but all this came up today. My malwarebytes found nothing. I CCleaned..defraged.. dusted & waxed. What is this junk? Do I have a virus or is Vista just forcing me to upgrade? "";"Locked file. Not tested., C:\Program Files (x86)\Google\CrashReports\";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\1033\EXPTOOWS.XLA";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\Library\HTML.XLAM";"Infected""";"Password-protected, C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip";"Infected""";"Locked file. Not tested., C:\ProgramData\Desktop\";"Infected""";"Locked file. Not tested., C:\ProgramData\Documents\";"Infected""";"Locked file. Not tested., C:\ProgramData\Favorites\";"Infected""";"Locked file. Not tested., C:\ProgramData\MFAData\msistorg.dat";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02598c934385f330a935bda28d42b3c0_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03432f824cd17880cacbee7982c6a378_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03e3ea7301a61d2c42e69d0dbf7f91f6_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\083c634a2c3bea98e06057470b4a945a_6d5b2038-... Read more

A:AVG detected 267 potentially dangerous threats- not all were removed.

Hello, these are "Locked" files and cannot be modified by malware. They should NOT be unlocked. If you feel the need to scan these, use the AVG Rescue CD 
You may want to disable locked files reporting I AVG so they won't report these.

Read other 5 answers
RELEVANCY SCORE 56.4

I am currently trying to fix a Dell XPS Studio 1530. It is around 1 year old, but showing signs of problems. It is freezing often, where you can't do anything. Ctr/Alt/Del does not help and eventually you have to press the start button to shut it down. I started doing a malwarebytes and Super Anti spyware scan, but it stops after about 5 min of scanning and doesn't restart. I am not able to boot into safe mode with networking. It wouldn't allow a Degrag to complete either. I was finally able to boot into just safe mode and am currently running some scans. I am unsure if it is a virus or something else going on with the laptop. I tried to do a disk check, but once the computer restarts it says disk check is complete after reboots, without looking like it completed the disk check. Any suggestions would be appreciated.

Read other answers
RELEVANCY SCORE 56.4

Windows Update unable to connect (or maybe failing altogether) at "connecting..." window.

Symatec found and could not quaratine W32.Spybot.Worm in c:\windows\VTTray.exe. Autoruns was able to stop it from executing at startup so I could delete it.

Symatic also found and could not quarantine Trojan Horse in c:\windows\system32\sfc_os.dll. By booting the command prompt from the winXP installation CD, I was able to replace the system file with a clean one (size = 140,288 bytes, version 5.1.2600.2180). I also made a copy of the malware called sfc_os.trojan, which is quaratined.

There are also a few other files in quarantine that may need to be replaced but I don't know which ones (if any). Not sure what this malware did to my registry either. All other programs seem to be working fine so far. Any help would be much appreciated.

Symantec quarantine list:
Date,Filename,Virus Name,Original Location,Status
10/25/2007 15:18,wuw.exe,W32.Spybot.Worm,C:\WINDOWS\system32\,Infected
10/25/2007 15:17,dru.exe,W32.Spybot.Worm,C:\WINDOWS\system32\,Infected
10/25/2007 15:16,TFTP1620,W32.Welchia.Worm,C:\WINDOWS\system32\,Infected
10/25/2007 15:20,Dc5.exe,Downloader.Trojan,C:\RECYCLER\S-1-5-21-299502267-1343024091-1060284298-1004\,Infected
10/25/2007 15:31,mshlpa.exe,Trojan.Packed.4,C:\WINDOWS\system32\,Infected
10/25/2007 15:23,pmm.exe,W32.Spybot.Worm,C:\WINDOWS\system32\,Infected
11/28/2005 23:44,Collections.html,AT.149,C:\Documents and Settings\Saul\My Documents\Webshots Data\... Read more

A:Threats removed/quarantined, winXP update failing

I also have to reinstall my sound card drivers after every reboot in order for it to work. Registry problems? Thank you in advance for any help.
 

Read other 2 answers
RELEVANCY SCORE 56.4

I just scanned for viruses and removed over 400 threats. Now no internet connection, even though the network drivers are still installed.

What can I do to get internet connection back?
 

Read other answers
RELEVANCY SCORE 54.4

Problems - 1. Win32/Rustock.gen! virus
2. Multiple popups with winantivirus
3. Popups saying that my computer is giving out my ip address and location.

here is my dss scan
p.s. the attachment tool not workin for me so i didnt send the extra.txt file

Deckard's System Scanner v20070603.47
Run by trappa on 2007-06-09 at 22:36:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2007-06-10 03:36:43 UTC - RP472 - Deckard's System Scanner Restore Point
80: 2007-06-10 03:18:18 UTC - RP471 - Deckard's System Scanner Restore Point
79: 2007-06-10 00:31:01 UTC - RP470 - X-Cleaner: Before removal
78: 2007-06-09 19:16:20 UTC - RP469 - Cleaned registry with Windows Live OneCare safety scanner
77: 2007-06-09 12:17:33 UTC - RP468 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-04-08 07:51:55 UTC - RP392 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as trappa.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:40:04 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:... Read more

A:Multiple threats

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 54.4

EDIT: Disregard please! I am able to get back into the other site now. Maybe their site was too busy or something for a few hours. I am not sure... but I'm back in. I guess I just panicked thinking I have something bad and that it was blocking the site. So sorry to waste anyone's time here!! That was not my intention. Please delete my posts. Thank you!

Hello, last night I was going through email when AVG went crazy and popped up that there were several trojans and viruses in email. I was viewing a community development message at the time which I find it hard to believe a virus or trojan was attached. But I suppose anything is possible. I screencapped the inital popup, and two others while trying to remove the threats, and went immediately to a forum we used once in the past (Cyber Tech Help). I posted them and got a response from a tech there on what to do next. He asked me to run CCleaner, Malwarebytes, and Hijack This, and then come post the results for him to check. Well, I am now unable to get back onto the site!! I have tried several times from both systems here and the site will not load. It's almost like I am blocked from viewing it?? I also tried a site we used years ago for an issue with one of our computers (Bleeping Computer)... I cannot access it either!

Is it possible I can instead get some help here? I understand it's not something you techy guys like to do once someone has asked for help elsewhere, but I don't know what to do! The Ma... Read more

A:Help Please With Possible Multiple Threats?

Just in case, here is the Malwarebytes that touch over at Cyber Tech Help asked me to run. But it says I have Windows 6.0 and I do not. I have Vista and I don't use IE, I use FF and Chrome.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5422

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

12/30/2010 2:21:01 PM
mbam-log-2010-12-30 (14-21-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 373726
Time elapsed: 1 hour(s), 57 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Read other 2 answers
RELEVANCY SCORE 54.4

I ran combofix and here is the log, it looks it took whatever was hogging my memory and cpu...heres the log ComboFix 10-03-06.01 - joel 03/06/2010 14:30:59.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.559 [GMT -5:00]Running from: c:\documents and settings\joel\My Documents\Downloads\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\joel\Local Settings\Application Data\{9FD43CEB-366C-4EBB-A33D-63EC9479B57F}c:\documents and settings\joel\Local Settings\Application Data\{9FD43CEB-366C-4EBB-A33D-63EC9479B57F}\chrome.manifestc:\documents and settings\joel\Local Settings\Application Data\{9FD43CEB-366C-4EBB-A33D-63EC9479B57F}\chrome\content\_cfg.jsc:\documents and settings\joel\Local Settings\Application Data\{9FD43CEB-366C-4EBB-A33D-63EC9479B57F}\chrome\content\overlay.xulc:\documents and settings\joel\Local Settings\Application Data\{9FD43CEB-366C-4EBB-A33D-63EC9479B57F}\install.rdfc:\windows\system32\hazagebi.dllc:\windows\Tasks\witdzsya.jobInfected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfe... Read more

A:Multiple Threats- Not sure

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 3 answers
RELEVANCY SCORE 54.4

i require help to clean some problems, and for the first time, i can't solve it on my own.

please advise me on where to start.

best regards.
 

A:Multiple threats

Read other 16 answers
RELEVANCY SCORE 54.4

Last November I installed a Crucial M500 960GB SSD drive, used a partition tool to copy all of the HD partitions to the SSD, changed the boot sequence to use the SSD and restarted.
Windows 8 worked fine for weeks until I removed the old 1TB HD from the system.
Apparently, Windows is looking for something during the boot and eventually times out.
All programs work correctly but can be slow to start.
With HD in place as a second drive, the system boots up within 10 seconds to use apps.
With HD removed, the system requires over a minute to boot up to use apps.
Microsoft Outlook 2010 is especially slow to start - requiring a minute with SSD vs. 3 seconds with SSD & HD.
Does anyone know how to determine what file(s) are missing or how to change the boot configuration so it stops expecting to find another HD?
 

A:Slow boot from new SSD when older HD removed

Something else is causing it to boot slow.  You did not per chance disable Prefetch & Super Prefetch?  If you did, you need to enable both of those settings.  Then it should boot into the login screen faster.

Read other 5 answers
RELEVANCY SCORE 53.6

I am getting a message with a yellow triangle stating that I have a virus named "iworm_attck_v122.02a" and a "[email protected]" pop up from IE. I was wanting some help removing these problems. I am on my work computer although. I do have the administrator password and log in. Any help would be greatly appreciated. Thanks a lot.

A:Multiple Virus Threats?

Hello bigwilly28You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download and install Ewido Anti-Malware v3.5. DO NOT perform a scan yet..Print out the Ewido Install and Scan Instructions. Go here and follow the instructions for using SmitfraudFix. After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:Quit Internet Explorer and quit any instances of Windows Explorer.Click Start, click Control Panel, and then double-click Internet Options.On the General tab, click "Delete Files" under Temporary Internet Files.In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".Click "OK".Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click "Ok" then "Apply" and "Ok".Empty the Recycle Bin by ri... Read more

Read other 9 answers
RELEVANCY SCORE 53.6

Hi there my father seems to be having a problem with his dell with windows xp laptop. Avg is always poping up saying multiple threats detected in c:\System Volume Information\Microsoft\smss.exe and c:\System Volume Information\Microsoft\services.exe. It seems to also have an effect on his volume control where it will mute the wave. There are also 2 of each of these services running in task manager so I can assume this is some type of infection that has gotten past AVG. I have included a log file from HijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 11:19:22 AM, on 7/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\System Volume Information\Microsoft\services.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\System Volume Information\Microsoft\smss.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgw... Read more

A:Avg Multiple Threats Detected

Read other 16 answers
RELEVANCY SCORE 53.2

My Security keeps complaining about Security threats but everything seems to be in working order. Have done multiple full computer scans and no kind of malware showed up. Anyone know what is up?

A:Multiple Security Threats Found

Welcome
If you did not scan with malwarebytes do so now. Make a full scan and be sure it is updated.
If you AV comes up with threats, it should, also, identify, and possibly remove.

Read other 12 answers
RELEVANCY SCORE 53.2

I read the pinned "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." I followed the instructions; however had trouble with GMER. I'm running Windows 7 64bit OS. GMER won't work with Windows 7 64 bit OS.The problem-- I did a scan with my free Avira AntiVer Personal and it detected 6 things and quarantined them.I also did a ESET scan which detect multiple threats as well and quarantine them.My computer seems to be running normally, but I'd like to make sure everything is ok. Could you please help?I do have the DDS.txt and Attatch.txt I'm also including my Avira AntiVer Personal and the ESET log files.I've subscribed to this topic FYI.Thanks in advance for your help!Avira AntiVer Scan:Avira AntiVir PersonalReport file date: Saturday, June 12, 2010 19:17Scanning for 2206493 virus strains and unwanted programs.Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows Vista 64 BitWindows version : (plain) [6.1.7600]Boot mode : Normally bootedUsername : SYSTEMComputer name : MARGEAUX-PCVersion information:BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52VBASE000.VDF ... Read more

A:Infected: Multiple Threats Detected

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run SophosPlease download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.If the scan did not start automatically, ... Read more

Read other 15 answers
RELEVANCY SCORE 53.2

Multiple threats - infected svchost exe - and moreBrowser redirections - recurring infections - attempted hijackHi guys,I would greatly appreciate some help with this.Malwarebytes has shown multiple threats (23) one week after I had used MalwareBytes to remove threats of 'HijackWindowsUpdate', 'Stolen.data', 'Spyware.Zbot', 'Backdoor.Bot', 'Adware.MyWebSearch' and others.I followed your Preparation Guide steps before posting, and got to step 7 Run DDS, but can't turn off and didn't even know I had this script blocker. I get a pop-up saying 'Symantec Script blocking has prevented a script that could be harmful to you.' The strange thing is I don't have Norton or Symantec software installed. I run AVG antivirus software. So that's the first issue.The main symptoms I can see, are my browser often redirects me to a random site on a new tab when clicking on a link. Also my PC runs slow sometimes for about 5 minutes. I have Motherboard Monitor 5 running in my system tray and it tells me the percentage use of my CPU. When I said my PC runs slow sometimes for about 5 minutes, I can see the CPU is on 100%. I don't think this is due to mulitple programs running or high demand CPU processing programs because it can happen on a google home page when nothing else is running.The othet thing I noticed this morning - when i logged in to windows XP, I saw my desktop image come up but nothing else. No icons or task bar. Just a... Read more

A:Multiple threats - infected svchost exe - and more

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 11 answers
RELEVANCY SCORE 53.2

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Hammer Family processor - Model Unknown, x86 Family 15 Model 44 Stepping 2
Processor Count: 1
RAM: 2014 Mb
Graphics Card: SiS Mirage Graphics, 32 Mb
Hard Drives: C: Total - 17547 MB, Free - 2654 MB; D: Total - 5459 MB, Free - 5419 MB; E: Total - 16198 MB, Free - 14275 MB; F: Total - 4298 MB, Free - 469 MB; G: Total - 4431 MB, Free - 1002 MB;
Motherboard: , SiS-760
Antivirus: None

It says antivirus none but I do have AVG 2012.

After AVG update on Friday, comp. kept flashing up with multiple threats. 372 quarantined. Shut down comp. Started up again yesterday, Saturday, again avg kept flashing multiple threats. As fast as these were quarantined, they seemed to keep reappearing. My windows\system32 file is full of .exe names.
Computer has slowed to a crawl so that I can't do anything. I am unable to connect to the internet now with the faulty computer, but I can get e-mail. It has taken me so long to get these tests done that you have recommended as the computer is so slow. Hope you can help. Getting desperate as this is the workhorse computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:05, on 20/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2... Read more

A:AVG showing multiple threats - am I infected

Read other 16 answers
RELEVANCY SCORE 53.2

My computer is facing a major attack and it is going super slow. I have tried every single method used(Malwarebytes AM, Norton Internet Security, Super Anti-Spyware, Goored,CC Clean, ATF Cleaner,Smitfraud) but I am not able to break free from them. I have recently uninstalled Norton and installed AVG Anti-Virus and it is effective in finding the threat. Packed.Rolex and (SKYNET)Injector.EH seem to be the major threats. "SKYNET" Keeps multiplying and my computer's CPU is being used at it's max. Please help!

A:My Computer is being attacked by multiple threats!

If none of the tools you have used thus far are working, that means either malware or another security program is probably interfering with the fix. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation.Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief descri... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

Hi All,

My name is John August and I'm from the Philippines. I'm not sure if I'm am making this post correctly, but do advice me of my mistake.

Anyway I am using an HP 2133 Mini with a Windows XP SP2 (already updated to SP3), I used to run an AVG8.5 Antivirus. We are using a LAN in our office. My PC was free from viruses until someone plugged in a flash drive without scanning it and it infected my PC with Trojan.Win32.FlyStudio.II. I only noticed it when I was just staring at the screen when suddenly a window popped up with gibberish or Chinese (not really sure) so I closed it right away and disconnected from the internet, ran a scan from my AVG and it found 2 viruses (I forgot exactly which) and it was quarantined. However my after rebooting AVG warned me about infections again from the same virus. I thought I was going to need to reformat however I dont have an external CD-ROM so I had to find other ways of trying to fix the problem. I downloaded a Kaspersky Antivirus 9.0.0.459 2010 and it found alot of infections of Trojan.Win32.FlyStudio.II. That was only the beginning. After fixing the problem, yesterday Kaspersky warned me that one of the PCs connected to our network was sending me a virus, Worm.Win32.AutoIt.pl and then Trojan.Win32.Refroso.anx, and then Packed.Win32.Krap.l.

The Refroso and the Studio were deleted by Kaspersky, it also found malware HackTool.Win32.Kiser.be, however was only disinfected, and the Krap was quarantined, a file plante... Read more

A:I had multiple threats from Trojans and Worms.

Hello and welcome to Bleeping ComputerPlease subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and yo... Read more

Read other 13 answers
RELEVANCY SCORE 53.2

My computer has been hijacked by many security threats. I ran our security scan and anti-spyware scan and found the following:
Tesllar A-Trojan
WinAntispyware2007-unknown
ISM A-adware
Matcash-downloader
AVSystemcare-Rogue Security
Web Buying-adware
Matcash BG-downloader
Abetear A-Adware
ISM C-adware
SillyDi DBI-trojan
MatcashY-downloader
I do have antispyware on my computer but it is unable to delete these. I also have hijack this but I am unsure of what to delete from the log.
PLEASE HELP
Thank you in advance,
pullgrl
 

A:Multiple Security Threats Found

Read other 8 answers
RELEVANCY SCORE 52.4
A:Older Dell laptop, have lost my administrative password for a Dell inspiring 1545, can anyone help me??

If it's the powerup password, you'll need to place a voice phone call to Dell -- be prepared to verify your ownership details and with a credit card (the call post-warranty as a system this old must be, is not free of charge).

Read other 1 answers
RELEVANCY SCORE 52.4

Hi i am helping a friend with their computer and they have networm-i.virus, and Trojan-Spy.Win32. Here is the hijack this log. I have limited time at this computer so i will be here till around 2 tomorrow so anyone that can help asap would be great. I already ran smitfraudfix and that did nothing the little triangle is still there also i have two icons on the desktop, Online Security Guide and Live Safety Center that will not go away and seem to be associated with these bugs. anyway here is the hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:52 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\BestsellerAntivirus\ugcw.exe
C:\Program Files\Common Files\BestsellerAntivirus\bm.exe
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\Documents and Settings\Administrator.OFFICE\Desktop\HiJackThis.exe

R1 - HKCU\Softwar... Read more

A:Solved: HELP!!!! Multiple Threats. Networm-i.virus, and others.

Read other 10 answers
RELEVANCY SCORE 52.4

the owner of this computer ran several "fixes" including Malware Bytes before bringing it to me. The computer seems to be running ok at the moment but i want to be sure nothing is lingering. I have run Free AVG and Spybot until they come up clean. Have followed your instructions and attached are the files requested. Thanks in advance!!!Darell GDDS FILEDDS (Ver_09-12-01.01) - NTFSx86 Run by user at 12:08:56.54 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1302 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\system32\... Read more

A:multiple threats after Antivirus 2010 showed up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

actually, rather than infected, i survived the attack.

yes, i was infected, but with the use of my amateur computer knowledge, i was able to insert a live linux CD and remove the path of some malawares.

and lots of props to Grindler(http://www.bleepingcomputer.com/forums/topic405109.html/page__st__45) i was able to restore back 80% of the settings except my windows toolbar missing all the shortcuts.

i was hoping to see if you guys could check and remove the rest of the dust here.

thank you so much and i hope i haven't caused too much trouble.

**interesting notes
funny when i did get attacked, ZAcess had trouble writing down files on system32 path... it was giving me millions of errors..seems like the virus had a coding problem itself...*laugh*
only difficulty was the HDDRescue malaware which thanks to grindler i could recover most excluding the taskbar shortcut icons.

in addition, my hard disk was writing files and it was overpopulating in one file(random algorithm)instantly populating to the size of 17GB in less than a min...

and contrary to popular belief, i did not get any redirects in yahoo/google etc.

and Sirenf came up also

(i still have permission problem overall and can't delete LCD files in system32)
and that is all.

A:ZAccess/HDDRescue.AB/conserv.dll/multiple threats

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 7 answers
RELEVANCY SCORE 52.4

I am infected. Can only boot in SafeMode. Removed multiple items multiple times. Is Combo fix my next step?

EMachines, T6412, AMD Athlon 64, 3400+, 2.19 GHz, 1.37 GB of Ram, Windows XP SP2

Can only boot in Safe Mode.

Booted without Internet. And Unplugged Ethernet from computer.

Pop-ups include:

Your computer is not protected against spyware....
Internet attack attempt detected......
your computer is infected with spyware...
Your Computer is working slowly.....
Windows Security Center System Warning
full screen "Threat: CoolWebSearch"
Windows Security Center
full screen "Threat Name: TrojanDownloader.XS"

SpyBot (updated to the latest) has removed the following but they do not stay removed and I have removed them again many times. Wait 10 minutes, ran SpyBot again, they return again without rebooting.:

ClientMan
CoolWWWSearch
CoolWWWSearch.008k
CoolWWWSearch.Aff.ledll
CoolWWWSearch.AffWinshow
CoolWWWSearch.BlowSearch
CoolWWWSearch.Bootconf
CoolWWWSearch.Dreplace
CoolWWWSearch.Gonnasearch
CoolWWWSearch.Leftovers
CoolWWWSearch.SmartSearch
CoolWWWSearch.Svcinit
CoolWWWSearch.WCADW
CoolWWWSearch.WinRes
CoolWWWSearch.WinSearch
CoolWWWSearch.Yexe
Microsoft.WindowsSecurityCenter.TaskManager
Smitfraud-C.
Smitfraud-C.generic
Smitfraud-C.gp
ToolbarCC
Win32.Small.ny

Ran AVG Antivirus numerous times - Vault items. Some repeat:

Trojan horse Downloader.Purityscan.y
Trojan horse Downloader.Agent.15.A
Trojan Horse Sheur.BJSJ
Trojan horse Generic10.VYB
Trojan ho... Read more

A:I Am Infected. Can Only Boot In Safemode. Removed Multiple Items Multiple Times. Is Combo Fix My Next Step?

Please run this scan first. Combo fix may be the next alternative,but it is NOT a tool you should run without guidance. That can all be done from the HiJackThis malware removal forum. But we'll try this first.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed succ... Read more

Read other 4 answers
RELEVANCY SCORE 52.4

Forgive me - I know nothing about computers, so am probably going about this completely wrong, but I'm hoping you can guide me to a successful outcome.
I have a Dell Inspiron N411z laptop (with HDMI and usb ports) and a Dell 1703PF monitor (with DVI and vga ports).
I've tried an HDMI to vga converter, with a vga to vga cable into the monitor - didn't work.
am new to the here, I have worked with multiple firms. you can check mobile App launch video one of my work.Thank You !

Read other answers
RELEVANCY SCORE 52

Hello! Earlier today, my AVG resident shield began detecting viruses in my critical system files. What will happen, is I will get a popup, when I open anything, such as firefox, msn, a desktop folder, etc. I will get a lot of notices for winlogon.exe, services.exe, explorer.exe and so on. It says that I have a "Trojan horse Win32/PEPatch.AO" and the result is "Object is white-listed (critical/system file that should not be removed)

As of right now, nothing seems to be acting any differently, minus the ANNOYING virus popups. I did check msconfig though and noticed a new rundll file that loads at startup and is called "ivabaliko" It also shows up in the task manager as rundll32.exe

My computer is running with Windows XP.

Ran a HJT scan and this is what showed up:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:41 PM, on 4/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile De... Read more

A:AVG detecting multiple threats on critical system files.

Read other 12 answers
RELEVANCY SCORE 52

I threw the kitchen sink at this problem, and I'm not sure I really got it. It behaves normally at the moment, but I was wondering if someone else could take a look for me. At some point, like an idiot, I allowed something I truly didn't know the nature of to have administrative access to my computer. It was some sort of command line program. I looked at its location, noticed it was in my league of legends folder, figured it just was performing some sort of update as I happened to be running LoL at the moment. I then started noticing runaway google chrome process. I traced to a folder which I deleted in safe mode, which stopped that from popping up repeatedly. More recently, I started noticing a lot of dllhost.exe *32 COM Surrogate processes. Norton also periodically notified me that the COM surrogate was using a lot of memory and about how it just thwarted poweliks and adclicker. This is the point where I commenced kitchen sink lobbing; I ran Spybot, Windows Defender, Norton Power Eraser, MalwareBytes Antimalware, adwcleaner, Sophos, JRT, MSRT, probably some others I can't remember off hand and the problem still wasn't going away. I came up with several 'hits' as far as threats go. Malwarebytes noticed PUP.OptionalOutbrowse and Sophos detected a Trojan-PXO and a Troj.peeacmem-a, and even after cleaning, I still was being attacked by the army of COM Surrogates. At this point, I happened to read somewhere that dllhost.exe does not need a netw... Read more

A:multiple dllhost.exe *32, several threats detected in DIY repair attempts

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
SpyBot S&D WarningMVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this pro... Read more

Read other 10 answers
RELEVANCY SCORE 52

Hello,Somewhere in December, Kaspersky stopped updating the database, but I thought this was something temporary and probably due to poor internet connection. Having no time whatsoever to investigate further, I did not alarm until perhaps 4 days ago when I started having this error message displayed every minute or so, saying something like "xdshd.exe has encountered an error and needs to close". Kaspersky didn't pick up anything while scanning but the situation became even more weird when I tried to visit Kaspersky's site to update the database manually and Firefox said it can't find a server while all other sites I tried to visit then were ok. I got Avast, ComboFix, RegCure, Malwarebyte's Anti-Malware and Ad-Aware and they all picked up different kind of threats. After this, Kaspersky reacted too and found 71 infections + 80 or so found by Malwarebyte's + 8 (unable to fix) infections at boot scan. During these last 4 days, the computer acted in all sorts of ways:- Kaspersky kept on crashing before it ended it's scan; even in safe mode, Kaspersky never once finished scanning.- around 4 error messages at startup, 1 even before Windows logon screen- a few times windows logon was terminated by windows, while saying it's protecting the computer- both Avast and Kaspersky detected, among other infections, this certain file that could not be repaired, removed, quarantined, renamed: user32.dll- Most important: NetActivator - a program I never understood the purpose of, ins... Read more

A:Unsure what type of infection, multiple threats detected

Hello, NoStatic to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to create an OTListIt2 ReportPlease download OTListIt2 from one of the following mirrors:This is a MirrorThis is another MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedWe need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirrorThis is a Secondary mirrorThis is a Secondary mirrorClose any and all open programs, as this process may crash your computer.Un... Read more

Read other 10 answers
RELEVANCY SCORE 52

I am receiving trendmicro pc-cillin alerts of blocked attempts for the following viruses/spyware:

ADW SAHAGENT.M infected file - C:\windows\sahagent-1002.exe
SPW VT BOUNCER A infected file – C\windows\system32\ffinst.exe
ADW GAINJ infected file – C:\windows\downloaded program files\hdplugin1018.dll
ADW VITUMONDO.D infected files C\windows\system32\akcore.dll and C\windows\system32\akupd.dll

PC-Cillin & Microsoft spware scans have detected threats and cleaned them, but these keep reappearing. How can I clean them for good?
Thanks
Here’s the HijackThis log:
Logfile of HijackThis v1.99.0
Scan saved at 10:47:11 AM, on 4/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\BCMSMMSG.exe... Read more

A:Multiple spyware/virus threats detected by PC-Cillin

Read other 15 answers
RELEVANCY SCORE 52

Hello.

I have been told to post a HiJackThis log within this forum, as part of the current problem I am facing (explained in the following thread: http://www.techsupportforum.com/f112...ng-302665.html )

I'd appreciate it if anyone wouldn't mind helping me out with this, I await your reply.
____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:44, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:... Read more

A:Multiple Virus Threats - Attempted Browser Hijacking - HJT Log.

Bump.

Read other 19 answers
RELEVANCY SCORE 52

Was given a Dell Optiplex 360 that I found out after getting a nasty virus had a bootleg XP OS
I also did not have any disks with it. I had older disks for a Dell 4600 that I used to wipeout the hard drive and install the new OS. Everything works fine except that I can not load any of the drivers from the second disk, (it was a 3 disk series)
thus at least at this point not able to connect with my cable internet. Cable people told me I needed the drivers.Any suggestions or can it just not be done.
Thanks, Al
 

A:Loading Older Dell OS To Newer Dell Computer

You will have to go to the dell website look under support and then drivers and downloads for your model of computer.If you use the service tag number on the computer it will make sure you get the correct ones you need. For future reference so you wont have this hassle again burn all of the drivers to a cd so you will be all set the next time.
 

Read other 2 answers
RELEVANCY SCORE 52

I have a Dell Inspiron 1545 laptop.  Recently, I bought a Dell Ultrasharp monitor U2412M to attach to my laptop to have an ergonomic home office.   My knowledge of computers/hardware is pretty... rudimentary.  
24"1920 x 1200Nice adjustable stand1x DVI-D port, 1x display port, 1x VGA port, 1x USB 2.0 upstream port, 4x USB downstream ports
I use my computer for writing documents, internet surfing, and rarely for watching tv.  Eventually, I will buy a lighter and newer laptop, but probably not for a year or two.
I think I bought the wrong monitor....  I was hoping to buy something to use now, that will last, and that will work with any future laptop I buy.
My monitor just arrived.  I connected it to my laptop with the VGA cable (my laptop doesn't have DPI or HDMI input).  It worked, but the picture didn't look.... very good.  
It is my understanding that VGA connections are the worst quality.  Can I use an ?adapter to connect to the VGA cable to access the DVI-D port on the monitor?  Or is this the best I can get?  I'm not even sure what ?video cards are, or whether I need one of these.  
I also looked up the specs on my old laptop and it says the specs of my laptop screen are 
1366 x 768 pixel
So is this the limit of what an attached monitor can be?  

Any input appreciated.  Thanks.

Read other answers
RELEVANCY SCORE 51.2

Hello.
 
Last month, I posted a topic here about AVG detecting two medium severity infections. Unfortunately, the problem seems to have increased as now AVG has detected 50 of them, and they all seem to be related to anti-rootkit. Please help
 
Here is the link to my earlier topic if interested:-
 
http://www.bleepingcomputer.com/forums/t/505611/atapisys-and-i8042prtsys-detected-by-avg-and-return-after-reboot/
 
==
 
And this is the AVG Scan result:
 
"";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> spzu.sys +0x2042, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spzu.sys +0x213E, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spzu.sys +0x11B90, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_CREATE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_CLOSE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_READ -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_WRITE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_QUERY_INFORMATION -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IR... Read more

A:50 AVG anti-rootkit threats detected (including multiple IRP Hooks)

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   CombofixDownload ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you ar... Read more

Read other 24 answers
RELEVANCY SCORE 51.2

Hey there. I've been noticing recently that my laptop has been running rather slow no matter how much I clean it. I decided to run a scan with AVG and Malwarebytes and both came up with threats. I will post my logs from both with this post. I know the routine here as you've helped me with my moms computer in the past so I know obviousl fresh scans and tests will be required but I figure this way you can get an idea of what I'm looking at and if it's anything serious. Thanks in advance!
 

A:Computer randomly operating slow. Multiple threats found.

"Whole Computer Scan"
"High severity";"2";"2";"0"
"Notifications";"1";"0";"1"
"Scanned:";"Scan Whole Computer"
"Started:";"4/30/2015, 1:01:24 PM"
"Finished:";"4/30/2015, 1:58:21 PM"
"Number of items:";"223375"
"Launched by:";"rich"

"Name";"Description";"Status";"Status";"Priority"
"C:\Users\rich\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\46fe7f8b-72f1e4a3";"Trojan horse Exploit.Java_c.FRJ";"Secured";"Healed";"High"
"C:\Users\rich\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2cf9121f-1f62fbc3";"Trojan horse Exploit.Java_c.FRI";"Secured";"Healed";"High"
"C:\Users\rich\Downloads\iPodtoComputer_r94690.exe";"The file is signed with a broken digital signature, issued by: Cucusoft.";"Notification";"Unresolved";"Message"
 

Read other 23 answers
RELEVANCY SCORE 51.2

Hi all. I'm new to bleepingcomputer.com and I need your help. First things first, I would like to ask those who are members of the HijackThis Team or Moderators only post help related solutions to my problem. The reason for this is that I am attaching a HiJackThis log along with other bleepingcomputer required documents.

So, here's a description of some of the symptoms of my infected computer. Personal Guard 2009 was mysteriously installed on my computer without my knowledge and it is impossible to remove it with traditional software removing techniques, such as the Add/Remove Programs feature. When I browse the internet with Firefox, Internet Explorer windows pop up but they don't show a web page. They are just blank. Of course, the traditional pop up windows that appear in Firefox come standard with all viruses. I have downloaded Malwarebytes and it is blocking it from running. There is a trick that I know by renaming the program to windows trusted name that will trick the virus into letting the renamed program run. That didn't work because even though I am a computer administrator, a message appeared stating that I do not have sufficient user privileges to run "winlogon" (which is what I renamed the program Malwarebytes to). Also, I am unable to start in Safe Mode and I am unable to run msconfig.

Attached is a Word document containing a list of viruses the CA Antivirus has detected and a HiJackThis Log too.

---------------------------------------------------... Read more

A:Multiple virus threats: Personal Guard 2009 and winsc.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 16 answers
RELEVANCY SCORE 51.2

I never had a problem prior to about a week ago but lately I have been having problems with my system freezing up, especially when playing WOW with nothing else running. I have run adaware spybot superantispyware bitdefender. Nothing is turning up any threats. Can someone check my logs and tell me if anything looks out of place?


Here is a Deckard Scan.


Deckard's System Scanner v20071014.68
Run by Joe on 2008-04-14 01:56:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:42 AM, on 4/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Apoint2K\... Read more

Read other answers