Windows Support Forum

I Have Malware Infestation-- Sudden Onset

Q: I Have Malware Infestation-- Sudden Onset

I have never had such a problem I was surfing when suddenly yesterday got many pop ups Then my desktop icons and Malware Infestation-- Sudden Have I Onset taskbar started disappearing They would go off and a quot media quot control bar which I never saw before popped up on the taskbar then I Have Malware Infestation-- Sudden Onset all the icons would reappear and keep disappearing When I try to boot in safe mode I still can t get a desktop to function I have to open programs through taskmanager I have run Adaware Pro I Have Malware Infestation-- Sudden Onset many times and it has found multiple malwares including Small But not when I try to delete it I get a blue screen of death which says something like quot The Windows Logon Process system process terminated unexpectedly with a status of machine code The system has been shut down quot I have also run spybot serach and destroy which got rid of a few things Norton AV was useless Windows malware tool detected nothing This is the best site I have found-- please let me know what I should do next Thanks Q

Relevancy 100%
Preferred Solution: I Have Malware Infestation-- Sudden Onset

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: I Have Malware Infestation-- Sudden Onset

Hello and welcome Quakrt, let's start hereDownload Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or the Opera browser click on that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post the log and Let us know how thePC is working now.

http://www.bleepingcomputer.com/forums/t/129702/i-have-malware-infestation-sudden-onset/
Relevancy 77.4%

I've had Windows installed since the Sudden issues onset of RTM has been available and I've had no issues until last night While browsing the internet last night windows explorer crashed and recovered about times then I'd see random copies of windows open and quickly close on the taskbar Shortly after bluescreen When I rebooted I went to play some Left Sudden onset of issues Dead and roughly every clicks I'd see my desktop flash up After that Sudden onset of issues I noticed Sudden onset of issues some other things if I try and click on a drop down box the entire program will appear to open and close it vanishes for a moment and reappears on the taskbar and if I drag a window slowly across the screen the entire screen goes white along with the taskbar apart from a few programs screencapped this For troubleshooting I've tried the following Switching from Aero to classic Running Windows update Updating graphics drivers Reseating graphics card Creating a new user account All problems gone on this user account so I'm sure there's something wrong with my user account itself So can anyone think what's going on here

A:Sudden onset of issues

Maybe scan for malware with your AV and Malwarebytes . . . but perhaps not if only affecting one account.

Also, another instance where system restore might provide a quick and easy fix if you have a recent restore point available from before this problem started occurring.

http://www.sevenforums.com/general-discussion/28152-sudden-onset-issues.html
Relevancy 76.54%

Earlier tonight while watching a TV episode using KMPlayer I suddenly got a BSOD the computer restarts and windows works fine Except chrome now won't start stating it has encountered a problem and needs to close but works when I use ntoskrnl.exe Sudden onset BSOD's of the old chrome Sudden onset of BSOD's ntoskrnl.exe exe which I'm using now I thought it was a one time thing and go back to the episode it happens again about half an hour later Then about another half hour after that when I'm researching Sudden onset of BSOD's ntoskrnl.exe the issue Then again later when I was trying to drag the update window for malwarebytes to a side screen And just now when I clicked on a link to youtube in an email I've read other threads relating to ntoskrnl exe BSOD's and it seems that without knowing how to interpret the dump files I won't be getting anywhere Possibly relevant changes I've made today are I plugged a mic pre-amp into the line-in port on my soundcard which is left in there with the pre-amp turned off that knocked one of Sudden onset of BSOD's ntoskrnl.exe my DVI cables and I had to reconfigure nvidia surround I updated KMPlayer in hopes of reducing a slight stuttering issue I was having mins later this all happens I've already run ad-aware antivirus spybot search amp destory and malwarebytes anti-malware I also attempted to run SFC scannow but it failed at Any help will be appreciated I have attached the zip As an aside the computer is just over a year old has never had a single issue I don't have an antivirus program because I used to be a computer technician and am very careful plus they mess with my games it runs and I generally restart it every week or so

A:Sudden onset of BSOD's ntoskrnl.exe

Welcome to the Forum.

Update these drivers:SiLib.sys Wed Feb 7 05:13:54 2007 (45C90BB2)
USBXpress Development Kit
Driver Reference Table - SiLib.sys

AseUSBCC.sys Wed Feb 7 05:15:34 2007 (45C90C16)
Aladdin USB Key HASP Driver (also associated w/Antec Liquid Cooling software)
Driver Reference Table - AseUSBCC.sys

wacommousefilter.sys Sat Feb 17 00:12:17 2007 (45D5F401)
Wacom(tablet) Mouse Filter
Driver Reference Table - wacommousefilter.sys

lirsgt.sys Tue Jun 17 21:17:08 2008 (4857D574)
part of a Copy Protection platform developed by Tages SA
Driver Reference Table - lirsgt.sys

GEARAspiWDM.sys Mon May 18 18:17:04 2009 (4A1151C0)
CD-ROM Class Filter Driver by Gear Software.[br]Also comes with iTunes
Driver Reference Table - GEARAspiWDM.sys
------------------------
To perform a clean install of a driver, follow this tutorial: How to Clean Left Over Driver Files with Driver Sweeper
------------------------


   Information
and install Revo Uninstaller.Opt for "Advanced Mode" and uninstall the software (also delete the leftover registry entries).


------------------------
Run the System File Checker that scans the of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible: Click on the
Type CMD on Search
Left click and Run as Administrator
Type SFC /scannow - read here
Run Disk Check on your Hard Drive for file system errors and bad sectors on it - read here
------------------------
Make scans with these tools - TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US
Online Virus Scanner Eset
Monitor hardware temperature with system monitoring software like Speccy or HWMonitor. Upload a screen shot of the Summary tab as well:Piriform - Speccy
CPUID - HWMonitor
------------------------
If BSOD's continue, Enable Driver Verifier to see if it catches any misbehaving driver: Driver Verifier - Enable and Disable
Using Driver Verifier to identify issues with Drivers
BSOD SUMMARY

Code:
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Mon Sep 30 22:01:21.317 2013 (UTC + 6:00)
System Uptime: 0 days 0:47:26.176
BugCheck 109, {a3a039d8b3720594, b3b7465f05f047de, fffff80000b96bb0, 6}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
BUGCHECK_STR: 0x109
PROCESS_NAME: System
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Mon Sep 30 20:58:46.608 2013 (UTC + 6:00)
System Uptime: 0 days 0:45:49.451
BugCheck 109, {a3a039d8b3e52894, b3b7465f06636ade, fffff80000b96bb0, 6}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
BUGCHECK_STR: 0x109
PROCESS_NAME: System
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Mon Sep 30 20:12:10.236 2013 (UTC + 6:00)
System Uptime: 0 days 0:15:58.080
BugCheck 109, {a3a039d8b433a768, b3b7465f06b1e9c2, fffff80000b96bb0, 6}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
BUGCHECK_STR: 0x109
PROCESS_NAME: System
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Mon Sep 30 19:55:17.678 2013 (UTC + 6:00)
System Uptime: 0 days 0:45:50.411
BugCheck 109, {a3a039d8b59af5bb, b3b7465f08193805, fffff80000b96bb0, 6}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
BUGCHECK_STR: 0x109
PROCESS_NAME: System
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Debug session time: Mon Sep 30 19:08:34.267 2013 (UTC + 6:00)
System Uptime: 0 days 0:46:00.110
BugCheck 109, {a3a039d8b41f651d, b3b7465f069da767, ff... Read more

http://www.sevenforums.com/bsod-help-support/306695-sudden-onset-bsods-ntoskrnl-exe.html
Relevancy 76.54%

PCU: Intel(R) Core? i7-4820K Quad-Core 3.70 GHz
Motherboard :ASUS Sabertooth X79 ATX
Video: NVIDIA GeForce GTX 760 2GB GDDR5
Memory: 16GB (4GBx4) DDR3/2133MHz Quad Channel Corsair
HD: 256GB ADATA SP610 SSD And 2TB SATA III Hard Drive



Started getting random bsod's earlier this week. It seems once I have one while I am playing Guild Wars 2, that upon restart I have several more issues. I have already Updated my drivers, Scanned with both AVg free, and malware. Upon looking through my even viewer I have a single Kernel-Power Critical Error but many more normal errors such as: 10 WMI(application). 102 PNRPSvc(system), 1000 Application error(application), 1001 Bugcheck(system), 6008 eventlog(system), 7001 Service Control Manager(system)x2.

I am also attached the minidumps

A:Sudden onset of Multiple Bsod

The latest one is caused by Chrome.
The latest to secound one is caused by Netsh.
Update both of them.

http://www.sevenforums.com/bsod-help-support/358520-sudden-onset-multiple-bsod.html
Relevancy 76.54%

Hi My name is Rock Vacirca and I am a writer on Virtual Worlds such as Second Life Blue Mars etc I thought I would beef up my blog template and downloaded some freebie templates to try out and Advertising onset Sudden of Popups an image viewer and since then I have had a sudden onset of advertising popups like Sudden onset of Advertising Popups this In case it is related just prior to seeing the first popup I found I could not right-click any file Sudden onset of Advertising Popups in Windows Explorer or right-click the desktop I got a Windows message that said they were terminating a program explorer exe before it could harm my machine I then rebooted and it paused on closedown for a while as it said AxWin had not terminated properly On restart I ran my AVG and it found two copies of Trojan Generic BGWZ in my Internet temporary files folder and put them into the Vault I then ran my Adaware and Spybot and apart from tracking cookies they both said my machine was clean However the popups came back today after switch-on and appear randomly when visiting the normal websites I go to such as the BBC news Sudden onset of Advertising Popups site several forums and my blogsite I attach my DDS txt my Ark txt the RSIT Info and Log files and the zipped Attach txt DDS Ver - - - NTFSx Run by Colin at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV AVG Anti-Virus Free On-access scanning enabled Updated FOOTER Change skin language mark as read etc Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC WINDOWS system spoolsv exeC Program Files AVG AVG avgcsrvx exeC www Apache bin httpd exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC Program Files AVG AVG avgwdsvc exeC Program Files Java jre bin jqs exeC WINDOWS Explorer EXEC Program Files AVG AVG avgnsx exeC www Apache bin httpd exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files Autodesk ds Max mentalray satellite raysat dsMax server exeC Program Files MySQL MySQL Server bin mysqld-nt exeC Program Files CDBurnerXP NMSAccessU exeC WINDOWS system svchost exe -k imgsvcC Program Files TortoiseSVN bin TSVNCache exeC WINDOWS Dit exeC WINDOWS SOUNDMAN EXEC WINDOWS system RUNDLL EXEC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files QuickTime qttask exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Logitech Logitech WebCam Software LWS exeC PROGRA AVG AVG avgtray exeC Program Files Microsoft ActiveSync WCESCOMM EXEC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Skype Phone Skype exeC WINDOWS system ctfmon exeC Program Files LG Soft India forteManager bin Monitor exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Program Files Microsoft Office Office msoffice exeC Program Files Skype Plugin Manager skypePM exeC WINDOWS system ntvdm exeC Program Files TrendMicro HiJackThis HiJackThis exeC WINDOWS system NOTEPAD EXEC Program Files Mozilla Firefox firefox exeC Temp dds scr Pseudo HJT Report uStart Page hxxp www google co uk uInternet Settings ProxyServer socks uInternet Settings ProxyOverride plimus com www plimus com regnow com www regnow com uSearchURL Default hxxp www google com keyword suURLSearchHooks McAfee SiteAdvisor Toolbar FOOTER Change skin language mark as read etc - c progra mcafee sitead mcieplg dlluURLSearchHooks AVG Security Toolbar BHO FOOTER Change skin language mark as read etc - c program files avg avg toolbar IEToolbar dllmURLSearchHooks AVG Security Toolbar BHO FOOTE... Read more

A:Sudden onset of Advertising Popups

Hello Rock Vacirca,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized

http://www.bleepingcomputer.com/forums/t/295592/sudden-onset-of-advertising-popups/
Relevancy 76.54%

About a week ago my computer suddenly became painfully slow (to the point that the startup and shutdown sounds stutter). CPU usage bounces around 50% without anything running, but the computer works perfectly fine in safe mode. There were no changes or updates that proceeded the issue.

I have run multiple scans with my anti-virus software (trend micro) after updating to the latest definitions in both safe mode and normal startup, but it has not found anything. I have run a system restore back to before the issue occured to no avail. I have attempted to determine the source by modifying my startup programs and services through msconfig, no sucess. Giving up and hoping for some help!

Thanks,

Sean

http://www.bleepingcomputer.com/forums/t/359026/sudden-onset-of-extreme-slowness/
Relevancy 75.68%

Hello I m brand new here and I m hoping I could get of Burner questions Sudden DVD + RAM onset big problem with some help with this problem I ve been having Recently I ve upgraded my HP a n s Sudden onset of big problem with DVD Burner + RAM questions RAM to gigs which I am told should be more than enough to handle nearly every task without slowdown and after chatting Sudden onset of big problem with DVD Burner + RAM questions with an HP consultant they told me how to make sure the x mb sticks are running in dual channel by alternating between the new and old sticks I haven t noticed any difference my computer still slows drastically when I m doing video encoding or other types of multitasking like scanning The second problem is mildly related to the first My DVD burner doesn t exactly work correctly anymore as everytime I put a DVD to play it really stutters My computer begins chugging computer useage says and the movie is basically unwatchable I ve tried all my DVDs even brand new ones and it stil does not work Burning a DVD with it also causes my computer to chug and the burning process is extremely slow as well I m unable to do anything but to watch it take nearly an hour to burn something that originally took minutes tops I ve contacted HP and did all their standard scanning and uninstalling rebooting but to no avail Could this somehow be related to the installation of a new graphics card Thanks for taking your time to read this message nbsp

Relevancy 75.68%

Hello Our computer has several problems which don with onset strange failures help, all please multiple sudden t seem related to each-other but they all began happening in the space of four days or less about six weeks ago At that time the computer got a few Windows updates an upgraded version of McAfee was installed and Internet Explorer was replaced by Internet Explorer as one of the Windows Updates The computer is a Dell Studio XPS with Windows Vista -bit please help, multiple strange failures all with sudden onset The symptoms are as follows After rebooting Internet Explorer will stop please help, multiple strange failures all with sudden onset working after about two to five hours When you try to run it it just sits there with a blank screen and most of the menu options ghosted out When this happens email still works fine and I can successfully quot ping google com quot from the command prompt The only way I have found to get it working again is to reboot the computer Sometimes two reboots are required Windows Defender is unable to complete a scan It stalls after running for from two-and-one-half to seven-and-one-half hours The UI is still responsive because it responds to the close box but the elapsed time does not progress and the file indicator is stopped on any of several cookies in any of several users cookies folders The path will be C users AnyUser AppData Roaming Microsoft Windows Cookies Low txt If you try to reboot the computer approximately twenty per cent of the time the computer will hang completely during the logoff process The only way to recover is to hold the power button in until the miserable thing powers off The USB headset we use with Rosetta Stone would previously allow you to both listen and speak when using the software Now however you can only speak over the headset The sounds come over the computers main speakers and the headset is silent Please let me emphasize this problem developed at the same time as the others After rebooting the amount of time it takes to log in as any of the users seems to have increased The desktop comes up but the computer continues to grind away on something before the Windows sidebar applications appear and before the Start Menu becomes responsive I ve been banging my head against the wall over this I ve got about twenty to thirty hours of failed troubleshooting and scouring the internet to no avail Here are a few things I ve tried Ran a full scan with McAfee - no problems found Tried two rootikit detectors One didn t find anything and one blue-screens the computer None of the Spyware MalWare detectors I have find anything other than tracking cookies except for Windows Defender which never completes I tried downloading Firefox It runs about an hour longer than Internet Explorer will then it too stops working I tried reverting Internet Explorer back to Internet Explorer It did not help begins to malfunction in the same time frame as Does anybody have any ideas I should try or know where I should look to solve this problem Any ideas are greatly appreciated I m so frustrated with this thing Thank you GeoRanger nbsp

A:please help, multiple strange failures all with sudden onset

Hello:

I've been working on this for most of this weekend (oh what fun) and may have made some progress. McAfee found and removed two pieces of Malware. One was called "doubleclick" and the other "adtmt". It didn't find those in all the other times I've scanned with it, so I don't know if they caused these problems or not.

I also ran McAfee Virtual Technician and it didn't find any problems other than a slightly outdated definition file.

Also, I think problem 4, regarding the USB headset, might be a bad USB hub. The headset works fine if I plug it directly into the computer. Perhaps it's just a coincidence the problem developed contemporaneously with the others.

I'm not convinced I'm malware free and am wondering if some nasty rootkit is hiding on my box.

All of the other problems remain. Can anybody offer some suggestions as to what I should do next?

Thank you,
GeoRanger
 

https://forums.techguy.org/threads/please-help-multiple-strange-failures-all-with-sudden-onset.1023386/
Relevancy 75.68%

Can anyone help with a slow boot problem on Windows Windows onset) (sudden boot slow 8/8.1 please nbsp This concerns an Asus Zenbook nbsp It's about months old and has always booted very quickly nbsp Now all of a sudden it takes minutes to get beyond the Windows logo Windows 8/8.1 slow boot (sudden onset) screen nbsp I have tried all the standard things clean boot turn off Asus Fast Boot etc up to and including Resetting Windows nbsp No good on either Windows or it still takes minutes nbsp I have looked at the Windows System Log and the delay occurs right at the beginning of the Boot process nbsp E g on the most recent boot I see as the first entries note I'm in Europe so dates are dd mm yyyy and times are in -hour clock Information nbsp nbsp nbsp nbsp nbsp nbsp Kernel-General nbsp nbsp nbsp nbsp nbsp nbsp None The operating system started at system time - - T Z Information nbsp nbsp nbsp nbsp nbsp nbsp Kernel-Boot nbsp nbsp nbsp nbsp nbsp nbsp None The firmware reported boot metrics Information nbsp nbsp nbsp nbsp nbsp nbsp FilterManager nbsp nbsp nbsp nbsp nbsp nbsp None File System Filter 'FileInfo' - - T Z has successfully loaded and registered with Filter Manager and you can see the -minute gap between the nd and rd entries nbsp That's where the delay always comes though sometimes the quot reported boot metrics quot doesn't show A little later in the procedure I do always get the following warning Warning nbsp nbsp nbsp nbsp nbsp nbsp Kernel-PnP nbsp nbsp nbsp nbsp nbsp nbsp nbsp The driver Driver WudfRd failed to load for the device ACPI ACPI amp daba ff amp However because that comes later I can't see how it can be causing the problem and I suspect it's an independent issue The machine appears to run normally once booted nbsp It is protected against viruses by Windows Defender nbsp I have looked at many posts on this and other fora on slow boot and tried everything suggested but none of the solutions have worked nbsp I have also looked widely on the web for problems with the File System Filter but nothing relevant comes up nbsp The machine is under warranty and could be sent back but that would be a serious pain so if there is a solution I can implement I would much prefer to do so nbsp Thank you for looking at this There are no stupid rats only misguided students

A:Windows 8/8.1 slow boot (sudden onset)

Seglea
Though not definitive there are over 200 seconds of incrase due in part to the HD thrashing.  I would defrag and run CHKDSK as a first step

CHKDSK /R /F
Chkdsk disclaimer: While performing chkdsk on the hard drive if any bad sectors are found  any data available on that sector might be lost so as usual backup your data.
Run CHKDSK /R /F from an elevated (Run as administrator) Command Prompt.
Do this for each hard drive on your system.
When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter.

Then reboot and let the test run.
It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors.
http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/


 See "CHKDSK LogFile" below in order to check the results of the test.

CHKDSK LogFile:
Go to Start and type in "eventvwr.msc" (without the quotes) and press Enter
Expand the Windows logs heading, then select the Application log file entry.
Double click on the Source column header.
Scroll down the list until you find the Chkdsk entry (wininit for Win7) (winlogon for XP).
Copy/paste the results into your next post. 

Wanikiya and Dyami--Team Zigzag

https://social.technet.microsoft.com/Forums/en-US/412b9a87-fca1-440e-91f6-bd3c6828a9ed/windows-881-slow-boot-sudden-onset?forum=w8itproperf
Relevancy 74.39%

My Word files are suddenly going haywire. Periodically I will be scrolling through a document, and where there was once text, there is now strange characters. Chunks of text have disappeared.

If I close the file and reopen, the file seems to revert to where it was with no loss. But it freaks me out.

Was also working with some tables in Word and the program on its own started adding new rows and wouldn't stop. Had to shut down.

Software and Adware are up to date. Haven't see this with other programs, but haven't tested it much.

Already tried removing and reinstalling Word. Haven't see same prob when opening same docs on other computers.

Is this a software problem? Display? Input hardware?

Running Word 2000 on Presario Notebook. Windows XP.
 

https://forums.techguy.org/threads/sudden-onset-of-weird-characters-and-lost-text-in-word.667850/
Relevancy 74.39%

Background Computer geek since Apple Have built every PC I've owned since the mid- s CS degree VA Tech developer with lots of weird hardware needs I have screens totaling sq ft there's computers running interrupt the me have confounded How that Latency can / hrs? for fix completely I sudden-onset issues DPC 20+ / in my house my music is connected to an FM transmitter with boomboxes in every room I have a USB infrared receiver for remote control and USB X controller to control house lights a custom USB ambilight system not hooked up during my recent troubles RockSmith controllers with guitars hooked up -- counting my USB hub How can I fix the sudden-onset Latency / DPC / interrupt issues that have completely confounded me for 20+ hrs? I frequently have with on exaggeration a dozen things plugged in How can I fix the sudden-onset Latency / DPC / interrupt issues that have completely confounded me for 20+ hrs? I've always installed windows myself -- only had an OS installed on a machine I bought once in an emergency I didn't build it I hated it It died within years My wife had a machine that had been continuously upgraded since it was a that would still function today had we not curbed it last week We have over TB of harddrive space in our house We're How can I fix the sudden-onset Latency / DPC / interrupt issues that have completely confounded me for 20+ hrs? hardcore geeks I hope this intro doesn't make me sound like a douchebag I'm just trying to set a level of competence here so people don't waste time over explaining basic things nbsp I'm frequently finding myself in unique situations and still manage to keep my windows installations going for years They usually last until the motherboard croaks So imagine my ire when I built an awesome machine last summer STATS Intel Core i - K Haswell-E -Core GHz with an Arctic Freezer I cooler on a ASRock X WS EATX motherboard with G of Crucial Ballistix Sport DDR mHz RAM a Radeon R video card and a Crucial M GB M SSD all inside a massive NZXT Phantom case and it's in what seems like death throes My baby isn't even a year old yet and it's slower than my computer nbsp Not CPU-slower I can still crunch numbers just as fast Verified by encoding WAV to MP with multiple simultaneous instances of LAME exe Not harddrive-slower I can still copy files just as fast I copy at commandline with speed indicator usually - MB s over LAN faster locally Not graphics-slower I can still play games just as fast RockSmith w my wife amp guitar controllers works just fine once the new slow-loading is done Just overhead slower nbsp Console output is slower BAT files run slower even without console output I have over BAT files that I've developed for over yrs that do most things for me One just generates white noise for audio alarm The noises are slower because each line of the BAT file seems to be loaded at a slower speed When viewing multiple videos with MPC-HC -- the next video takes seconds to load instead of - seconds Switching to full screen video Expect a second delay where there used to be My mouse frequently stops moving and I can't move it for several seconds I haven't experienced that since Linksys's horrible ish ethernet cards I've even for the first time ever heard the occasional audio disruption I have optical digital output direct on motherboard hooked to an optical splitter one of which goes to my primary amp the other of which goes to a DAC that splits into runs Bedroom Downstairs and FM transmitter - which reaches - boomboxes sprinkled around the house I've lost count For the first months of owning my machine I never saw the CPU go over It was usually at - Now it's idling at But again my problems are not general CPU problems I can still encode audio at the same rate my CPU can still computer just as fast I can still play RockSmith once it loads which is WAY WAY WAY slower ALL loading is slower I think the CPU rate is so high because these Interrupts DPCs They are constantly at The problem happen... Read more

https://social.technet.microsoft.com/Forums/en-US/406e23c2-0389-4250-b1d0-8aced590bf35/how-can-i-fix-the-suddenonset-latency-dpc-interrupt-issues-that-have-completely-confounded-me?forum=w7itproperf
Relevancy 71.81%

Need help -- I can t figure out what s wrong with my PC A couple of days ago I noticed Windows was stalling during start up After signing in the taskbar came up and some items appeared in the system tray but there was a delay of - minutes before the rest of the items appeared in the system tray and the desktop icons appeared During the delay there were a little disk activity Once started Firefox behaves strangely taking several seconds to load pages page am I onset loads, Sudden Firefox infected? mins delay XP startup, of delays during in 1-2 of: like Google that normally load right away I discovered that after I uninstalled Zone Alarm Pro v recently I forgot to activate the Windows firewall possibly leaving me open for a few days Dell Latitude Sudden onset of: XP delay of 1-2 mins during startup, delays in Firefox page loads, am I infected? D Running XP Pro SP Here s what I ve tried - Updated and ran Symantec Sudden onset of: XP delay of 1-2 mins during startup, delays in Firefox page loads, am I infected? AV scan nothing showed up - Updated and ran Spybot Search amp Destroy nothing showed up - Updated and ran Anti-Malware which found traces of a Trojan C WINDOWS s txt Malware Trace - gt Quarantined and deleted successfully C WINDOWS ws ini Malware Trace - gt Quarantined and deleted successfully - I tried restoring a previous system set point but it failed so I removed all old set points - I saw a system event in the event viewer trying to load aspimgr exe so I removed the registry entries associated with aspimgr after Sudden onset of: XP delay of 1-2 mins during startup, delays in Firefox page loads, am I infected? backing up the registry None of these actions improved the situation Grateful for any help fixing these XP issues and finding out whether I m still infected I d post some logs or something but not sure what to post or how to get it Johnny

A:Sudden onset of: XP delay of 1-2 mins during startup, delays in Firefox page loads, am I infected?

Welcome to BCC:\WINDOWS\system32\aspimgr.exehttp://www.bleepingcomputer.com/startups/a....exe-18301.htmlLet's start off with Mbam and see what we can find-----------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs---------------------------------

http://www.bleepingcomputer.com/forums/t/207041/sudden-onset-of-xp-delay-of-1-2-mins-during-startup-delays-in-firefox-page-loads-am-i-infected/
Relevancy 56.76%

I ve had some nasty browser re-directs that I thought I had solved But it seems that a new one has infestation malware hit or just the old one hitting again and it has shut down Malwarebytes and I can t reboot in safe mode Here is my HJT log for starters Please malware infestation help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system malware infestation svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Analog Devices Core malware infestation smax pnp exe C Program Files iTunes iTunesHelper exe C Program Files Adobe Adobe Acrobat Distillr Acrotray exe C Program Files Dell Photo AIO Printer dlcqmon exe C Program Files Dell Photo AIO Printer memcard exe C Program Files Common Files InstallShield UpdateService issch exe C PROGRA AVG AVG avgtray exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C WINDOWS system ctfmon exe C Program Files Iomega Iomega Automatic Backup ibackup exe C Program Files Adobe Adobe Acrobat Acrobat acrobat sl exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system dlcqcoms exe C PROGRA Iomega System AppServices exe C WINDOWS system svchost exe C Program Files NETGEAR NETGEAR Storage Central Manager Utility Z-SANService exe C Program Files AVG AVG avgnsx exe C Program Files Common Files Nero Lib NMIndexingService exe C Program Files iPod bin iPodService exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C WINDOWS System svchost exe C Program Files AVG AVG avgcsrvx exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www flashmobrocks com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com F - REG system ini Shell Explorer exe logon exe O - Hosts localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run NeroFilterCheck C Program Files Common Files Nero Lib NeroCheck exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Acrobat Assistant quot C Program Files Adobe Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run FaxCenterServer quot C Program Files ... Read more

Relevancy 56.76%

I m on my dad s infestation Malware computer Malware infestation which is a windows SE It s got some kind of malware thing going on I can t run ad-aware can t update it and can t thoroughly run spy-bot on it Here is the hijack log Any advice is appreciated Logfile of HijackThis v Scan saved at AM on Platform Windows SE Win x A MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM KB KB EXE C WINDOWS SYSTEM KB KB EXE C WINDOWS EXPLORER EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM STIMON EXE C PROGRAM FILES GRISOFT AVG FREE AVGCC EXE C PROGRAM FILES GRISOFT AVG FREE AVGEMC EXE C PROGRAM FILES GRISOFT AVG FREE AVGAMSVR EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS STARTER EXE C WINDOWS SYSTEM WMIEXE EXE C WINDOWS SYSTEM DDHELP EXE C PROGRAM FILES WINZIP WZQKPICK EXE C PROGRAM FILES WINZIP WINZIP EXE C WINDOWS TEMP WZ E HIJACKTHIS EXE R - HKCU Software Microsoft Internet Explorer SearchURL about blank R - HKCU Software Microsoft Internet Explorer Main Start Page http www rr com R - HKLM Software Microsoft Internet Explorer Main Search Bar about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy server R - Default URLSearchHook is missing O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRAM FILES YAHOO COMPANION INSTALLS CPN YCOMP DLL O - BHO no name - AF -E D- E - - DF F A - no file O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHELPER DLL O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run Multi-function Keyboard GWHotKey exe O - HKLM Run COMSMDEXE comsmd exe -off O - HKLM Run DXM Patch C WINDOWS p exe Q A O - HKLM Run LoadQM loadqm exe O - HKLM Run CXMon quot C Program Files Hewlett-Packard PhotoSmart Photo Imaging Hpi Monitor exe quot O - HKLM Run Share-to-Web Namespace Daemon C Program Files Hewlett-Packard PhotoSmart HP Share-to-Web hpgs wnd exe O - HKLM Run StillImageMonitor C WINDOWS SYSTEM STIMON EXE O - HKLM Run AVG CC C PROGRA GRISOFT AVGFRE AVGCC EXE STARTUP O - HKLM Run AVG EMC C PROGRA GRISOFT AVGFRE AVGEMC EXE O - HKLM Run AVG AMSVR C PROGRA GRISOFT AVGFRE AVGAMSVR EXE O - HKLM Run SystemTray SysTray Exe O - HKLM Run EnsoniqMixer starter exe O - HKLM RunServices dRMON SmartAgent drmon SmartAgt SmartAgt exe O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent C WINDOWS SYSTEM mstask exe O - HKLM RunServices KB C WINDOWS SYSTEM KB KB EXE O - HKLM RunServices KB C WINDOWS SYSTEM KB KB EXE O - HKCU Run Taskbar Display Controls RunDLL deskcp dll QUICKRES RUNDLLENTRY O - Startup WinZip Quick Pick lnk C Program Files WinZip WZQKPICK EXE O - Extra context menu item amp Google Search - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmsearch html O - Extra context menu item amp Translate English Word - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmwordtrans html O - Extra context menu item Cached Snapshot of Page - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmcache html O - Extra context menu item Similar Pages - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmsimilar html O - Extra context menu item Backward Links - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmbacklinks html O - Extra context menu item Translate Page into English - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmtrans html O - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS SYSTEM Shdocvw dll O - Plugin for hlq C PROGRA INTERN PLUGINS nphcd dll O - Plugin for cfm C Program Files N... Read more

A:Malware infestation

Run HJT again and put a check in the following:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4AF01159-E91D-08E7-8753-60550DF47F4A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/170df7fb5fe4d76...p/RdxIE601.cab

Close all applications and browser windows before you click "fix checked".

Empty your temporary internet files, your c:\windows\temp folder, defrag the drive and try spybot in safe mode.
 

https://forums.techguy.org/threads/malware-infestation.517358/
Relevancy 56.76%

My computer is acting strange I have a malware case that won't go away My task manager is disabled as well None of the software I've used have helped Here is my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes Malware Infestation C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system svchost exeC WINDOWS system rxjddnvj exeC WINDOWS Explorer EXEC WINDOWS system wscntfy exeC WINDOWS system hkcmd exeC Program Malware Infestation Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeF - REG system ini UserInit C WINDOWS SYSTEM Userinit exe C WINDOWS system rxjddnvj exe O - BHO no name - -d e - bc -a bd- d ca be - no file O - BHO Malware Infestation no name - - e- aac-afd -eff a dd - Malware Infestation no file O - BHO no name - e f -a e - b -b - bf db fb - no file O - BHO no name - dfedaa- - d -bfc - b a d - no file O - BHO no name - F - D - - AD - C D ADC - no file O - BHO no name - adbcce -cf - e- b -afc a c a - no file O - BHO no name - d cb -cc c- -a e -f b d bcf - no file O - BHO no name - ef - a a- d - -b e cc - no file O - BHO no name - C D -A AB- B-B D-FD C FEF - no file O - BHO no name - - - - A - F D - no file O - BHO no name - bc-a - a d- cdf-ba c f e - no file O - BHO no name - abc a- e - d -b b-d c f a c - no file O - BHO no name - a - - e - a -a e f f - no file O - BHO no name - a a cf- - d - bd- a - no file O - BHO no name - b bfe-b - d -bfa - b e bd - no file O - BHO no name - bb - fa- -ba -eca a bc - no file O - BHO no name - c e - - a e- f - a b - no file O - BHO no name - c ca - cf - b - b - a fd - no file O - BHO no name - c af - c - dfb- - ab a - no file O - BHO no name - ca d b - c - d -a - c e b - no file O - BHO no name - d efadf - - d - c - c dc - no file O - BHO no name - e a a-a - -b c-da f - no file O - BHO no name - e - e- e - d - beef c - no file O - DPF A -C - E - - A E C EA F-Secure Online Scanner - http support f-secure com ols beta fscax cab--End of file - bytesThanks for your help

A:Malware Infestation

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/128308/malware-infestation/
Relevancy 56.76%

Please review HJT log I have run the latest version of AAW and it removed nearly entries but I know there are more Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Ad-Aware aawservice exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC WINDOWS System svchost exeC PROGRA COMMON aol ACS acsd exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS system cisvc exeC WINDOWS System CTsvcCDA exeC WINDOWS System nvsvc exeC Program Files Dantz Retrospect Malware Infestation retrorun exeC PROGRA Dantz RETROS wdsvc exeC WINDOWS System svchost exeC WINDOWS System wdfmgr exeC WINDOWS wanmpsvc exeC WINDOWS System MsPMSPSv exeC WINDOWS Explorer exeC Program Files Roxio Easy CD Creator Malware Infestation DirectCD DirectCD exeC Program Files Common Files Dell EUSW Support exeC Program Files Dell AIO Printer A dlbabmgr exeC Program Files Dell AIO Printer A dlbabmon exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files Creative SBLive Diagnostics diagent exeC Program Files Microsoft AntiSpyware gcasDtServ exeC WINDOWS System WDBtnMgr exeC Program Files Common Files Real Update OB realsched exeC WINDOWS SYSTEM lmdsrngk exeC WINDOWS System shellexpi exeC PROGRA MYWEBS bar bin mwsoemon exeC Program Files AIM aim exeC Program Files ISM ISMPack exeC Program Files AIM aolsoftware exeC PROGRA Yahoo MESSEN ymsgr tray exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system cidaemon exeC WINDOWS system cidaemon exeC Documents and Settings ISAACSIONA Desktop HiJackThis exeC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer SearchURL http solongas com sp htm id R - HKCU Software Microsoft Internet Explorer Main Start Page http softwarereferral com jump php wmid Ojg amp lid R - HKLM Software Microsoft Internet Explorer Main SearchAssistant http www websearch com ie aspx tb id R - HKLM Software Microsoft Internet Explorer Main Search Page http search shopnav com apps epa epa cid shnv amp s R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllF - REG system ini Shell Explorer exe C WINDOWS System printer exeF - REG system ini UserInit userinit exe C WINDOWS System ntos exe O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO BndShell BHO Class - ABA A C- - d - D B-BCC EA - C Program Files ISM BndDrive dll file missing O - BHO BndDrive BHO Class - FB B -E CB- cd-B D -ED FAE - C Program Files ISM BndDrive dll file missing O - BHO no name - AF DA- C- - BDA-A DFCC - C WINDOWS System trust dllO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - Toolbar Seekmo - AA A- D - CBE-A - A D D - C Program Files Seekmo bin HostIE dll file missing O - HKLM Run MCUpdateExe C PROGRA mcafee com agent McUpdate exeO - HKLM Run AdaptecDirectCD quot C Program Files Roxio Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run DwlClient C Program Files Common Files Dell EUSW Support exeO - HKLM Run Dell AIO Printer A quot C Program Files Dell AIO Printer A dlbabmgr exe quot O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run diagen... Read more

A:Malware Infestation

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

http://www.bleepingcomputer.com/forums/t/113793/malware-infestation/
Relevancy 56.76%

Folks GM A client has a PC that has the following Malware Malware Infestation installed Total Security It typically hijacks browser sessions disables task manager AV Malwarebytes etc DDS file follows DDS Ver - - - NTFSx NETWORK Run by npeople at on Mon Internet Explorer Microsoft Windows XP Professional GMT - AV Symantec Endpoint Protection On-access scanning disabled Updated FB E- B - A- F -E D C FW Norton AntiVirus enabled F - CEE- EA-A A-D ADD EA E FW Symantec Endpoint Protection enabled BE FE -CD B- - A - DB DDB Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Symantec Symantec Endpoint Protection Smc exe C WINDOWS system svchost exe -k Malware Infestation netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Symantec Symantec Endpoint Protection Rtvscan exe C WINDOWS Explorer EXE C Program Files Symantec Symantec Endpoint Protection SmcGui exe C Program Files Internet Explorer iexplore exe C WINDOWS system ctfmon exe C WINDOWS system notepad exe C WINDOWS system notepad exe C Documents and Settings npeople Local Settings Temporary Internet Files Content IE AP TPHLW dds scr Pseudo HJT Report uStart Page hxxp www hp com mDefault Search URL hxxp www google com ie mSearch Page hxxp www google com mStart Page hxxp www google com mSearchAssistant hxxp www google com TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll TB ALOT Toolbar aa ba - - dc - - ab fa ae - c program files alot bin alot dll EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll uRun ctfmon exe c windows system ctfmon exe mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun SetRefresh c program files compaq setrefresh SetRefresh exe mRun Recguard c windows sminst Recguard exe mRun Scheduler c windows sminst Scheduler exe mRun lt NO NAME gt mRun Norton Ghost c program files symantec norton ghost agent GhostTray exe mRun SSBkgdUpdate quot c program files common files scansoft shared ssbkgdupdate SSBkgdupdate exe quot -Embedding -boot mRun PaperPort PTD quot c program files scansoft paperport pptd nt exe quot mRun IndexSearch quot c program files scansoft paperport IndexSearch exe quot mRun PPort reminder quot c program files scansoft paperport ereg ereg exe quot -r quot c documents and settings all users application data scansoft paperport config ereg Ereg ini mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun LogMeIn GUI quot c program files logmein x LogMeInSystray exe quot mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun Corel Photo Downloader c program files cvs cvs photo editor plus Corel Photo Downloader exe mRunOnce Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript IE e amp xport to microsoft excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE B E C - FCB- CF-AAA - C - CAFEEFAC- - - -ABCDEFFEDCBC - c program files java jre bin npjpi dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF A D - - A- A -D AC B - hxxps webdl symantec com activex symdlmgr cab DPF E A- D- EE - C-DC FA D FC - hxxp www update microsoft com microsoftupdate v V Controls en x client muweb site cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF A D - DE - EA -BABB-FE E C - hxxp www hp com cpso-support-new SDD hpsddObjSigned cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com pub shockwave cabs flash swflash cab TCP EF C F- - -BF... Read more

A:Malware Infestation

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedWhat kind of reseller are you?In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/259208/malware-infestation/
Relevancy 56.76%

Hi I need help with an apparent malware attack picked up while web with Malware Need infestation help surfing This is actually on a friends computer whom I am helping out The symptoms are that we can't run regedit task manager cmd window There is what seems a fake anti virus program now quot installed quot The notifications Need help with Malware infestation area shows a red shield icon and keeps putting up messages saying you are infected Also a message box appears Kaspersky anti virus is installed and was active AFAIK The signatures were apparently ok few days ago but now its asking for an update We have removed the wireless dongle to prevent any internet access for time being and haven't update the signatures yet Not sure if it would even work We did use Kaspersky from the by booting to the command line and then running something like avp com scan my computer there was a parameter we used to specify to disinfect but not to automatically delete R I think The log file of the scan showed no detected problems Was unable to run dds scr or gmer with a normal startup The windows open briefly and then close Was able to boot into safe mode No symptoms apparent and was able to run dds and gmer Below is the output from DDS run in safe mode and I have attached the Attach txt file GMER did not produce any output it ended with a message say quot GMER did not find any modifications quot so no GMER log included Your help would be really appreciated Thanks PJ DDS Ver - - - NTFSx MINIMAL Run by Administrator at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV Kaspersky Anti-Virus On-access scanning disabled Outdated C D BC - - -A F -E C Running Processes C windows system svchost -k DcomLaunch svchost exe C windows system svchost exe -k netsvcs C windows Explorer EXE C Documents and Settings Administrator KEGUS- A DC Desktop dds scr Pseudo HJT Report mDefault Search URL hxxp toolbar ask com toolbarv askRedirect o amp gct amp gc amp q mStart Page hxxp www pucuy com uInternet Connection Wizard ShellNext hxxp www trendmicro com go hjt win x hjtver amp winver Windows NT amp iever BHO Dealio Toolbar b - af- ffb- ab - a c fb a c - c program files dealio toolbar ie dealioToolbarIE dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO IE EMBHO Class a ddbd - - b - f-bbdd d c e - c program files easymule modules IE EM dll BHO GigagetIEHelper Class caa - f f- ac- -b c d bbab - c windows system gigagetbho v dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky anti-virus ievkbd dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c progra micros office GRA E DLL BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO e e- - f - dab-fcdd b e d - c program files dealio toolbar SearchSettings dll BHO FilterBHO Class e cf -d - a- f - f a f - c program files kaspersky lab kaspersky anti-virus klwtbbho dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO EpsonToolBandKicker Class e fb- dd- f -b ac-b cae f a - c program files epson epson web-to-page EPSON Web-To-Page dll TB EPSON Web-To-Page ee d f- b- - d-c b aaeba d - c program files epson epson web-to-page EPSON Web-To-Page dll TB Ask Toolbar d e-fd b- e -b - d b f - c program files askbardis bar bin askBar dll TB Dealio Toolbar b - af- ffb- ab - a c fb a c - c program files dealio toolbar ie dealioToolbarIE dll uRun ctfmon exe c windows system ctfmon exe mRun AVP quot c program files kaspersky lab kaspersky anti-virus avp exe quot mRun Quick... Read more

A:Need help with Malware infestation

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patience with me during this time.

http://www.techsupportforum.com/forums/f284/need-help-with-malware-infestation-481837.html
Relevancy 56.76%

Hi I downloaded Microworld Anti-Virus amp Spyware Toolkit Utility after running DivX installer which according to infestation? malware my AV program is infected with downloader and it detected a lot of malware on my computer which my Avira and Lavasoft failed to detect My laptop s kinda old and low in RAM so i wasn t sure before if the machine s running malware infestation? slowly because of malware or because of the hardware installed I ve tried a lot of antispywares actually - webroot and Superantispyware They ve already expired but they did not detect these infections before as well so I m not sure if the trojans and or viruses are new ones or false alarms Here are somed detections malware infestation? of Microworld Object quot clocksync Spyware Adware quot found in File System Action Taken No Action Taken Object quot grokster Spyware Adware quot found in File System Action Taken No Action Taken Object quot grokster Spyware Adware quot found in File System Action Taken No Action Taken Object quot grokster Spyware Adware quot found in File System Action Taken No Action Taken Object quot newdotnet Spyware Adware quot found in File System Action Taken No Action Taken Object quot zlob Trojan-Downloader quot found in File System Action Taken No Action Taken Object quot zlob Trojan-Downloader quot found in File System Action Taken No Action Taken Object quot zlob Trojan-Downloader quot found in File System Action Taken No Action Taken Object quot savenow Adware quot found in File System Action Taken No Action Taken Object quot Possible Fujacks-type Worm quot found in File System Action Taken No Action Taken File C Documents and Settings Administrator My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings Default User My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings smsadmin My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings SMSCCMBootAcct amp My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings SMSCliSvcAcct amp My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings SMSCliSvcAcct amp BERCH My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings SMSCliToknAcct amp My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings SoftAudit My Documents desktop ini infected by quot VB CO Leftover quot Virus Action Taken No Action Taken File C Documents and Settings uhf Desktop kis en exe infected by quot Exe Corrupted quot Virus Action Taken No Action Taken File C Documents and File C System Volume Information restore B - EC- F - F - E RP A exe infected by quot Exe Corrupted quot Virus Action Taken No Action Taken File C System Volume Information restore B - EC- F - F - E RP A exe infected by quot Exe Corrupted quot Virus Action Taken No Action Taken File C System Volume Information restore B - EC- F - F - E RP A exe infected by quot Exe Corrupted quot Virus Action Taken No Action Taken Thank you in advance nbsp

A:malware infestation?

oh, and here's a HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:29 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\SWSetup\ACLIENT\ACLIENT.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Compaq\EAB\EABSERVR.EXE
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0409/bF8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0409/bF7.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\Compaq\EAB\EABSERVR.EXE" /Start
O4 - HKLM\..\Run: [hkss] "C:\Program Files\Compaq\Hotkey Software\hkss.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spywar... Read more

https://forums.techguy.org/threads/malware-infestation.605273/
Relevancy 56.76%

I would like some help, I am running windows premium 64bit. Im positive I have some kind of malware or a large amount of malware using up my system resources. I get random crashes and can't connect to the internet. Many programs have just stopped working including my norton 360.

Please help me.
thanks in advance.
 hijackthis.log   11.6KB
  4 downloads

A:Need Help with malware Infestation.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedInformation on A/V control HERE

http://www.bleepingcomputer.com/forums/t/252952/need-help-with-malware-infestation/
Relevancy 56.76%

My computer recently got infected with the quot Security Protection quot malware I ran Malwarebytes which found several things that I removed logfile contents below I also ran Microsoft s Malicious Removal Tool which found nothing I also ran SpyBot S amp D which found a Malware infestation few cookies but nothing else After removing the items MalwareBytes found and rebooting I now have a process that keeps loading at bootup win e dat which MalwareBytes keeps using IP-Block on I get the IP-Block popup every few minutes I ve manually stopped the process which kills the MalwareBytes popups and doesn t seem to respawn until after another bootup So far the process has kept it s same name each time I just ran a HijackThis scan which I m also posting Malware infestation below I m hoping you can help me find any lingering files that are causing this process to start running Thank you in advance jriems Malwarebytes Log Malwarebytes Anti-Malware www malwarebytes org Database version Windows Safe Mode Internet Explorer AM mbam-log- - - - - txt Scan type Full scan C Objects scanned Time Malware infestation elapsed minute s second s Memory Malware infestation Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run Security Protection Rogue SecurityProtection - gt Value Security Protection - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run - Trojan Agent - gt Value - - gt Quarantined and deleted successfully Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected c Users JasonS AppData Roaming defender exe Rogue SecurityProtection - gt Quarantined and deleted successfully c Users JasonS AppData Local utilman dll Trojan FakeMS - gt Quarantined and deleted successfully c Users JasonS AppData Local utilman exe Trojan Dropper - gt Quarantined and deleted successfully c Users JasonS AppData Local Temp D A tmp Malware Gen - gt Quarantined and deleted successfully c Users JasonS AppData Local Temp E CF tmp Malware Gen - gt Quarantined and deleted successfully HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Dell DataSafe Local Backup Components Scheduler STService exe C Program Files x Dell DataSafe Local Backup Toaster exe C ProgramData FLEXnet Connect ISUSPM exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files x Adobe Acrobat Distillr acrotray exe C Program Files x McAfee Security Scan SSScheduler exe C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Nuance PaperPort pptd nt exe C Program Files x Nuance PDF Viewer Plus pdfPro Hook exe C Program Files x Browny Brother BrStMonW exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files x ControlCenter BrCtrlCntr exe C Program Files x ControlCenter BrCcUxSys exe C Program Files x Microsoft Office Office OUTLOOK EXE C Program Files x Internet Explorer IELowutil exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows SysWOW Macromed Flash FlashUtil l ActiveX exe C Users JasonS Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www asgaonline com Console Frames asp url R - HKLM Software Microsoft Internet Explorer Main Default... Read more

A:Malware infestation

24-hour bump...
 

https://forums.techguy.org/threads/malware-infestation.1015318/
Relevancy 56.76%

After posting in Malware Infestation the quot Is my computer infected quot forum I was told to post some logs here DDS hangs when I run it but I was able to use OTL GMER caused the blue screen of death every time Malware Infestation I run it So for now I will just post the OTL log and await further instructions Originally had the quot XP Home security quot malware as well as zero access and attempted to remove see explanation in previous post DTOTL logfile created on PM - Run OTL by OldTimer - Version Folder C Documents and Settings DT DesktopWindows XP Professional Edition Service Pack Version - Type NTWorkstationInternet Explorer Version Locale Country United States Language ENU Date Format M d yyyy Gb Total Physical Memory Gb Available Physical Memory Memory free Gb Paging File Gb Available in Paging File Paging File freePaging file location s C pagefile sys binary data SystemDrive C SystemRoot C WINDOWS ProgramFiles C Program FilesDrive C Gb Total Space Gb Free Space Space Free Partition Type NTFSDrive P Gb Total Space Gb Free Space Space Free Partition Type NTFS Computer Name DT User Name DT Logged in as Administrator Boot Mode Normal Scan Mode All usersCompany Name Whitelist Off Skip Microsoft Files Off No Company Name Whitelist On File Age Days Processes SafeList PRC - C Documents and Settings DT Desktop OTL exe OldTimer Tools PRC - C Program Files Malwarebytes Anti-Malware mbamservice exe Malwarebytes Corporation PRC - C Program Files HTC HTC Sync htcUPCTLoader exe PRC - C Program Files Microsoft BingBar SeaPort EXE Microsoft Corporation PRC - C Program Files HTC Internet Pass-Through PassThruSvr exe PRC - C Program Files DivX DivX Update DivXUpdate exe PRC - C Program Files Symantec Symantec Endpoint Protection Bin Smc exe Symantec Corporation PRC - C Program Files Symantec Symantec Endpoint Protection Bin ccSvcHst exe Symantec Corporation PRC - C Program Files HTC ModeSelection VMMModeSelection exe PRC - C Program Files Nero Update NASvc exe Nero AG PRC - C Program Files My Lockbox mylbx exe FSPro Labs PRC - C Program Files DYMO DYMO Label Software DLSService exe Sanford L P PRC - C WINDOWS system fsproflt exe FSPro Labs PRC - C Program Files Logitech SetPoint SetPoint exe Logitech Inc PRC - C Program Files Common Files Logishrd KHAL KHALMNPR exe Logitech Inc PRC - C Program Files Dell Dell ControlPoint Connection Manager Dell UCM exe Smith Micro Software Inc PRC - C Program Files Dell Dell ControlPoint Connection Manager SMManager exe Smith Micro Software Inc PRC - C Program Files Dell Dell ControlPoint System Manager DCPSysMgr exe Dell Inc PRC - C Program Files Dell Dell ControlPoint System Manager DCPSysMgrSvc exe Dell Inc PRC - C WINDOWS OA Mon exe Creative Technology Ltd PRC - C Program Files Dell Dell ControlPoint Dell ControlPoint exe Dell Inc PRC - c drivers audio R stacsv exe IDT Inc PRC - C Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe Microsoft Corporation PRC - C Program Files Intel Intel Matrix Storage Manager IAANTmon exe Intel Corporation PRC - C Program Files Intel Intel Matrix Storage Manager IAAnotif exe Intel Corporation PRC - C Program Files CyberLink PowerDVD DX PDVDDXSrv exe CyberLink Corp PRC - C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostControlService exe Broadcom Corporation PRC - C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostStorageService exe Broadcom Corporation PRC - C Program Files Wave Systems Corp SecureUpgrade exe Wave Systems Corp PRC - C Program Files Dell Dell ControlPoint Security Manager BcmDeviceAndTaskStatusService exe Broadcom Corporation PRC - C Program Files Wave Systems Corp Trusted Drive Manager TdmService exe Wave Systems Corp PRC - C Program Files Dell Dell ControlPoint DCPButtonSvc exe Dell Inc PRC - C Program Files Wave Systems Corp Services Manager DocMgr bin WavXDocMgr exe Wave Systems Corp PRC - C Program Files NVIDIA Corporation Performance Drivers nvPDsvc exe PRC... Read more

A:Malware Infestation

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.If needed.The scan will also create this Attach.txt log I would also like to see the content.Please post it in a other post for my review, do not attach the file.Please post the logs for my review.

http://www.bleepingcomputer.com/forums/t/439142/malware-infestation/
Relevancy 56.76%

Hey Tech Guys I suffered from the Look me Zesty parasite but managed to block it and kill it I still have Infestation Malware Clientman Odysseus Marketing But I deleted everything I found including reg values dll s and folders I manually deleted everything in Safe mode from the registry and hardrive I m still hijacked and cant search get certain popups and green underline thing I deleted my cookies and all temp Malware Infestation internet files When I run a search under yahoo I get stuff from quot xmlfeed spaex com quot quot odysseusmarketing com quot quot meta search com quot and quot abcsearch com quot Spybot and Ad-aware don t pick up on anything further I ve done everything I ve found on all forums I know nothing else Thank you Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C Program Files Common Files Symantec Shared ccEvtMgr Malware Infestation exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINNT System svchost exe C WINNT system hidserv exe C Program Files Norton AntiVirus navapsvc exe C WINNT System nvsvc exe C WINNT system regsvc exe C WINNT system MSTask exe C WINNT System WBEM WinMgmt exe C WINNT system svchost exe C Program Files Common Files Symantec Shared ccApp exe C WINNT explorer exe C Program Files Common Files Real Update OB realsched exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Administrator BELLA Desktop Spyware Stuff HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - HKLM Run NvCplDaemon RUNDLL EXE C WINNT System NvCpl dll NvStartup O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run vup C WINNT vup exe O - HKLM Run AutoUpdater quot C Program Files AutoUpdate AutoUpdate exe quot O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run nwiz nwiz exe install O - Extra context menu item Send To amp Bluetooth - C Program Files WIDCOMM Bluetooth Software btsendto ie ctx htm O - Extra button AIM HKLM O - Extra button btrez dll - HKLM O - Extra Tools menuitem btrez dll - HKLM O - Plugin for pdf C Program Files Internet Explorer PLUGINS nppdf dll O - DPF BCC -B - - C - D A B C Microsoft Office Template and Media Control - http office microsoft com templates ieawsdc cab O - DPF B BCA- F C- CF- - Shockwave ActiveX Control - http fpdownload macromedia com pub shockwave cabs director swdir cab O - DPF F C AA- B- -BA - A BB F Update Class - http v windowsupdate microsoft com CAB x unicode iuctl CAB O - DPF D CDB E-AE D- CF- B - Shockwave Flash Object - http download macromedia com pub shockwave cabs flash swflash cab nbsp

A:Malware Infestation

I fixed certain things and went into safe mode:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:11 PM, on 6/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator.BELLA\Desktop\Spyware Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38054.6332986111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

https://forums.techguy.org/threads/malware-infestation.244924/
Relevancy 56.76%

Hi there Hope one of you kind and intelligent people can help My laptop is virtually unusable - massive slow down Malware infestation? on all functions - Windows Explorer keeps crashing - Windows Firewall Security won t turn on - Wireless Radios won t turn on I have run free versions of AVG Advanced SystemCare Spybot CCleaner and Malwarebyte s Antimalware Malware infestation? and nothing is showing All diagnostics show nothing wrong many thanks in advance Jimbob Here s the log DDS Ver - - - NTFSx Run by james wilson at on Internet Explorer Microsoft Windows Professional GMT AV Malware infestation? AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system ibmpmsvc exe C Windows system svchost exe -k RPCSS C Program Files Trusteer Rapport bin RapportMgmtService exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system atibtmon exe C Windows system svchost exe -k NetworkService C Windows System ZoneLabs vsmon exe C Program Files CheckPoint ZAForceField IswSvc exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files LENOVO HOTKEY TPHKSVC exe C Program Files Lenovo Access Connections AcPrfMgrSvc exe C Program Files IObit Advanced SystemCare ASCService exe C Program Files AVG AVG avgwdsvc exe C Program Files Intel WiFi bin EvtEng exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files Lenovo Communications Utility CAMMUTE exe C Program Files LENOVO HOTKEY MICMUTE exe C Program Files Lenovo Communications Utility TPKNRSVC exe C Program Files LENOVO VIRTSCRL lvvsst exe C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Lenovo Access Connections AcSvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files AVG AVG avgnsx exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgcsrvx exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C PROGRA LENOVO VIRTSCRL virtscrl exe C PROGRA Lenovo HOTKEY tpnumlkd exe C Program Files Trusteer Rapport bin RapportService exe C Program Files Lenovo Access Connections SvcGuiHlpr exe C Program Files ThinkPad Bluetooth Software btwdins exe c Program Files Lenovo System Update SUService exe C Program Files Common Files Lenovo tvt reg monitor svc exe C Program Files Lenovo HOTKEY TPOSDSVC exe C Windows System TpShocks exe C Program Files Lenovo HOTKEY TPONSCR exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Lenovo Zoom TpScrex exe C Program Files AVG AVG avgtray exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Citrix ICA Client concentr exe C Program Files Lenovo Access Connections ACWLIcon exe C Program Files Lenovo Access Connections ACTray exe C Program Files Lenovo Communications Utility TPKNRRES exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Zone Labs ZoneAlarm zlclient exe C Windows system ... Read more

A:Malware infestation?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/394457/malware-infestation/
Relevancy 56.76%

Hi Been trying to get rid of something called Project Not sure what to do Computer seems ok but still getting a few pop ups etc Here is my most recent log from HJT Any help much appreciated Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Ontrack Fix-It mxserver exe C WINDOWS Explorer EXE C WINDOWS system wuauclt exe C WINDOWS system tp mon exe C WINDOWS system NOTEPAD EXE C PROGRA Nokia NOKIAP LAUNCH EXE C Program Files D-Link DSL- dslstat exe C Program Files D-Link DSL- dslagent exe Malware infestation C PROGRA Grisoft AVGFRE avgemc exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Nokia Nokia PC Suite PcSync exe C Program Files Common Files PCSuite Services ServiceLayer exe C Program Files MyWebSearch bar bin MWSOEMON EXE C PROGRA COMMON Nokia Malware infestation MPAPI MPAPI s exe C WINDOWS system NOTEPAD EXE C Watchdog- E mirc exe C Program Files MSN Messenger msnmsgr exe C Documents and Settings Celia My Documents HJT HijackThis exe O - HKLM Run TrackPointSrv tp mon exe O - HKLM Run PCSuiteTrayApplication C PROGRA Nokia NOKIAP LAUNCH EXE -startup O - HKLM Run DSLSTATEXE C Malware infestation Program Files D-Link DSL- dslstat exe icon O - HKLM Run DSLAGENTEXE C Program Files D-Link DSL- dslagent exe O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKCU Run PcSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog O - Global Startup Adobe Reader Speed Launch lnk O - Global Startup MyWebSearch Email Plugin lnk C Program Files MyWebSearch bar bin MWSOEMON EXE O - Extra context menu item amp Search - http edits mywebsearch com toolbaredits menusearch jhtml p ZNfox O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Options group TABS Tabbed Browsing O - DPF B CFB- - -A -C A C Checkers Class - http messenger zone msn com binary msgrchkr cab cab O - DPF B - E - EA - B - F A BC MessengerStatsClient Class - http messenger zone msn com binary MessengerStatsPAClient cab cab O - DPF FF B-CA - D - DD- CInstall Class - http www errorguard com installation Install cab O - DPF B CD - E - D - - A C Yahoo Audio Conferencing - http us chat yimg com us yimg com i chat applet v yacscom cab O - DPF F E B A- A - CA- - D CB MSN Photo Upload Tool - http by fd bay hotmail msn com resources MsnPUpld cab O - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsoftupdate v V Controls en x client muweb site cab O - DPF E D DE - - -A - DFAD A D MessengerStatsClient Class - http messenger zone msn com binary MessengerStatsClient cab cab O - DPF B BE E -A C- D -A DC- ZoneIntro Class - http messenger zone msn com binary ZIntro cab cab O - DPF BD C - AD- -A - D B CBreakshotControl Class - http messenger zone msn com binary Bankshot cab cab O - DPF E - FEC- A -A F-F CA D ZoneChess Object - http messenger zone msn com binary Chess cab cab O - DPF F BF D - B A- A -BF B-F AF Solitaire Showdown Class - http messenger zone msn com binary SolitaireShowdown cab cab O - HKLM System CCS Services Tcpip E - F - AFF- - C B DD NameServer O - Protocol livecall - A - C - - F- E F - C PROGRA MSN... Read more

Relevancy 56.76%

Hello AllFirst time posting to this forum so please forgive if there POSSIBLE infestation? malware are any strange POSSIBLE malware infestation? grammatical oddities A friend of mine s -bit Windows machine recently started exhibiting some very aggravating behavior someof her browser page requests were getting redirected elsewhere she could not run ANY anti-malware scanners it would just sit there after being clicked on and she would get a quot Windows NET Framework quot error messagewith the following example Unhandled exception has occurred in your aplication If you click continue the appliaton will ignore this error and attempt to continue if you click quit the application will close immediately Unknown error xfffffffe System Windows Forms Assembly Version Win Version NetFXspW - CodeBase file C Windows assembly GAC MSIL System Windows Forms b a c e System Windows Forms dll----------------------------------------System Assembly Version Win Version NetFXspW - CodeBase file C WindowsSystem Drawing Assembly Version Win Version NetFXspW - CodeBase file C Windows assembly GAC MSIL System Drawing b f f f d a a System Drawing dll----------------------------------------System Configuration Assembly Version Win Version NetFXspW - CodeBase file C Windows assSystem Xml Assembly Version Win Version NetFXspW - CodeBase file C Windows assembly GAC MSIL System Xml b a c e System Xml dll JIT Debugging To enable just-in-time JIT debugging the config file for thisapplication or computer machine config must have thejitDebugging value set in the system windows forms section The application must also be compiled with debuggingenabled For example lt configuration gt lt system windows forms jitDebugging quot true quot gt lt configuration gt When JIT debugging is enabled any unhandled exceptionwill be sent to the JIT debugger registered on the computerrather than be handled by this dialog box She runs Windows Live Messenger which seems to be functioning OK for now and she was having trouble browsing in any browser as a yellow warning box would pop up claiming that Windows had decided that iexplore exe wasan unsafe application I m a bit new at this sort of issue and I m sure someone here has dealt withthis kind of thing before and can shed some light on this bit of weirdness If I ve left a detail out please do not hesitate to request it

A:POSSIBLE malware infestation?

Hello, lets see if we can get in and get a log this way.Reboot into Safe Mode with NetworkingHow To Enter Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

http://www.bleepingcomputer.com/forums/t/356653/possible-malware-infestation/
Relevancy 56.76%

edit I remembered that it was the vundo trojan I ran into went and downloaded procexp exe and turned off system really new help infestation, could malware use restore new malware infestation, could really use help when attempting to follow the instructions I discovered that RUNDLL exe DOES NOT SHOW UP IN THE LIST of processes not sure what to do from here it started with my wife seeing a popup describing a finished virus scan requiring action she clicked on it and unknowingly downloaded a nasty shotgun of malware and a few trojans I ve been working on this all day and I m at my wits end there are icons on my desktop that I know are fake shortcut icons that lead to webpages one says quot windows update quot and the other says quot help and support quot when I attempt to delete them they immediately reappear keystrokes get lost or ignored making typing difficult when I first started working on it this morning the big problem was it opening a copy of internet explorer then spamming dozens of blank tabs new malware infestation, could really use help that didn t link to anything which eventually crashed new malware infestation, could really use help my computer each time it happened it has repeatedly attempted to link me to downloading quot best seller antivirus quot with links that appear as pop-ups in my tray on the bottom right all over the place also random popups for sites like quot set the trend quot and others I have run macafee times today and the first two times nothing rd it came up with a trojan but I did not write the name down my apologies I have had this message come up a few times P- - irql f ssver x nt kernal error KMODE EXCEPTION NOT HANDLED I have already tried to clean up as much of the registry as I could safely using the spybot utilities other actions have included running spybot search and destroy more than times today each time it comes up with a few to remove I downloaded windows defender it insists my computer is clean yeah its been a blast before writing this I ran a hijack this and will post that at the end I m very much at my wits end I hope you guys can give me some insight into this so I can fix it tomorrow Thanks NaZ Hijack this doc Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee redirsvc redirsvc exe C Program Files Dell AIO Printer A dlbkbmgr exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files Dell AIO Printer A dlbkbmon exe C WINDOWS system ctfmon exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system svchost exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files iPod bin iPodService exe C Program Files Windows Defender MSASCui exe C PROGRA COMMON McAfee EmProxy emproxy exe C Program Files Internet Explorer iexplore exe C WINDOWS system msiexec exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar about blank R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft ... Read more

A:new malware infestation, could really use help

Just to save one of the volunteers time I thought I'd come back and let you know the issue has been resolved.

NaZ
 

https://forums.techguy.org/threads/new-malware-infestation-could-really-use-help.676051/
Relevancy 56.76%

Hi everyone I've been having Malware Infestation some problems on a computer that was recently given to me The symptoms are that whenever I type in certain things while I'm using the internet I get popups that match keywords like quot spyware quot I'm using Firefox but these popups are from IE My brother had the computer before me and my cousin used to use it for marathon Myspace sessions Neither one of them took very good care of it The first things I did to try to rid myself of this problem was to run Spybot Adaware and NOD All of these found bad stuff but after removal the problem persisted Adaware Malware Infestation finds a rootkit called quot win rootkit agent quot in a file called quot smbalii quot in my drivers folder Everytime I run it and says that it is unable to remove it until system restart Well it comes back with every scan So I followed the steps described in this forum that I should do before running a HJT scan and then ran HJT The scan follows this message If anyone can help me with this I'd be really grateful My computer recently bit the dust after years of loyal service and I'm left with this infested computer as my only means of communication Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Malware Infestation Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS ehome ehSched exeC Program Files ESET ESET Smart Security ekrn exeC WINDOWS system nvsvc exeC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exeC HP KBD KBD EXEC windows system hpsysdrv exeC WINDOWS System hphmon exeC WINDOWS ehome ehtray exeC WINDOWS AGRSMMSG exeC WINDOWS ALCMTR EXEC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system RUNDLL EXEC Program Files ESET ESET Smart Security egui exeC Program Files Windows Defender MSASCui exeC Program Files AIM aim exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system ctfmon exeC Program Files DNA btdna exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files iPod bin iPodService exeC Program Files Common Files AOL ee aolsoftware exeC WINDOWS ehome ehmsas exeC Program Files Common Files AOL ACS AOLacsd exeC Program Files AIM aolsoftware exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exec program files common files aol ee aolsoftware exeC Program Files Mozilla Firefox firefox exeC Program Files Common Files AOL Loader aolload exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost localO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO no name - C B AAA-D EF- F -A F- A EB - C WINDOWS system pmkjh dll file missing O - BHO no name... Read more

A:Malware Infestation

Hello Jeff and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Restart your computer.4. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/163669/malware-infestation/
Relevancy 56.76%

Greetings Can you please help me get rid of this bug infestation The first indication of trouble was a fake quot XP Antivirus quot issue about a month ago I think I got rid Infestation Malware of that using MBAM but there are still some lingering issues The main symptom is that web hyperlinks often get misdirected to the wrong URL eg I click on a link for a microsoft page and I get an advertisement instead McAfee deletes a bunch of Trojans each time I run a scan but the symptoms persist and more Trojans return after reboot I can post the most recent McAfee log if you want it attach zip is attached dds txt is pasted below Thanks in advance Scott DDS Ver - Malware Infestation - - NTFSx Internet Explorer Run by Quality at on - - Microsoft Windows XP Professional GMT - AV McAfee Security-as-a-Service Anti-virus Enabled Updated C - F - E - DC-AD E C Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files APC APC PowerChute Personal Edition mainserv exe C Program Files Broadcom ASFIPMon AsfIpMon exe C Program Files Java jre bin jqs exe C Program Files Malwarebytes' Anti-Malware mbamservice exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system mfevtps exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Program Files SonicWALL SonicWALL Continuous Data Protection CDPAgentService exe c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe -k imgsvc C Program Files McAfee Managed VirusScan Agent swAgent exe C Program Files Common Files McAfee SystemCore mcshield exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Analog Devices Core smax pnp exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS System DLA DLACTRLW EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files McAfee Managed VirusScan DesktopUI XTray exe C Program Files Common Files Java Java Update jusched exe C Program Files Dell Support DSAgnt exe C WINDOWS system ctfmon exe C Program Files Microsoft IntelliPoint dpupdchk exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files APC APC PowerChute Personal Edition apcsystray exe C WINDOWS System vssvc exe C WINDOWS system dllhost exe C WINDOWS system dllhost exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe Pseudo HJT Report uStart Page hxxp www google com uSearch Bar uDefault Page URL Dell Start Page BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO - f - d - - d f - c progra spybot SDHelper dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla DLASHX W DLL BHO scriptproxy db d a - - e -b d- f c - c program files common files mcafee systemcore ScriptSn dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll uRun DellSupport quot c program files dell support DSAgnt exe quot startup uRun ctfmon exe c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun IgfxTray c windows system igfxtray exe mRun HotKeys... Read more

A:Malware Infestation

Hello and welcome to TSF.

The system is still infected with what's known as ZeroAccess trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

===================

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please: do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
do not run any tools or scans other than those requested;
follow all instructions in the order they are presented;
if you have problems with or do not understand the instructions, ask before continuing;
stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
do not attach any logs/reports, etc.. unless specifically requested to do so.
All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

============================

Please download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. It's very important that you do not skip tis step.

If you need further help, see How to disable your security applications
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done that

http://www.techsupportforum.com/forums/f100/malware-infestation-627633.html
Relevancy 55.9%

Hello My Win laptop was just infected by some malware from the following URL whatever you do DON T link to it http on-fire-news blogspot com rick-jacobs-bigfoot-video html I have attached a HJT log that I produced after running ComboFix see my explanation of the sequence of events below I have also attached the log and quarantine files produced by ComboFix when I ran it The video was purportedly of a bigfoot sighting but turned out to be a porno video with a payload Actually I first visited it with firefox and was prompted to load an active X plugin of some sort for firefox to view the video I still thought it was bigfoot log need HJT and etc. Malware analysis -- infestation at this point which I foolishly did Then when the video still didn t play I switched to IE Malware infestation -- need HJT and etc. log analysis and got a nice clean looking video download in an active X player of Malware infestation -- need HJT and etc. log analysis some sort Then just seconds before the video started to play I saw a couple of command prompt windows flash open and closed and then the porno video started playing and I knew that I had been had I immediately shut off the video and shut down IE but the damage had been done I m not sure if the malware came in the IE video or in the quot viewer Malware infestation -- need HJT and etc. log analysis quot that I installed for firefox In any case I am now infected with something The two symptoms I have noted so far are as follows The next time I opened IE there was an attempt to either open an alternate home page or a pop-up that was porn related as my porn filter screamed about it My google desktop has complained several times about an unauthorized effort to change my default search page which was not allowed Following this infection I ran ComboFix since it had completely repaired a similar malware infestation that I experienced several months ago I hope this wasn t a mistake but after running it I no longer get the first symptom i e the alternate home page and or pop-up in IE I do believe however that the second symptom i e the unauthorized attempt to change my default search page may still be happening ComboFix did in fact quarantine something so please refer to the attached logs to see what it was So will someone who knows about such things please review all of the attached files and let me know if I still have a problem and if so what I need to do to take care of it once and for all Thanks so very much for your help AZKID UPDATE I just rebooted the machine and then opened IE and discovered the following text across the top of my home page Google quot Warning possible spyware or adware infection Click here to scan your computer for spyware and adware quot The hyperlink goes to the following http protect trustedantivirus com MTY Nzc ed ex h zheltaya hernya As an aside I wish someone could nail this bast zheltaya hernya to the wall This link whatever was no doubt the stuff than my porn filter was complaining about earlier I have it shut off currently So I now am certain that I am still infected with something AZKID SECOND UPDATE I just discovered that my Add Remove Programs interface no longer works It just freezes when I attempt to open it No doubt another symptom of the malware AZKID nbsp

https://forums.techguy.org/threads/malware-infestation-need-hjt-and-etc-log-analysis.645565/
Relevancy 55.9%

Antivirus was involved when I first got a in vista infestation malware look malware infestation in vista at this computer It is a freind s He seems to have gotten rid of the popups but we still gets reports of rootkits and other stuff so here I am I downloaded the utilities from here put them on a thumb drive ran them on the infested computer saved the logs on the thumb drive so I could post them here DDS Logfile DDS Ver - - - NTFSx Run by owner at on Thu Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP SUPERAntiSpyware enabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system AUDIODG EXEC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system Dwm exeC Windows Explorer EXEC Windows System spoolsv exeC Windows system taskeng exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows ehome ehtray exeC Program Files Windows Media Player wmpnscfg exeC Windows ehome ehmsas exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files Common Files Intuit QuickBooks QBCFMonitorService exeC PROGRA Intuit QUICKB QBDBMgrN exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files Windows Media Player wmpnetwk exeC Windows system wbem unsecapp exeC Windows system wbem wmiprvse exeC Program Files Common Files Intuit Update Service IntuitUpdateService exeC Users owner AppData Local Temp Pml exeC Windows System svchost exe -k swprvC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Windows system DllHost exeC Windows system DllHost exeC Users owner Desktop dds scrC Windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo comuStart Page hxxp www yahoo com uSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search htmlmDefault Search URL hxxp us rd yahoo com customize ie defaults su msgr http www yahoo commSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo commSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search htmluInternet Settings ProxyOverride local lt local gt uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo comuURLSearchHooks UrlSearchHook Class - e - fd - - f e fc - c program files ask com GenericAskToolbar dllBHO D -C F - efb- B - ECA - No FileBHO Ask Search Assistant BHO b b - - d -b d- ebb ba f a - c program files asksbar srchastt bin A SRCHAS DLLBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c google BAE dllBHO Ask Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dllTB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dllTB Ask Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dlluRun ehTray exe... Read more

A:malware infestation in vista

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/302050/malware-infestation-in-vista/
Relevancy 55.9%

Hi all sorry to post ANOTHER log but im really worried My main problem is pop ups in firefox and spy bot keeps telling me every few seconds that quot nekgfqvdjy quot is trying to change values on my systtem and occasionally tries to change my homepage Ive followed the advice in the guide thread and also scanned with Avast and checked that Infestation? Spyware/malware ghostwall is up and running I'm very worried this happened before and I had to replace the hard drive It may have Spyware/malware Infestation? been coincidence but i'm still worried it could happen againHere is the Hijack this log Many thanks in advanceLogfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System S EvMon exeC WINDOWS system ZCfgSvc exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS System XConfig exeC Program Files Alwil Software Avast aswUpdSv exeC Spyware/malware Infestation? Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system basfipm exeC WINDOWS System RegSrvc exeC WINDOWS System svchost exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Intel NCS PROSet PRONoMgr exeC Program Files GhostWall ghostwall exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files iTunes iTunesHelper exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Messenger MSMSGS EXEC PROGRA Sony SONICS SsAAD exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files DAEMON Tools daemon exeC Program Files Digital Line Detect DLG exeC Program Files Hewlett-Packard Digital Imaging bin hpohmr exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Hewlett-Packard Digital Imaging bin hpoevm exeC Program Files Hewlett-Packard Digital Imaging Bin hpoSTS exeC Program Files iPod bin iPodService exeC Program Files MSN Messenger usnsvc exeC Program Files Mozilla Firefox firefox exeC Program Files iTunes iTunes exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp def search ie htmlO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run Dell Wireless Manager UI C WINDOWS System WLTRAYO - HKLM Run bascstray BascsTray exeO - HKLM Run Broadcom Wireless Manager UI C WINDOWS System WLTRAY exeO - HKLM Run PRONoMgr exe C Program Files Intel NCS PROSet PRONoMgr exeO - HKLM Run GhostWall quot C Program Files GhostWall ghostwall exe quot -minimizeO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO... Read more

A:Spyware/malware Infestation?

Hello shelleybird, I am SifuMike and I will be helping you. You will need to use Internet Explorer for this scan. Disable your antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download and install AVG Anti-Spyware v7.5.After download, double click on the file to launch the install process. Choose a language, click "OK" and then click "Next".Read the "License Agreement" and click "I Agree".Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)Scan with AVG Anti-Spyware as follows:Click on the "Scanner" button and choose the "Settings" tab.Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".Click the "Scan" tab to return to scanning options.Click "Complete System Scan" to start.When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.Click on &... Read more

http://www.bleepingcomputer.com/forums/t/109827/spywaremalware-infestation/
Relevancy 55.9%

i have malware programs i cant seem to get rid of cpu usage heres hijack this log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS SYSTEM DRIVER ntuser exe C WINDOWS system wscntfy exe C Program Files ULI ALi exe C WINDOWS 100% malware cpu plus usage infestation SOUNDMAN EXE C Program Files QuickTime qttask exe C Program Files Ahead InCD InCD exe C Program Files ANI ANIWZCS Service WZCSLDR exe C Program Files AirLink WLAN Monitor WLANmon exe C Program Files Picasa PicasaMediaDetector exe C Program Files ATI Technologies ATI ACE CLI EXE C WINDOWS System svchost exe C Program Files IEEE g USB Wireless LAN Wireless LAN WlanUtil exe C Program Files ATI Technologies ATI ACE cli exe C Program Files ATI Technologies ATI ACE cli exe C Documents and Settings Fool Desktop Launcher exe C PROGRA MOZILL FIREFOX EXE C Program Files AIM aim exe C Program Files AIM aolsoftware exe C WINDOWS system taskmgr exe c program files aim anotify exe C Documents and Settings Fool Desktop Hijack HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http softwarereferral com jump php wmid amp mid MjI Ojg amp lid O - cpu usage 100% plus malware infestation BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO MSVPS System - AA - F - FC -A D - B DF - C WINDOWS nsduo dll O - HKLM Run ALi C Program Files ULI ALi exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE CLIStart exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run NeroCheck C WINDOWS system NeroCheck exe O - HKLM Run InCD C Program Files Ahead InCD InCD exe O - HKLM Run ANIWZCS Service C Program Files ANI ANIWZCS Service WZCSLDR exe O - HKLM Run CellVision WLAN Monitor C Program Files AirLink WLAN Monitor WLANmon exe O - HKLM Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKCU Run ares quot C Program Files Ares Ares exe quot -h O - HKCU Run Aim quot C Program Files AIM aim exe quot d locale en-US ee aol imApp O - HKCU Run MySpaceIM C Program Files MySpace IM MySpaceIM exe O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exe O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup IEEE g USB Wireless LAN Utility lnk C Program Files IEEE g USB Wireless LAN Wireless LAN WlanUtil exe O - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dll O - SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - C WINDOWS system WPDShServiceObj dll O - SSODL msmhost - A FC A- BB - E E- C - D BFA C A - C WINDOWS msmhost dll O - SSODL msmdev - EAAB AB- F - - EB - B C A - C WINDOWS msmdev dll O - Service Ares Chatroom server AresChatServer - Ares Development Group - C Program Files Ares chatServer exe O - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS System Ati evxx exe O - Service ATI Smart - Unknown owner - C WINDOWS system ati sgag exe O - Service Google Updater Service gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exe O - Service NTBOOTMGR NTBOOT - Unknown owner - C WINDOWS SYSTEM DRIVER ntuser exe im plauged with popups and warnings nbsp

A:cpu usage 100% plus malware infestation

also theres this program that covers my background turning it into this clickable background... it looks real ****** b/c it squares all icons and around icons u can see my background in back
if i put my cursor all the way up it brings up a hidden bar with a down arrow that opens a menu and i can close it
 

https://forums.techguy.org/threads/cpu-usage-100-plus-malware-infestation.632095/
Relevancy 55.9%

Hello all first post here Not but a day ago I was browsing the web for some information and durring my browse encountered this self-proclaimed anti-spyware scanner which automatically loaded itself onto screen Assumingly self installed hitchhiker it appears under Programs and in Tooltray as AntiSpywareMaster winvsnet exe bearing the same icon image under C Documents and Settings MyName Local Settings Temp The exe file under Temp folder was deleted and havn t been seen again Malware problem, infestation help since I have not been Malware infestation problem, help able to locate the source of this problem Since it has appeared in my system thing s have gotten slower and popups claiming warnings of viruses and such continue I believe it all relates to this fake anti-spyware so I ve been trying to be extra cautious of what shows up and what to trust I saw some other threads here give log files of their registry and whatnot I just downloaded HijackThis and scanned my registry for a logfile Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgcc exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files AntiSpywareMaster asm exe C WINDOWS system nvsvc exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS system svchost exe C WINDOWS system Wacom Tablet exe C WINDOWS system WTablet Wacom TabletUser exe C WINDOWS system Wacom Tablet exe C WINDOWS system wscntfy exe C WINDOWS system wuauclt exe C Program Files internet explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS system msdxm ocx O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run AntiSpywareMaster C Program Files AntiSpywareMaster asm exe O - HKLM Run BM a Rundll exe quot C WINDOWS system kklfnqnw dll quot s O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVGFRE avgw exe RUNONCE User LOCAL SERVICE O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVGFRE avgw exe RUNONCE User NETWORK SERVICE O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVGFRE avgw exe RUNONCE User SYSTEM O - HKUS DEFAULT Run AVG Run C PROGRA Grisoft AVGFRE avgw exe RUNONCE User Default user O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button no name - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dll O - Extra Tools menuitem Spybot - Search amp amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF B F-D BF- -B -FDC F F E B CDownloadCtrl Object - http www fileplanet com fpdlmgr cabs FPDC cab O - AppInit DLLs hrum txt O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgupsvc exe O - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgemc exe O - Service NBS... Read more

A:Malware infestation problem, help

The bite space on my HDD seems to have gotten less used up and more free. I can only hope this thing imposing to be a popup-virus scanner isn't the cause of losing data.
 

https://forums.techguy.org/threads/malware-infestation-problem-help.704413/
Relevancy 55.9%

Hello My first post in these forums I registered here Trojan/Malware infestation because I need help solving a Trojan Malware infestation Although I m no programer or tech wiz I try Trojan/Malware infestation to keep safe using AVG Free AdAware AE and Spybot I update them daily I don t usually make mistakes but days ago after scanning an exe file with AVG no threat detected I ran it and got an immediate popup of AVG s Resident Shied telling me of a Trojan infection It was a very stupid mistake that I don t usually make I always check for the origin of the program before executing it I ran full scans with all the programs and they found nothing Only Resident Shield had warned about the threat After checking some tech forums I downloaded MalwareBytes Anti-Malware udated it and performed a full scan I also instaled SpywareBlaster and SpywareGuard Nothing anywhere I then went in to Safe Mode and performed the same checks again Nothing The scans took hours and I thought it might be a false alarm second mistake I know I shut down the system and went to bed Yesterday I was web browing when Resident Shield warned me again with the following message Code SIZE c SYSTEM VOLUME INFORMATION restore C AC -E - DE - E- DAD DD RP A exe SIZE I browsed some tech forums and read extensivelly about a lot of utilities and was confident I could sort out the problem I scaned the PC again with all the programs and AVG found the System Restore entries I decided to turn off System Restore to empty it and sort out the problem The plan was to let AVG delete the entries after I had turned System Restore off I was very tired and forgot to eliminate the threats with AVG After turning System Restore off I turned it on again and went to Safe Mode to perform scans after which I turned off the PC third and most stupid mistake ever I had also downloaded a few security updates with the windows updates program Today a few minutes after booting windows I was greeted with a message saying Code SIZE System Shutdown SIZE SIZE This system is shutting down Please save all This shutdown was initiated by NT AUTHORITY SYSTEM SIZE SIZE Message The system process 'c windows system lsass exe' terminated unexpectedly with the status code - The system will now shut down and restart SIZE I tried checking the processes and see if there was anything strange and was unable to find any process other than windows services After the reboot I was greeted with a BSOD as soon as the desktop loaded I went in to Safe Mode and BSOD again This happened - more times and the reasons were -bad pool caller -irql not less or equal -page fault in non paged area I browsed some more tech forums and seemed that I had RAM problem This is strange since I have been using it super stable for years now no overclocks ever I ran Memtest from a boot CD and it ran passes in about - hours No RAM problems After this I was going to give up and do a new install on another disk to try to quot scan from the outside quot But the PC rebooted to windows before I noticed and although it loaded with some error messages it did not BSOD I used the shutdown -a command to stop a lsass exe reboot amd I am now here asking you for help to correct my stupidity HijakThis log Code SIZE Logfile of Trend Micro HijackThis v SIZE SIZE Scan saved at on - - SIZE SIZE Platform Windows XP SP WinNT SIZE SIZE MSIE Internet Explorer v SP SIZE SIZE Boot mode Normal SIZE SIZE Running processes SIZE SIZE C WINDOWS System smss exe SIZE SIZE C WINDOWS system winlogon exe SIZE SIZE C WINDOWS system services exe SIZE SIZE C WINDOWS system savedump exe SIZE SIZE C WINDOWS system lsass exe SIZE SIZE C WINDOWS system svchost exe SIZE SIZE C WINDOWS System svchost exe SIZE SIZE C Program Files Lavasoft Ad-Aware AAWService exe SIZE SIZE C WINDOWS system spoolsv exe SIZE SIZE C Program Files Common Files Autodesk Shared Service AdskScSrv exe SIZE SIZE C PROGRA AVG AVG avgwdsvc exe SIZE SIZE C Program Files Common Files EPSON EBAPI SAgent exe SIZE SIZE C ... Read more

A:Trojan/Malware infestation

Help anyone?
 

https://forums.techguy.org/threads/trojan-malware-infestation.808675/
Relevancy 55.9%

So my partner s daughter was on the computer yesterday and today we come in to see several browsers open overnight not sure and some quot powerscan quot program open on the desktop THis computer runs Windows XP I immediately ran ad-aware and the first three times the computer would shut down while running it I figured that out finally got it to run all the way through and pitch some crap Ran spybot and it pitched some more crap I have infestation malware/spyware run them both a total of full times We still can t get on the internet as it stands right now I did notice something called dsphkjc or something like that in the startup programs and one that had a blank area where it should have a name Not very promising Anyways here is the hijack log for this particular computer Logfile of HijackThis v Scan saved at AM on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS System drivers CDAC BA EXE C WINDOWS System inetsrv inetinfo exe C WINDOWS System svchost exe C Program Files Trend Micro PC-cillin Tmntsrv exe C Program Files Trend Micro PC-cillin PCCPFW exe C WINDOWS system ntvdm exe C WINDOWS dfphjc exe C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files Okidata OKI LPR Utility okilpr exe C Program Files InterVideo Common Bin WinCinemaMgr exe C Documents and Settings NATHAN MONROE Desktop SECURITY HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Search Bar http malware/spyware infestation red clientapps yahoo com cus http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS SYSTEM blank htm R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file F - REG win ini load C BITWARE BFRECV EXE O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper ocx O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - A FDD -A - - - ED E DBBB - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SystemTray SysTray Exe O - HKLM Run jeAYhv C WINDOWS dfphjc exe O - HKLM Run IST Service C Program Files ISTsvc O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Global Startup Acrobat Assistant lnk C Program Files Adobe Acrobat Distillr AcroTray exe O - Global Startup OKI LPR Utility lnk C Program Files Okidata OKI LPR Utility okilpr exe O - Global Startup InterVideo WinCinema Manager lnk C Program Files InterVideo Common Bin WinCinemaMgr exe O - Extra context menu item amp Google Search - res c program files google GoogleToolbar dll cmsearch html O - Extra context menu item Backward Links - res c program files google GoogleToolbar dll cmbacklinks html O - Extra context menu item Cached Snapshot of Page - res c program files google GoogleToolbar dll cmcache html O - Extra context menu item Similar Pages - res c program files google GoogleToolbar dll cmsimilar html O - Extra context menu item Translate into English - res c program files google GoogleToolbar dll cmtrans html O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE file missing O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE file missing O - Broken Internet access because of LSP provider ... Read more

Relevancy 55.9%

Hello Thanks for any help you can provide On Friday Dec at around US ET we began experiencing many pop-ups while running Internet Explorer The pop-ups appear to point to bogus security applications like quot Antivirus quot Other pop-ups appear for videos music and security applications I have also captured some disturbing information from my Norton Internet Security Logs Intrusion Prevention PM Many - Infestation? Pop-ups Malware Vundo Intrusion HTTP Fake Scan Webpage quot Intrusion HTTP Fake Scan Webpage Intruder SONY Risk Level High Protocol Many Pop-ups - Vundo Malware Infestation? TCP Attacked IP Attacked Port http quot PM Intrusion HTTP Trojan Vundo Activity quot Intrusion HTTP Trojan Vundo Activity Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Trojan Vundo Activity quot Intrusion HTTP Trojan Vundo Activity Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Trojan Vundo Activity quot Intrusion HTTP Trojan Vundo Activity Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Misleading Application Detection quot Intrusion HTTP Misleading Application Detection Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Trojan Vundo Activity quot Intrusion HTTP Trojan Vundo Activity Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Trojan Vundo Activity quot Intrusion HTTP Trojan Vundo Activity Intruder http Risk Level High Protocol TCP Attacked IP SONY Attacked Port quot PM Intrusion HTTP Malicious Toolkit Variant Activity quot Intrusion HTTP Malicious Toolkit Variant Activity Intruder SONY Risk Level High Protocol TCP Attacked IP Attacked Port http quot As requested I have run DDS log below and attached appropriate files Thanks again for your time help DDS Log Below --------------- DDS Version - NTFSx Run by Doc at on Sat Internet Explorer Microsoft Windows XP Home Edition GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS System drivers CDAC BA EXE C Program Files Google Common Google Updater GoogleUpdaterService exe D ideas Iona bin orbixd exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS System nvsvc exe C WINDOWS system HPZipm exe C WINDOWS System svchost exe -k imgsvc C Program Files Sony VAIO Media Music Server SSSvr exe C Program Files Sony Photo Server appsrv PicAppSrv exe C Program Files Sony giga pocket GPVSvr exe C Program Files Viewpoint Common ViewpointService exe C Program Files Canon CAL CALMAIN exe C Program Files Common Files Sony Shared VAIO Media Platform sv httpd exe C Program Files Common Files Sony Shared VAIO Media Platform SV Httpd exe C Program Files Common Files Sony Shared VAIO Media Platform SV Httpd exe C Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exe C Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exe C Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exe C WINDOWS Explorer EXE C WINDOWS System WScript exe C WINDOWS system RUNDLL exe C Program Files Common Files Real Update OB evntsvc exe C WINDOWS LTSMMSG exe C Program Files iTunes iTunesHelper exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS System ezSP Px exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Sony VAIO Action Setup VAServ exe C Program Files sony gi... Read more

A:Many Pop-ups - Vundo Malware Infestation?

Howdy there doc1586

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f100/many-pop-ups-vundo-malware-infestation-323359.html
Relevancy 55.9%

Hi there So I was playing utopia a game I've played for several years and I got some kind of a malware infestation from the website I wish I knew what kind of infection I unknown infestation malware have but I'm not getting any results through google searches I keep getting pop-ups lots of pop-ups mostly for lt hxxp gt and www zoombli com My wireless connection also no longer works I actually had to go back unknown malware infestation to my god awful wired connection to get online to post this Here unknown malware infestation is my hijack this logfile and any help would be greatly appreciated This is the only computer my family and I have internet access for right now My desktop's power supply went boom - MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS system nvsvc exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files SigmaTel C-Major Audio WDM StacSV exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system dllhost exeC WINDOWS system dllhost exeC Program Files Adobe Reader Reader AcroRd exeC Program Files AIM aim exeC Program Files AIM aolsoftware exeC WINDOWS system rundll exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Winamp Toolbar BHO - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dllO - BHO c a ed e-c b-bf a- - aa e c - c e- aa - -a fb-b ce de a c - C WINDOWS system ggnwtu dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dllO - BHO no name - cf fe - b- ec-bef - a b bc - C WINDOWS system hapoyivu dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dllO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installquietO - HKLM Run NVHotkey rundll exe nvHotkey dll StartO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exeO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run Document Manager C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exeO - HKLM Run SecureUpgrade C P... Read more

A:unknown malware infestation

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/209933/unknown-malware-infestation/
Relevancy 55.9%

Computer running slow redirects pop-ups Ran Malwarebytes and it helped but still not right Any help is appreciated Hijack this Log below Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe C Program Files x Gateway Photo Frame ButtonMonitor exe C Program Files x LeapFrog LeapFrog Connect Monitor exe infestation malware Virus and C Program Files x Belkin Router Setup and Monitor BelkinRouterMonitor exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Belkin Router Setup and Monitor BelkinSetup exe C Program Files x iTunes iTunesHelper exe C Program Files x Mozilla Firefox firefox exe C Program Files Adobe Adobe Virus and malware infestation Photoshop Lightroom Support DynamicLinkSupport dynamiclink CS dynamiclinkmanager exe C Program Files x Common Files Apple Internet Services ApplePhotoStreams exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Program Files x Trend Micro HiJackThis HiJackThis exe C Windows SysWOW DllHost exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage gateway com rdr aspx b ACGW amp Virus and malware infestation l amp m dx amp r p d v k l o R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page www google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http https R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - ee aab - d - a -aefc-c aef af - C Program Files x Playfin t bar bin tSrcAs dll R - URLSearchHook no name - f a fe - - -b d - e b - no file F - REG system ini UserInit userinit exe O - BHO MSS Identifier - E A AD- D - EB- D D- EF A - C Program Files McAfee Security Scan McAfeeMSS IE dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Toolbar BHO - d f f- c - -a b - bd b a be - C PROGRA PLAYFI bar bin tbar dll O - BHO URLRedirectionBHO - B F A - E - -BA - B E FF - C PROGRA MICROS Office URLREDIR DLL O - BHO Search Assistant BHO - d c f d-d e- - f -abcb c d ad - C Program Files x Playfin t bar bin tSrcAs dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Playfin - d bc f- f - b -a f-d ade - C Program Files x Playfin t bar bin tbar dll O - HKLM Run Desktop Disc Tool quot C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe quot O - HKLM Run StartCCC quot C Program Files x ATI Technologies ATI ACE Core-Static CLIStart exe quot MSRun O - HKLM Run Gateway Photo Frame C Program Files x Gateway Photo Frame ButtonMonitor exe -A O - HKLM Run Monitor quot C Program Files x LeapFrog LeapFrog Connect Monitor exe quot O - HKLM Run APSDaemon quot C Program Files x Common Files Apple Apple Application Support APSDaemon exe quot O - HKLM Run InstaLAN quot ... Read more

Relevancy 55.9%

On an impulse Infestation Malware Horrible I navigated to the following site edited out Whatever you do don't go there By just navigating to the site I got a whole bunch of crap installed on my computer and it has taken me several days to get rid of most of it Although both Trendmicro and AVG have both pronounced me quot clean quot my settings are all bunged-up I've turned off System Restore so I can clean out the malware so that is not an option And I have run Repair Installs and for some reason there are still problems Mostly what is happening is that my WinXP desktop is quot locked quot into displaying the malware's quot Warning quot page which told me about the quot spyware quot and how to get rid of it I got rid of the HTML page that used to be there but now my normal WinXP desktop is replaced by a blank whiteness like what you would get Horrible Malware Infestation if the HTML page was deleted And I haven't got the ability to change the Desktop like I used to On boot it quot flashes quot my usual image then get's quot over-ridden quot by something else Also Task Manager used to not work even though it was enabled in the Registry I checked I downloaded a tool that quot forces quot it to function but I think there is still malware interfering The computer doesn't seem to recognize that I am the Administrator and won't let me install software Also somehow Google's ToolBar got installed I didn't do it I have Horrible Malware Infestation a list of the malware AVG found amp put into Quarantine if that will help I used to think I could handle myself but this is really something else ANy help would be appreciated Also is there anything that can be quot done quot about this web-site above I just navigated there by accident and I can't believe that other ISP's would stand for allowing there Users to risk running into that site Is there a way for someone to try to get the thing shut-down or blacklisted Thanks in advance George

A:Horrible Malware Infestation

Try to do as many steps you can outlined here. We need a HijackThis log from you.

You can just add that site to your HOSTS file to "blacklist" it. Uninstall Google Toolbar if you don't want it.

...moved to HijackThis Forum...

http://www.techsupportforum.com/forums/f100/horrible-malware-infestation-83348.html
Relevancy 55.9%

My cousin sent me a zip archive holding an src file As soon as Can't Malware Infestation - Remove i opened it I realized that my anti virus program Kaspersky Anti-virus was acting up and kept posting warnings that a Malware Infestation - Can't Remove virus was detected However it could never remove it After doing several sweeps with spysweeper spybot and ad-aware i realized that the malware was recurring and kept popping up soon after i restarted Malware Infestation - Can't Remove the computer This has been frustrating I trusted my cousin but I guess I can't be too sure after this I ask for the HJT staff's assistance in helping me restore my computer to a more stable state Thank you ------HiJackThis Log fileLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss Malware Infestation - Can't Remove exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system CTsvcCDA exeC Program Files Kerio Personal Firewall kpf ss exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Webroot Spy Sweeper WRSSSDK exeC Program Files Kerio Personal Firewall kpf gui exeC Program Files D-Tools daemon exeC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS system RUNDLL EXEC WINDOWS system nvraidservice exeC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEC WINDOWS system CTHELPER EXEC Program Files Logitech iTouch iTouch exeC Program Files QuickTime qttask exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Webroot Spy Sweeper SpySweeper exeC Program Files Hamachi hamachi exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files WinZip WZQKPICK EXEC Program Files Logitech MouseWare system em exec exeC Program Files Rainlendar Rainlendar exeC Program Files Kerio Personal Firewall kpf gui exeC WINDOWS system wbem unsecapp exeC Program Files Steam steam exeC Program Files Mozilla Firefox firefox exeC Program Files AIM aim exeC Documents and Settings Administrator RETESTRAK Desktop HijackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - Default URLSearchHook is missingF - REG system ini UserInit C WINDOWS system userinit exe klpagae exeO - HKLM Run DAEMON Tools- quot C Program Files D-Tools daemon exe quot -lang O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run KAVPersonal quot C Program Files Kaspersky Lab Kaspersky Anti-Virus Personal kav exe quot minimizeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run NVRaidService C WINDOWS system nvraidservice exeO - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe rO - HKLM Run CTDVDDET C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEO - HKLM Run CTHelper CTHELPER EXEO - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe rO - HKLM Run UpdReg C WINDOWS UpdReg EXEO - HKLM Run zBrowser Launcher C Program Files Logitech iTouch iTouch exeO - HKLM Run Logitech Utility Logi MwX ExeO - HKLM Run DeadAIM rundll exe quot C PROGRA AIM DeadAIM ocm quot ExportedCheckODLsO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeper exe quot startintrayO - HKCU Run AIM C Program Files AIM aim exe -cnetwait odlO - HKCU Run LDM C Progr... Read more

A:Malware Infestation - Can't Remove

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.If you receive a message from your firewall about this program accessing the internet please allow it.If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

http://www.bleepingcomputer.com/forums/t/56436/malware-infestation-cant-remove/
Relevancy 55.9%

Hey everyone -- My laptop has picked up a malware infestation recently -- I suspect the diagnostics will tell you all the required information but Help Infestation Malware Requested! in short Running Win XP pro -- SP I think Mozilla Firefox browser My problem focus on google redirects which I covered up by using Redirect Remover but of course this just covers symptoms and does not actually solve the problem I've also noticed pop-ups when browsing sites which should not have any pop-ups notably the kingdom of loathing wiki Ad-aware and clamwin do not detect any problems but I Malware Infestation Help Requested! have noticed that clamwin is has problems with automatic updates Here are the required diagnostics Thanks in advance and please let me know what else is needed to clean this problem up Robert Gibson DDS Ver - - - NTFSx Run by Owner at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS ehome ehtray exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Digital Media Reader shwicon k exe C WINDOWS System spool DRIVERS W X E FATIABA EXE C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Google Google Talk googletalk exe C Program Files Lexmark Series lxczbmgr exe C Program Files ClamWin bin ClamTray exe C Program Files Lexmark Series lxczbmon exe C Program Files Adobe Reader Reader Reader sl exe C Program Files Java jre bin jusched exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS system ctfmon exe C Program Files BigFix bigfix exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS eHome ehmsas exe C Program Files ClamWin bin ClamWin exe C Program Files ClamWin bin freshclam exe C Program Files Mozilla Firefox firefox exe C WINDOWS system wuauclt exe C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uStart Page hxxp www google com ig sourceid navclient amp ie UTF- amp hl en uSearch Page hxxp www google com uDefault Search URL hxxp www google com ie uInternet Connection Wizard ShellNext iexplore uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www gateway com g sidepanel html Ch Retail amp Br GTW amp Loc ENG US amp Sys PTB amp M MX BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB C B - - D - B - A CD F - No File uRun ctfmon exe c windows system ctfmon exe uRun updateMgr c program files adobe acrobat reader AdobeUpdateManager exe AcRdB mRun ehTray c windows ehome ehtray exe mRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun lt NO NAME gt mRun SunKist c program files digital media reader shwicon k exe mRun Reminder WINDIR Creator Remind XP exe mRun Recguard WINDIR SMINST R... Read more

A:Malware Infestation Help Requested!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f100/malware-infestation-help-requested-354216.html
Relevancy 55.9%

winsock vista SP bit OS trouble i was infested by malware deleted some files including google desktop start up and apple bonjour start up which were identified by Autorun and my wireless has proceeded to stopped working when i start my laptop it takes a minute to load after i Winsock/malware infestation have typed my password and after that minute the screen goes black with only the cursor on the screen then windows finally loads and says it is impossible to start the event register it also says winsock has failed to load i have tried to i run netsh winsock reset but in this case i got the following error message impossible to start initialization function InitHelperDll into NSHHTTP DLL error Winsock/malware infestation code if a put the mouse on the wireless icon low right the pop up is telling connection status unknown start of the group or dependency service has failed to start i cannot restore the Vista operation system I try to recover the operating system at one point of days ago but i get error messages system has not been restored due to an unspecified error when i type quot msinfo quot in quot run quot and look at components gt network gt protocol it says it cannot collect information as the windows management files are removed or missing when i deleted the winsock winsock files the startup was quick the wireless would work but with limited connectivity and doesnt connect to the internet i ran msinfo again and this time it was blank under protocol microsoft support says i should have files there now i have reinstated the winsock and winsock files it has slowed down and the wireless group has failed to start again when i googled error it says this is a non recoverable error does this mean even if i reload vista i will still have the same problem i have tried to reinstall bonjour but it says i do not have the privileges to do so even though i m the admin i also can t start my windows firewall now either HELP

A:Winsock/malware infestation

does this mean even if i reload vista i will still have the same problem?!If you reload the OS it should be fineI had this problem last week after an infection. After messing with it for a week, I finally reinstalled

http://www.bleepingcomputer.com/forums/t/206460/winsockmalware-infestation/
Relevancy 55.9%

Hi Have a system that is in bad shape no firewall or antivirus was installed Have ran Norton AVG Bitdefender spybot ad-aware amd removed over entries of malware Still can not get rid of Win Elkern Smitfraud-C CoreServices and Virtumonde Any Malware Major infestation help will be most appreciated here is the HiJackThis File Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe Major Malware infestation C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system Major Malware infestation lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Grisoft AVG Anti-Spyware guard exe C WINDOWS System drivers CDAC BA EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared ccSetMgr exe C Major Malware infestation Program Files Symantec AntiVirus DefWatch exe C WINDOWS System svchost exe C Program Files Symantec AntiVirus Rtvscan exe C Program Files Common Files BitDefender BitDefender Communicator xcommsvr exe C Program Files Java jre bin jusched exe C Program Files Common Files BitDefender BitDefender Update Service livesrv exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files BitDefender BitDefender vsserv exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C WINDOWS System svchost exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http securityresponse symantec com avcenter fix homepage R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cus sbcydsl http www yahoo com search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Everyones Internet O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO d e afb - e- b-ca - a d d f - f d d- a - ac-b -e bfa e d - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - c e - dd - - dee-e f af aa - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO no name - C F AA-E - D- - FFC B C - O - BHO no name - EA F D-E E - - - D E A E - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar BitDefender Toolbar - FFDE - - f -B D-FC A F C - C Program Files BitDefender BitDefender IEToolbar dll O - HKLM Run NT Logging Service syslog exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKCU Run ShutterflyStudio C Program Files Shutterfly Studio BIN SFlyStudio exe trayonly O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKUS S- - - Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe User SYSTEM O - HKUS DEFAULT Run swg C Program Files Google GoogleToolbarNotifier Goo... Read more

Relevancy 55.9%

It happened again Grr you gals ans guys were a Malware infestation? Solved: great help last time so I m comin back I m geting pop up warnings from the task bar re spyware infection Solved: Malware infestation? a pop up Solved: Malware infestation? from what looks very much like a windows security notice my desktop background has been replaced with all blue that also has a spyware warning and also a pop up web site for spyware removal Here is the log Solved: Malware infestation? Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files Common Files AOL ee services safetyCore ver aolavupd exe C Program Files mcafee com personal firewall MPFService exe C WINDOWS System nvsvc exe C Program Files Softex OmniPass Omniserv exe C WINDOWS System svchost exe C WINDOWS wanmpsvc exe C Program Files Softex OmniPass OPXPApp exe C WINDOWS system mgmrwmrv exe C WINDOWS Explorer EXE C windows system hpsysdrv exe C Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe C WINDOWS System hphmon exe C HP KBD KBD EXE C Program Files Multimedia Card Reader shwicon k exe C WINDOWS ALCXMNTR EXE C Program Files HP HP Software Update HPWuSchd exe C Program Files support com bin tgcmd exe C Program Files Common Files AOL Loader aolload exe C Program Files Common Files AOL Loader aolload exe C Program Files Common Files AOL ee services safetyCore ver AOLSP Scheduler exe C Program Files mcafee com personal firewall MPfTray exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft ActiveSync WCESCOMM EXE C WINDOWS System rundll exe C Program Files iPod bin iPodService exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Messenger msmsgs exe C Program Files Mobipocket com Mobipocket Reader readernotify exe C Program Files OLYMPUS OLYMPUS Master Monitor exe C Program Files Hewlett-Packard Digital Imaging bin hpqtra exe C Program Files Updates from HP Program BackWeb- exe C Program Files interMute SpamSubtract SpamSubtract exe C WINDOWS System HPZipm exe C Program Files internet explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system mgmrwmrv exe O - BHO no name - - - dd -be f- d - no file O - BHO no name - ace- - c -a ff-c d - no file O - BHO no name - c c-e - a -a ac-b a e d - no file O - BHO no name - e f -eec - a -add -cd f c - no file O - BHO no name - e bd f- b d- e- c -ce eb a d - no file O - BHO no name - cd e- - a -b c - c e fbab - no file O - BHO no name - dafd - b - c e-bd - ca b - no file O - BHO no name - fa a-c a - - c - ae ab - no file O - BHO no name - cc -b - fe - b- a e e a - no file O - BHO no name - aea - d d- d - dc- f a f - no file O - BHO no name - a f- efa- - - f - no file O - BHO no name - c b f - f - -a b - d e - no file O - BHO no name - cf f - e - a -cba - - no file O - BHO no name - fc a e -f - f -ae e- f c - no file O - BHO no name - ffff - - a-a c - b f fb - no file O - Toolbar HP View - B E - D D- DEB- B - D BCF F - c Program Files Hewlett-Packard Digital Imaging bin hpdtlk... Read more

Relevancy 55.9%

Hello,

I have gotten my PC system (Win XP Pro) infested with teh IE Defender malware trojan. I have tried many times to do the automated and manual removal process found on the net to remove this but it is not going away. This iscludes using the reg update for the registry.

I am constantly getting an error pop-up window in IE Explorer browser (7.0) that says "System Error!" Your computer is infested with an unknown trojan. It's dangerous for your system. Click OK to download the antispyware program to clean your system!"

I would be most grateful for any help!

I have attached my HijackThis log file as an attachment to this message.

A:Ie Defender Malware Infestation

Hello troeser,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process. Please copy/paste the content of the SmitfraudFix report into your next reply along with a new HijackThis log. The report can also be found at the root of the system drive, usually at C:\rapport.txt Do not attach your logs unless they are too big fit in the reply box. Warning : running option #2 on a non infected computer will remove your Desktop background.

http://www.bleepingcomputer.com/forums/t/130495/ie-defender-malware-infestation/
Relevancy 55.47%

I recently tried to download a download accelerator (bad idea I know) from basically a torrent website, I didn't pay 100% attention to the third party files and included was unniSale adware/malware.
 
I have not found it in my internet explorer but it has manifested itself into google chrome and although I can remove extension and negate it a bit, the program keeps popping up opening more and more dialogue boxes. 
 
I am asking for help and understand the turn around time might be a little longer than most people like, I do have to depart on a business trip where I will not have internet access in a little under a week so hopefully I will have time to enact the fixes that are provided. 
 
I have already run FRST and attached the txt files FRST and addition and will post them in a reply <> as well.
 
Thank you in advance!

A:UnnisAle adware/malware infestation

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Wes (administrator) on GAMECOCK on 27-01-2015 07:17:39
Running from C:\Users\Wes\Desktop
Loaded Profiles: Wes (Available profiles: Wes)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ZTE Corporation) C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files ... Read more

http://www.bleepingcomputer.com/forums/t/564632/unnisale-adwaremalware-infestation/
Relevancy 55.47%

Computer has suddenly become much slower after a couple of downloads Computer now lagging when running multimedia and taking much longer to load icon graphics when opening folders Thank you DDS Ver - - - NTFS AMD Run by Administrator at on Thu Internet Explorer Microsoft Windows Home Premium GMT - AV Lavasoft Ad-Watch Live Anti-Virus Enabled Updated FF much INFESTATION MALWARE Computer slower. - D -CE B- ECB-E A A AV Trend Micro Internet Security Enabled Updated F AC- AA - D- C- E E SP Trend Micro Internet Security Computer much slower. MALWARE INFESTATION Enabled Updated D - C A- -BE C-BB CF BF SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Lavasoft Ad-Watch Live Enabled Updated - EE-C E - B-DC BDD BAB Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files x Lavasoft Ad-Aware AAWService exe C Program Files NVIDIA Corporation Display NvXDSync exe C Windows system nvvsvc exe C Windows system taskhost exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows Explorer EXE C Program Files x NVIDIA Corporation nTune nTuneService exe C Program Files Trend Micro Internet Security SfCtlCom exe C Program Files x IObit Game Booster gbtray exe C Program Files x IObit Advanced SystemCare AWC exe C Program Files x ASUS ControlDeck ControlDeckStartUp exe C Program Files x NVIDIA Corporation System Update UpdateCenterService exe C Program Files x ASUS Turbo Gear Enhanced VGA Driver WBVGAservice exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files x ASUS Turbo Gear Enhanced VGA Driver wbctlvga exe C Program Files x ASUS ATK Hotkey HControl exe C Program Files x ASUS ATK Hotkey ATKOSD exe C Program Files x ASUS ATK Hotkey WDC exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Synaptics SynTP SynTPEnh exe C Windows System rundll exe C Windows System StikyNot exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Trend Micro Internet Security TmProxy exe C Windows System svchost exe -k secsvcs C Program Files Trend Micro BM TMBMSRV exe C Program Files x Lavasoft Ad-Aware AAWTray exe C Program Files x IObit Game Booster GameBooster exe C Program Files x ASUS Turbo Gear Extreme TurboGear exe C Windows system SearchIndexer exe C Program Files x NVIDIA Corporation NVIDIA System Monitor NVMonitor exe C Windows system wbem wmiprvse exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Program Files x Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Users Administrator Desktop dds scr C Windows system conhost exe Pseudo HJT Report uStart Page hxxp yahoo com mWinlogon Userinit userinit exe BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll uRun RESTART STICKY NOTES C Windows System StikyNot exe mRun HControlUser C Program Files x ASUS ATK Hotkey HControlUser exe mRun ATKOSD C Program Files x ASUS ATKOSD ATKOSD exe mRun ATKMEDIA C Program Files x ASUS ATK Media DMedia exe mRun VolPanel quot C Program Files x Creative SB Audigy Volume Panel VolPanlu exe quot r mRun UpdReg C Windows UpdReg EXE mRun Turbo Gear Help quot C Program Files x ASUS Turbo Gear Extreme GearHelp exe quot mRun Turbo Gear quot C Program Files x ASUS Turbo Gear Extreme TurboGear exe quot -r mRun Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot mRun Adobe ARM q... Read more

A:Computer much slower. MALWARE INFESTATION

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/384232/computer-much-slower-malware-infestation/
Relevancy 55.47%

Hello cryptodan Still having start up problem in Normal mode but things seem to be changing The following is a scan report from MalwareBytes run last night Following the Malware log will be two log files from Superant Quick scans Between the two Quick Start up after infestation malware problem scans I attempted to do a Complete scan but the system stopped and re-booted itself Now there are times when the Normal start up sequence seems to get further along in the process The computer still boots OK in Safe Mode HERE IS THE MALWARE LOG SUPERAntiSpyware Scan Log http www superantispyware com Generated at AM Application Version Core Start up problem after malware infestation Rules Database Version Trace Rules Database Version Scan type Quick Scan Total Scan Time Operating System Information Windows XP Professional -bit Service Pack Build Administrator Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected Adware Tracking Cookie C Documents and Settings Administrator Cookies RJDZRB txt atdmt com C Documents and Settings Administrator Cookies B M FUFV txt ad wsod com C Documents and Settings Administrator Cookies ZYGU Y txt ads pubmatic com C Documents and Settings Administrator Cookies D YCEO txt adxpose com C Documents and Settings Administrator Cookies ROHBAS K txt invitemedia com C Documents and Settings Administrator Start up problem after malware infestation Cookies EUD Y N txt doubleclick net C Documents and Settings Administrator Cookies G V KXAX txt Start up problem after malware infestation questionmarket com C Documents and Settings Administrator Cookies T GJZ E txt serving-sys com C Documents and Settings Administrator Cookies N BSEK A txt www googleadservices com C Documents and Settings Administrator Cookies SVXIQ D txt collective-media net C Documents and Settings Administrator Cookies GRIB I txt ad yieldmanager com C DOCUMENTS AND SETTINGS TEST Cookies U R WMT txt Cookie test doubleclick net C DOCUMENTS AND SETTINGS TEST Cookies SVFBBN txt Cookie test fastclick net C DOCUMENTS AND SETTINGS TEST Cookies VGHSTFA txt Cookie test advertising com C DOCUMENTS AND SETTINGS TEST Cookies IMZT Z txt Cookie test at atwola com C DOCUMENTS AND SETTINGS TEST Cookies P LSER W txt Cookie test atdmt com C DOCUMENTS AND SETTINGS TEST Cookies EOMDLLOK txt Cookie test ad yieldmanager com THESE ARE THE SUPERANT LOG FILES First Scan SUPERAntiSpyware Scan Log http www superantispyware com Generated at AM Application Version Core Rules Database Version Trace Rules Database Version Scan type Quick Scan Total Scan Time Operating System Information Windows XP Professional -bit Service Pack Build Administrator Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected Adware Tracking Cookie C Documents and Settings Administrator Cookies RJDZRB txt atdmt com C Documents and Settings Administrator Cookies B M FUFV txt ad wsod com C Documents and Settings Administrator Cookies ZYGU Y txt ads pubmatic com C Documents and Settings Administrator Cookies D YCEO txt adxpose com C Documents and Settings Administrator Cookies ROHBAS K txt invitemedia com C Documents and Settings Administrator Cookies EUD Y N txt doubleclick net C Documents and Settings Administrator Cookies G V KXAX txt questionmarket com C Documents and Settings Administrator Cookies T GJZ E txt serving-sys com C Documents and Settings Administrator Cookies N BSEK A txt www googleadservices com C Documents and Settings Administrator Cookies SVXIQ D txt collective-media net C Documents and Settings Administrator Cookies GRIB I txt ad yieldmanager com C DOCUMENTS AND SETTINGS TEST Cookies U R WMT txt Cookie test doubleclick net C DOCUMENTS AND SETTINGS TEST Cookies SVFBBN txt Cookie test fastclick net C DOCUMENTS AND SETTINGS TEST Cookies VGHSTFA txt Cookie test advertising com C DOCUMENTS AND SETTINGS TEST Cookies IMZT Z txt Cookie te... Read more

A:Start up problem after malware infestation

Good morning cryptodan if you are out there today.

Just a followup to my last post with the malware scan logs.

The computer is now starting normally! There seemed to be an increasing progression of how far it would during bootup. Then one time yesterday it booted up in Normal mode and announced that Windows had recovered from potentially serious problems and would I like to send a/the report(s) to Microsoft. Yes, I said! - The computer has been starting normally since. Could it be that Windows fixed itself??

Thanks for your help. For now things look OK.

Are there any history/log files that we can look at to get a handle on what happened?

Mike

http://www.bleepingcomputer.com/forums/t/451514/start-up-problem-after-malware-infestation/
Relevancy 55.47%

Just recently started having issues with comp random freezes crashes etc I m running a Dell Dimension windows XP SP Home edition infestation Malware/Spyware Suspected Pentium CPU GHz GB of Ram Radeon x video card Here are the logs any assistance is always appreciated Could not get the GMER program to finish after hours of scanning the computer froze so I do not have that log Sorry Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost Suspected Malware/Spyware infestation exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C WINDOWS system bgsvcgen exe C Program Files Spyware Doctor BDT BDTUpdateService exe C WINDOWS system CTsvcCDA EXE C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Nero Nero Nero BackItUp NBService exe C Program Files Common Files Intuit QuickBooks QBCFMonitorService exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS system tcpsvcs exe C Program Files Spyware Doctor pctsTray exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C WINDOWS system MsPMSPSv exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system dla tfswctrl exe C Program Files iTunes iTunesHelper exe C Program Suspected Malware/Spyware infestation Files HP HP Software Update Suspected Malware/Spyware infestation HPWuSchd exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C Program Files Spyware Doctor TFEngine TFService exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - Hosts HP D D O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Browser Defender BHO - A F D B- - FF -B - CCE E - C Program Files Spyware Doctor BDT PCTBrowserDefender dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar PC Tools Browser Guard - EA- A- B-ADF - D E CC - C Program Files Spyware Doctor BDT PCTBrowserDefender dll O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startup O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield U... Read more

https://forums.techguy.org/threads/suspected-malware-spyware-infestation.945451/
Relevancy 55.47%

Below is my file I began following the steps on another post in this forum System Integrity Scan Wizard at http forums techguy org log my Hijackthis infestation - Analyze malware malware-r -solved-system-integrity-scan-wizard Analyze my Hijackthis log - malware infestation html and found that my processes and registries are different I have an idea of some of the ones to get rid of but I would rather get one of you experts to point out all of them This thing sucks it is popping up stuff in my browser now and new pop ups on the screen I have been running CleanUp Ewido AdAware McAfee to no avail PLease help In excahnge I will donate some time to the programming forums Thanks Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system CTsvcCDA EXE C Program Files Cisco Systems VPN Client cvpnd exe C Program Files ewido anti-malware ewidoctrl exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C WINDOWS system inetsrv inetinfo exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe c Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C Downloads bin ScrumworksService exe C Program Files SiteAdvisor SAService exe c Program Files Microsoft SQL Server Shared sqlwriter exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee com Agent mcagent exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system dla tfswctrl exe C Program Files Java jre bin jusched exe C Program Files SiteAdvisor SiteAdv exe C WINDOWS system RUNDLL EXE C Program Files Roxio Easy CD Creator DirectCD DirectCD exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files Exodus Exodus exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Creative MediaSource Detector CTDetect exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Logitech SetPoint SetPoint exe C Program Files iPod bin iPodService exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files Cisco Systems VPN Client vpngui exe C WINDOWS system WISPTIS EXE C Program Files Common Files Apple Mobile Device Support bin distnoted exe C Program Files iTunes iTunes exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C WINDOWS system gfmrkrqz exe C Documents and Settings All Users Application Data qpurcler kjsbodit exe C WINDOWS explorer exe C Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files McAfee MSC mcshell exe C PROGRA McAfee VIRUSS mcvsshld exe C PROGRA McAfee VIRUSS mcods exe C Program Files CleanUp Cleanup exe C WINDOWS system mstsc exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Rob Allen Desktop HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DE R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Expl... Read more

A:Analyze my Hijackthis log - malware infestation

I have all of my eggs in one basket. I hope you guys lend a hand.

I ran smitFraudFix and CleanUp again in safe mode. restarted it and it looks better, since I have not received anymore fake security pop ups. the log looks cleaner, but I can't tell.

Here is the new log after that.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:15:35 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Downloads\bin\ScrumworksService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Exodus\Exodus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\gfmrkrqz.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob Allen\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
... Read more

https://forums.techguy.org/threads/analyze-my-hijackthis-log-malware-infestation.702438/
Relevancy 55.47%

Hello,
 
Running Windows 10
Had pop ups and in-browser ads from Page Record.
Uninstalled Page Record using "Add/Remove Apps"
Saw lots of ads from "CloudScout" as well.
Have lots of pop ups from something that generates ads saying "It seems you have computer problems. Call us to fix. 1-855-525-4632." Lots of variations thereof.
Ran CleanUp! It remove 600mb, still have this problem.
Not sure what to do, please help.

A:Windows 10 - Huge Ad/Malware Infestation

Ok, Just ran AdWCleaner, still have the CloudScout pop ups. Here's the Log.
 
# AdwCleaner v4.208 - Logfile created 13/08/2015 at 18:26:07
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : xxx
# Running from : xxx\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 

***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\CrimeWatch
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs One System Care
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\TNT2
Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control
Folder Deleted : C:\Program Files (x86)\OneSystemCare
Folder Deleted : C:\Users\HUSTON\AppData\Local\SearchProtect
Folder Deleted : C:\Users\HUSTON\AppData\Local\TNT2
Folder Deleted : C:\Users\HUSTON\AppData\Local\CrimeWatch
Folder Deleted : C:\Users\HUSTON\AppData\Roaming\One System Care
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Launch One System Care.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\HUSTON\AppData\Roaming\Mozilla\Firefox\Profiles\jhs6q0cz.default\invalidprefs.js
File Deleted : C:\Users\HUSTON\AppData\Roaming\Mozilla\Firefox\Profiles\jhs6q0cz.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : One System CarePeriod
Task Deleted : One System Care Run Delay
Task Deleted : One System Care Monitor
 
***** [ Shortcuts ] *****
 

***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Deleted : HKLM\SOFT... Read more

http://www.bleepingcomputer.com/forums/t/586391/windows-10-huge-admalware-infestation/
Relevancy 55.47%

Please can you help My neighbours computer has been infected it all started when he was browsing theNet A popup opened and AVG picked up a Trojan horse Collected AF it could not be healed deleted e t c and files were copied to the local settings temp folder I deleted the temp folder contents and noticed a Trojan,Powerscan,malware infestation new program had been installed called Powerscan this was removed using Add Remove programs The Trojan,Powerscan,malware infestation PC was restarted Trojan,Powerscan,malware infestation and a powerscan program started up after closing and uninstallation Iran AVG no virus found Spybot S D found various malware Inc Powerscan andISearchTech Ad-Aware found similar problems these were all removed successfully I ran these programs again after restarting and no problems were found However now when connecting to the internet the browser opens up a Trojan,Powerscan,malware infestation web page called corn on the cob and again AVG picks up the same Trojan I end the task and disconnect but the network connection window opens either saying that pwnage xtremepower info or competone com wants to connect This persistsafter selecting cancel until you restart the PC I have updated all above security sotware and tried spyware blaster and winpatroland a system restore this cannot be done Looking at the running processes I noticed the l ol exe and tried ending the process this allowed me to connect to the internet without the corn on the cob installer window opening but upon disconnecting the network connection window opens either saying that pwnage xtremepower info or competone com wants to connect Please please please cure this problem Thanks P s Sorry if message is to long and boring Logfile of HijackThis v Scan saved at on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS Explorer EXEC WINDOWS System RunDll exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS System spool drivers w x hpztsb exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC Program Files BT Voyager ADSL Modem dslstat exeC Program Files BT Voyager ADSL Modem dslagent exeC PROGRA BTBROA SMARTB BTHelpNotifier exeC WINDOWS System msdesk exeC l ol exeC wanadoo wanadooconnectionkit atdialler exeC Program Files WinZip WZQKPICK EXEC Program Files BT Broadband Help bin mpbtn exeC Documents and Settings Gorman My Documents Highjackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http www wanadoo co uk cd redirects search htmR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www freeserve com R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS SYSTEM blank htmR - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by FreeserveO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - HKLM Run SystemTray SysTray ExeO - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWndO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run SiSUSBRG C WINDOWS SiSUSBrg exeO - HKLM Run HP Software Update quot C Program Files Hewlett-Packard HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Progr... Read more

A:Trojan,Powerscan,malware infestation

Hello Biofriendly and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmO4 - HKLM\..\Run: [Microsoft Desktop Manager] msdesk32.exeO4 - HKLM\..\Run: [REGRUN] C:\l9ol.exeO4 - HKLM\..\RunServices: [Microsoft Desktop Manager] msdesk32.exeI question this item for a Wanadoo dialup connection. It appears that you have BT broadband so if this is no longer needed you can check it also. Even if you still use Wanadoo this does not have to startup at bootup, you can still remove this and start it as needed:O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exeNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #4We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\System32\msdesk32.exeC:\l9ol.exeStep #5Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.Step #6Reboot normally and run at least 2 of the following on-line virus scans:Trend Micro HousecallBitDefender On-Line Virus ScanPanda ActiveScaneTrust Antivirus Web ScannerMake sure that you choose "fix", "clean" or "autoclean". If you have any files that cannot be disinfected or quarantined automatically then delete them manually.Step #7AdAware SE v1.06Download, install, update, configure and run a scan with Ad-aware SE v1.06:Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to be changed before your first scan.Close ALL windows except Ad-Aware SE.Click on the?world? icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.Once the update is finished click on the ?Gear? icon (second from the left at the top of the window) to access the preferences/settings window:In the ?General? window make sure the following are selected in green:Under Safety:Automatically save log-fileAutomatically quarantine objects prior to removalSafe Mode (always request confirmation)Under Definitions:Prompt to update outdated definitions - set the number of daysClick on the ?Scanning? button on the left and select in green:Under Driver, Folders & Files:Scan Within ArchivesUnder Select drives & folders to scan:choose all hard drivesUnder Memory & Registry: all greenScan Active ProcessesScan RegistryDeep Scan RegistryScan my IE favorites for banned URL?sScan my Hosts fileClick on the ?Advanced? button on the left and select in green:Under Shell Integration:Move deleted files to recycle binUnder Logfile Detail Level: all greeninclude addtional object informationDESELECT - include negligible objects informationinclude environment informationUnder Alternate Data Streams:Don't log streams smaller than 0 ... Read more

http://www.bleepingcomputer.com/forums/t/22584/trojanpowerscanmalware-infestation/
Relevancy 55.47%

Hi About days ago my PC was hijacked by Malware Wipe and SpyAxe virus At first I got spurious security alerts telling me to download Malware Wipe then SpyAxe then Spy Trooper all at a cost I realised they were spoof messages so ran my usual antivirus software Ad-Aware Spybot and AVG but Spyaxe Malware Wipe And Infestation these haven't got rid of the problems I have also now tried Bit Defender as suggested on this site and also have done a HJT log Malware Wipe And Spyaxe Infestation which you will find below Other problems are that there are users on this PC my wife and I I think the original virus attacked her settings and she cannot now get access to the internet I can still get internet access on my settings but sometimes lose the connection and there are some sites that show a spoof quot This page cannot be displayed quot message telling me to download Spy Trooper software Can you please help I am becoming demented here Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC PROGRA COMMON AOL ACS AOLacsd exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS system CTSvcCDA EXEC Program Files Malware Wipe And Spyaxe Infestation Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system slserv exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system MsPMSPSv exeC WINDOWS system mssearchnet exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC PROGRA LEXARM LexarSnS LSnSTray exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files NoAds NoAds exeC Program Files MSN Messenger msnmsgr exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files BigFix BigFix exeC Program Files Internet Explorer iexplore exeC DOCUME Trevor LOCALS Temp Temporary Directory for HijackThis zip HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Start Page http www broadband blueyonder co uk R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by blueyonderO - BHO HomepageBHO - e cd -d ce- a-b b- fec f - C WINDOWS system hp DC tmpO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar MSN - BDAD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-gb msntb dll file missing O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run LexarAutoStart C PROGRA LEXARM LexarSnS LSnSTray exeO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run Zone Labs Client C Program Files Zone Labs ZoneAlarm zlclient exeO - HKLM Run NI UWA P N M quot C Documents and Settings Barbara Local Settings Temporary Internet Files Content IE ILTUFUHK WinAntiVirusPro ScannerInstall exe quot -nag O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKCU Run NoAds quot C Program Files NoAds NoAds exe quot O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - Extra context menu item amp Google Search - res c program files google GoogleToolbar dll cmsearch htmlO - Extra context menu item amp Translate English Word - res c program files google GoogleToolbar dll cmwordtrans htmlO - Extra context menu item Backward Links - res c program files google GoogleToolbar dll cmbacklinks htmlO - Extra context menu item Cached Snapshot of Page - res c program files google GoogleToolbar dll cmcache htmlO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Similar Pages - res c program files google GoogleToolbar dll cmsimilar htmlO - Extra context menu item Translate Page into... Read more

A:Malware Wipe And Spyaxe Infestation

Hi,

I have now performed a total restore of my PC so my original problems have been solved, at least for the time being!!

Please close this topic.

Topcat

http://www.bleepingcomputer.com/forums/t/39776/malware-wipe-and-spyaxe-infestation/
Relevancy 55.47%

Hello I have recently tried using a oldlatop that was given to me The first sign of problems was the laptop unbootable boot volume I manage to use the recovery option in a xp installtion disk to fix it Once i boot into the system the computer was very very sluggish Startup would take extremly long time At first i merely attributed this to the bloatware and crappy processor Then I installed various antispyware and antiviruses programs Lo and behold avast malware Severe infestation various form of of caught about malware objects with a boot scan Malwarebytes caught an additional Superantispyware caught another infections Lastly Avira caught infections At this rate I know that there are still malware on my laptop which Severe infestation of various form of malware may be regenerating itself or be stealthed Anyway if you want these logs feel free to ask Thank so much for reading this and here is my hijack this log at the bottom of this post Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files COMODO COMODO livePCsupport CLPSLS exe C WINDOWS system svchost exe C Program Files COMODO COMODO Internet Security cmdagent exe C WINDOWS system svchost exe C Program Files Ahead InCD InCDsrv exe C Program Files Alwil Software Avast AvastSvc exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Common Files Java Java Update jusched exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Real RealPlayer RealPlay exe C Program Files Brother ControlCenter brctrcen exe C Program Files Ahead InCD InCD exe C Program Files COMODO COMODO Internet Security cfp exe C Program Files BillP Studios WinPatrol winpatrol exe C PROGRA ALWILS Avast avastUI exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Sandboxie SbieCtrl exe C Program Files Common Files AOL ee AOLHostManager exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Kodak KODAK Software Updater Program backWeb- exe C Program Files Brother Brmfcmon BrMfcWnd exe C Program Files Common Files AOL ee AOLServiceHost exe c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe C Program Files Common Files AOL ee AOLServiceHost exe C WINDOWS system brsvc a exe C WINDOWS system brss a exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe C WINDOWS system Brmfrmps exe C Program Files Java jre bin jqs exe C Program Files Sandboxie SbieSvc exe C WINDOWS system svchost exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http media fastclick net w safepop cgi cid amp mid amp sid amp c R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WOT Helper - C E A- F - E -BDD -A E FEB - C Program Files WOT WOT dll O - BHO Java tm Plug-In... Read more

Relevancy 55.04%

The system is infested with a bogus antivirus program called Professional Antivirus program It has a green shield icon with a program malware Professional Antivirus infestation / white checkmark It comes up and starts running a scan immediately throws up a bogus Professional Antivirus program / malware infestation Windows Security screen and fake firewall messages The system also has icons on the desktop named spam exe spam exe troj exe pornotube com nudetube com and youporn com The windows taskbar is missing and the task manager has been disabled I have run the DDS and GMER utilities and have attached the logs I am in PST and will be unavailable to respond or work on this again until this evening I am posting the DDS log results below DDS Ver - - - NTFSx Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV Antivirus On-access scanning enabled Outdated e e b- e- - c-f c d b Running Processes c windows system svchost -k dcomlaunchsvchost exec windows system svchost exe -k netsvcsc windows system svchost exe -k wudfservicegroupsvchost exesvchost exeC WINDOWS system spoolsv exeC Program Files Mozilla Firefox firefox exesvchost exeC PROGRA AVG AVG avgwdsvc exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS system igfxtray exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exec windows system svchost exe -k hpdevmgmtc windows system svchost exe -k httpfilterC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Java jre bin jqs exeC WINDOWS SOUNDMAN EXEC WINDOWS ALCWZRD EXEc windows system svchost exe -k hpz c windows system svchost exe -k hpz C Program Files QuickTime qttask exeC Program Files HP HP Software Update HPWuSchd exeC PROGRA AVG AVG avgtray exeC Program Files Java jre bin jusched exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exec windows system svchost exe -k imgsvcC PROGRA AVG AVG avgemc exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files AVG AVG avgcsrvx exeC Program Files AnVi avt exeC Program Files HP Digital Imaging bin hpqtra exeC WINDOWS system msiexec exeC Program Files HP Digital Imaging bin hpqSTE exeC WINDOWS system MsiExec exeC WINDOWS explorer exeC Documents and Settings All Users Desktop Malware dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride lt local gt uInternet Settings ProxyServer http uURLSearchHooks H - No FileuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllmURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllmWinlogon Userinit c windows system userinit exe c program files microsoft desktoplayer exeuWinlogon Shell explorer exe c documents and settings owner application data microsoft windows shell exeuWindows load c docume owner locals temp dwm exeBHO HP Print Enhancer c e- - -bf - c - c program files hp smart web printing hpswp printenhancer dllBHO HP Print Clips f -dc - -a c- f d c - c program files hp smart web printing hpswp framework dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO C C A-E - b - D - CECB - No FileBHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier... Read more

A:Professional Antivirus program / malware infestation

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/349129/professional-antivirus-program-malware-infestation/
Relevancy 55.04%

Hello and thanks for the help I have included my HJT log way down below for analysis I can see some of the malware but before I try any of the various removal tools I need a professional opinion on how best to proceed But first here is the history of the infestation and the current symptoms Yesterday I was using IE on analysis HJT Infestation Malware log needed Severe -- my Win k laptop and simply followed a google search result for how to tune the carburetor on my chainsaw and when I clicked I saw a command prompt window appear which was obviously running an unauthorized executable I immediately closed it but I was already infected Just for the record I have until recently always run the automatic MS update stuff but in April something in the update was running continuously and slowing the laptop to a crawl so I disabled it in utter frustration with HJT log analysis needed -- Severe Malware Infestation M --with the result that I have not had an update to Win k IE or MS Office since April Also I had a pending Java update which I hadn t installed Anyway any of these omissions probably made me vulnerable Immediately after the infection I started seeing unexpected popups from quot Outerinfo quot which was obviously included HJT log analysis needed -- Severe Malware Infestation as one Adware component of the overall Malware payload I did HJT log analysis needed -- Severe Malware Infestation a quick search on Tom Coyote and found some instructions for removing Outerinfo and did so using the Add Remove Programs tool in the control panel Somewhere about this time I saw a popup that wanted me to buy some kind of malware removal tool--obviously part of the payload as well In the spirit of removing things in Add Remove Programs tool that I did not recognize I removed several other suspicious things I then rebooted and opened IE--which was probably a mistake because then all H began to break loose I was getting multiple popups and my porn filter was complaining about porn apparently on my new default home page I then got several application errors from exe programs I did not recognize including g cbvy exe and vedxg ame exe both of which are currently running again per the HJT log below After a few minutes of this I got the dreaded blue screen of death stating that there was a x E quot Stop quot at xC x x x with the following message KMODE EXCEPTION NOT HANDLED I m a little foggy as to the exact sequence of events but I think I then rebooted again opened IE again and the blue screen of death happened again Then on all subsequent reboots Windows would never get fully rebooted instead giving me the same blue screen of death shortly after it gave the startup message quot preparing network connections quot or something like that Just an aside here I have since looked in the event manager and can see messages stating that tcpip sys and c winnt system drivers netdtect sys were both being targeted i e quot file replacement was attempted quot but then Windows quot restored quot them to quot maintain stability quot I suspect that this was related to the problem Anyway I WAS still able to boot the machine in safe mode safe mode with networking gave the blue screen and because of the snippets of information above i deduced that the networking was casing the blue screen so while in safe mode I disabled my Network quot card quot and was thus able to finally reboot the machine again in normal mode--but I don t have a network anymore I then downloaded HJT onto a floppy using another computer and used the floppy to install it on the sick laptop However HJT also seems to be affected by the malware is that possible as it throws an application error The instruction at quot x f quot referenced memory at quot x quot The memory could not be quot read quot every time I attempt to scan and save a log file in one operation I can successfully do a stand-alone scan but then when I press the quot save log quot button HJT terminates immediately with no error message ... Read more

Relevancy 55.04%

I recently had someone else using my computer who somehow ran an undesirable executable causing an infestation on my computer I ve spent the past couple days removing what I could and think I ve done a pretty thorough job however I m not as versed in the removal of spyware/malware with of help removal infestation. recent spyware malware or viruses as I would like to be and was hoping someone could take a look at my most recent Hijackthis logfile and let me know what if anything help with removal of recent spyware/malware infestation. I ve missed Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS System svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Mozilla Firefox firefox exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www netflix com O - BHO no name - SOFTWARE - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - F-BBEE- - - C DE C - C WINDOWS system gebbcya dll O - HKLM Run Jet Detection C Program Files Creative SBAudigy PROGRAM ADGJDet exe O - HKLM Run nwiz nwiz exe install O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run TotalRecorderScheduler quot C Program Files HighCriteria TotalRecorder TotRecSched exe quot O - HKLM Run F-Secure Manager quot C Program Files Charter High-Speed Security Suite Common FSM EXE quot splash O - HKLM Run F-Secure TNB quot C Program Files Charter High-Speed Security Suite FSGUI TNBUtil exe quot CHECKALL WAITFORSW O - HKCU Run Microsoft Works Update Detection C Program Files Microsoft Works WkDetect exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run Ltho quot C WINDOWS system DOBE scanregw exe quot -vt yazb O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Reader Reader reader sl exe O - Global Startup Adobe Reader Synchronizer lnk C Program Files Adobe Reader Reader AdobeCollabSync exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suite fsps program fslsp dll O - Unknown file in Winsock LSP c program files charter high-speed security suit... Read more

A:help with removal of recent spyware/malware infestation.

Post hijack logs from normal mode
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!
 

https://forums.techguy.org/threads/help-with-removal-of-recent-spyware-malware-infestation.618034/
Relevancy 55.04%

Dear TechGuy staff and volunteers First off let me say how thankful I am for the time and dedication that you provide to the internet community I am writing in regards to a malware trojan infestation on my laptop that has gradually made it difficult and frustrating for daily use The problems began small pop-ups and spam with internet traffic that grew to a large divert problem where now I can hardly click any option from a search engine without being redirected to a spam site The various online scanners including HouseCall Kaspersky and ewido all report installation problems when I go to run them even in safe mode w networking and the trial AntiVirus software I ve downloaded for Norton and Kaspersky A cannot connect to install new signatures even manually the links of the company websites do not work and B report no infections Though it PC home infestation on my Malware/trojan office may be psychological the Malware/trojan infestation on my home office PC computer also seems to be running considerably more sluggish than it did in the past Attached is my HJT log below and if there is any more information I can provide please let me know Thank you for your time -Brian Logfile of Trend Micro HijackThis v Scan saved at PM on Malware/trojan infestation on my home office PC Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Apoint K Apoint exe C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Program Files Apoint K ApMsgFwd exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Program Files Apoint K Apntex exe C Program Files Kaspersky Lab Kaspersky Anti-Virus klwtblfs exe C Windows system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www unca edu R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshibadirect com dpdstart R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Anti-Virus ievkbd dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO link filter bho - E CF -D - A- F - F A F - C Program Files Kaspersky Lab Kaspersky Anti-Virus klwtbbho dll O - HKLM Run Apoint C Program Files Apoint K Apoint exe O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User NETWORK SERVICE O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console... Read more

A:Malware/trojan infestation on my home office PC

Bump!
 

https://forums.techguy.org/threads/malware-trojan-infestation-on-my-home-office-pc.856860/
Relevancy 55.04%

Below is my HJT Log I have hguest and hpwis at least and probably more The first symptom I noticed was a few weeks ago when all my cookies started disappearing or not working Message boards and banks started never remembering me from one hour to the next For a while I thought I could deal with that but I eventually noticed that my task manager always said I was running hguest I found it was a malware so I went and found a file called hguest and I deleted it That was a few days ago and the cookies haven t gotten any better But every hour or so an error would pop up and say it can t find hguest Today I started getting bombed with porn popups Several per minute and now and then there is a burst where I can hardly keep up It is doing it as I type this And when I try to use the task manager it says it has been disabled by the administrator The popups are mostly Spanish and Russian language porn sites but a every now and then it tries to download a codec that I reject and now and then it just puts up an error saying that I m not allowed to download a file which is something I m not trying to do I did something I m probably not supposed to do by trying to fix it with HJT this without help I deleted several R s called hpwis It didn t help Here s the current HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C Malware Manager Ups, No Ugly Task Infestation - Pop WINDOWS system services exe C WINDOWS Ugly Malware Infestation - Pop Ups, No Task Manager system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ugly Malware Infestation - Pop Ups, No Task Manager spoolsv exe C WINDOWS system nvsvc exe C Program Files Softex OmniPass Omniserv exe C WINDOWS System svchost exe C Program Files Softex OmniPass OPXPApp exe C WINDOWS Explorer EXE C windows system hpsysdrv exe C Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS System hphmon exe C HP KBD KBD EXE C Program Files Multimedia Card Reader shwicon k exe C WINDOWS ALCXMNTR EXE C WINDOWS system hgcheck exe C Program Files Microsoft Security Adviser msctrl exe C Program Files Microsoft Security Adviser msavsc exe C Program Files Microsoft Security Adviser msscan exe C Program Files Microsoft Security Adviser msiemon exe C Program Files Microsoft Security Adviser msfw exe C Program Files Linksys EasyLink Advisor Linksys EasyLink Advisor LinksysAgent exe C WINDOWS system ctfmon exe C Documents and Settings Owner Local Settings Application Data Google Update GoogleUpdate exe C WINDOWS system rundll exe C Program Files Calendarscope cs exe C Program Files Trillian trillian exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Security Adviser mssadv exe D Installers Spyware HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - Toolbar HP View - B E - D D- DEB- B - D BCF F - c Program Files Hewlett-Packard Digital Imaging bin hpdtlk dll O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run CamMonitor c Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe O - HKLM Run HP Software Update quot c Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HPHUPD c Program Files Hewlett-Packard B B-DCAB- - EE - F hphupd exe O - HKLM Run HPHmon C WINDOWS System hphmon exe O - HKLM Run KBD C HP KBD KBD EXE O - HKLM Run StorageGuard quot C Program Files Common Files Sonic Update Manager... Read more

A:Ugly Malware Infestation - Pop Ups, No Task Manager

I managed to get things fixed, I think.
 

https://forums.techguy.org/threads/ugly-malware-infestation-pop-ups-no-task-manager.753938/
Relevancy 55.04%

Hello Thanks for giving your time and experience to help others I have spent most of the day trying to rid a friend s laptop of multiple malware programs and now seem to be seeing some of the same ones returning Also after I do a search in Google if I press a link I may go to an unrlated site Also although I thought I had Infestation and Google Hijacking Link Malware removed SystemDefender it still pops up every so often This laptop belongs to Malware Infestation and Google Link Hijacking a college freshman and I m trying to get it cleaned up for him since classes start in a day and a half It is a Gateway MX Intel Core T GHz GB RAM running Windows XP Media Center Edition Version SP It has AVG Free Ad-Aware and Spybot Search amp Destroy on it When I got the laptop it was showing quot Virus Alert quot in the task tray where the clock should be and My Computer was missing and the Start Menu was missing Run Control Panel and other things I started it in Safe Mode I ran MSCONFIG and disabled everything I couldn t verify should be running by googling it on another computer I also ran AVG in Safe Mode After rebooting the Start Menu seemed to be OK again I downloaded Malwarebytes Anti-Malware and SUPERAntispyware Free and ran those I then updated the definitions for AVG and Spybot S amp D and ran them I updated Anti-Malware and ran that again too I have not yet run Ad-Aware I am running Kapersky on-line at the moment Some things that were deleted Vundo FakeAlert Agent Dropper Zlob WinAniSpyware Multiple AVG deleted about items in Safe Mode and Malwarebytes Anti-Malware deleted about items I can t remember what else was deleted In subsequent scans Vundo and FakeAlert show up again Then in trying to find some solutions from that laptop I found that the Google links are getting hijacked I found a thread on techguy about that but there were a lot of hijackthis logs and I think I m at the point that I need help I didn t know if I should start out with a HijackThis log but here it is Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C PROGRA AVG AVG avgrsx exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE c Program Files Microsoft LifeCam MSCamS exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C PROGRA AVG AVG avgemc exe C WINDOWS system dllhost exe C WINDOWS Explorer EXE C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C WINDOWS stsystra exe C Program Files Motorola SMSERIAL sm hlpr exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Java jre bin jusched exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Logitech QuickCam Quickcam exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files iPod bin iPodSer... Read more

A:Malware Infestation and Google Link Hijacking

I've continued to run AVG, Malwarebytes' Anti-Malware and SUPERAntispyware Free, Ad-Aware, and Spybot S&D, looked carefully at every line from HijackThis, made a couple of registry tweaks (saved the entries before changing them), and I think I've gotten all the malware off the laptop -- ran all the above software and only hit two tracking cookies.

But the Google problem is still there. I think this could be an exploit based on DNS poisoning because the laptop is still Windows XP SP2. Somehow the control panel said automatic updates were on but they were turned off in the services. I turned them back on and am installing SP3. Then I'll install all subsequent updates and see if the Google prblem is resolved. I know this was fixed in Windows and a lot of other software recently. I'm running a fully updated laptop next to the problem machine, both connected to the same wireless router, and my laptop has no problems with Google while my friend's laptop does.
 

https://forums.techguy.org/threads/malware-infestation-and-google-link-hijacking.743059/
Relevancy 52.46%

Hi all Hoping I can get some help Seem to have managed to really mess up my laptop Basically in Normal windows mode dllhoste exe seems to eat all my system resources and then I get a blue screen of death In Please Google and help crashes - dllhost of infestation death redirects screen - blue malware safe mode I can use most things but it is slow and unresponsive Below Please help - malware infestation - Google redirects and blue screen of death dllhost crashes is my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista Please help - malware infestation - Google redirects and blue screen of death dllhost crashes SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network supportRunning processes C Windows Explorer EXEC Program Files Windows Media Player wmpnscfg exeC Program Files Mozilla Firefox firefox exeC Windows system wbem unsecapp exeC Windows explorer exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www club-vaio comR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www club-vaio comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook LongTailVideo Toolbar - bcec b-aa - de - d- d a e ba - C Program Files LongTailVideo tbLong dllO - Hosts localhostO - Hosts thepiratebay orgO - Hosts www thepiratebay orgO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO LongTailVideo Toolbar - bcec b-aa - de - d- d a e ba - C Program Files LongTailVideo tbLong dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C PROGRA GOOGLE BAE dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Veoh Web Player Video Finder - FBB -D D - f a-A E - B BFC - C Program Files Veoh Networks VeohWebPlayer VeohIEToolbar dllO - Toolbar LongTailVideo Toolbar - bcec b-aa - de - d- d a e ba - C Program Files LongTailVideo tbLong dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run IgfxTray C Windows system igfxtray exeO - HKLM Run HotKeysCmds C Windows system hkcmd exeO - HKLM Run Persistence C Windows system igfxpers exeO - HKLM Run RtHDVCpl RtHDVCpl exeO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run ISBMgr exe quot C Program Files Sony ISB Utility ISBMgr exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot O - HKLM Run oD quot C Program Files Kontiki... Read more

A:Please help - malware infestation - Google redirects and blue screen of death dllhost crashes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/239289/please-help-malware-infestation-google-redirects-and-blue-screen-of-death-dllhost-crashes/
Relevancy 48.16%

Hello new poster long time reader admirer of this site A few days ago my computer IE, general sluggish Onset of performance started chugging pretty slowly I haven't installed any new programs or downloaded anything including updates etc I'm pretty good about scanning defragging my computer weekly as well Here are some examples of the slowdown Significant lag when opening a new Internet Explorer window Significant lag when opening any new program Computer sometimes half opens a program like IE and chugs for about seconds then slowly loads the program In addition I'm not sure if this is related but I turned on the computer to day to have nothing work I would be able to double click an item my DSL connection for instance and it would flash like it's opening then nothing would happen My quick launch buttons are pressed and stay depressed I had to Onset of sluggish IE, general performance restart a few times to get it working Also after looking at the setup menu pre-boot F I escape and choose exit then the computer beeps and says unable to boot from network or something to that effect Press F to retry and F to return to setup utility Is there any sort of diagnostics program that can tell me what's wrong Or should I just system restore one week past or just scan through everything again Thanks

A:Onset of sluggish IE, general performance

Here you go http://pcworld.about.com/magazine/2202p074bid114030.htm also try the site www.pcpitstop.com.

http://www.techsupportforum.com/forums/f10/onset-of-sluggish-ie-general-performance-74344.html
Relevancy 48.16%

I would like the answer to this problem....whenever I try to game in any type of position, situation.......I am frustrated. I think my 9800 pro is quitting on me slowly, and I dont know for sure, since I just replaced my motherboard and processor with a combo from Monarch Computers(ASUS A8V Delux-64Bit capable) and athalon 3200+.
I am running out of places to find answers, because I there seems to be noone out there capable of figuring out this pickle.

Online work is normal and as usual. Whenever I try to play an online game, the system restarts itself. EVERY TIME sdssdsd
 

A:System Crashes @ onset of games

are you running any firewalls, such as zone alarm? if so have you enabled them to run your game?
 

https://forums.techguy.org/threads/system-crashes-onset-of-games.364984/
Relevancy 47.3%

I am running Windows x on a HP G Laptop bad Driver? Malware or sudden Yesterday night or early this morning I opened an exe that I really shouldn t have My computer immediately got BSOD Blue screen of death and rebooted There was no damage done to the computer however whenever i would turn on my Wireless via HP SmartButton next to the Power Button it would get BSOD and restart I have uninstalled Malware or sudden bad Driver? and reinstalled chrome uninstalled and updated my wireless card driver run just about every malware virus scan you can imagine But to no avail The BSOD never stays up long enough for me to really read it My most recent Malwarebytes scan had something Malware or sudden bad Driver? about HKEY CURRENT USER SOFTWARE Cerberus Backdoor Trace which it removed and quarantined Upon requested restart the machine went into BSOD after log-in I had about minidump files from today but ran a system restore to a week ago and now only have or If a Hijack or Malwarebytes report or the dump files or blue screen logs would be of help I would be glad to provide them I am running Windows x on a HP G Laptop

A:Malware or sudden bad Driver?

Hi all,

New member here.

I opened an infected executable yesterday, which immideately gave me BSOD. After it rebooted, it seemed to only be when I turned the wireless card on. It has since spread to other things such as opening programs, browsers, etc.

Here are the 5 dump files. I had about 10 earlier but ran a system restore (from a week ago) and these are the only 4 dumps I have since then.

==================================================
Dump File : 123110-25272-01.dmp
Crash Time : 12/31/2010 1:13:46 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : fffff880`08d25748
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff880`01348074
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+13074
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\123110-25272-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 276,952
==================================================

==================================================
Dump File : 123110-27924-01.dmp
Crash Time : 12/31/2010 12:35:10 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000090
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`022d6995
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\123110-27924-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 270,696
==================================================

==================================================
Dump File : 123010-27019-01.dmp
Crash Time : 12/30/2010 6:02:27 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`02eaf2b3
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\123010-27019-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 276,888
==================================================

==================================================
Dump File : 123010-25209-01.dmp
Crash Time : 12/30/2010 5:39:46 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02ecfcd8
Parameter 3 : 00000000`00000000
Parameter 4 : ffffffff`ffffffff
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\123010-25209-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 276,952
==================================================

==================================================
Dump File ... Read more

http://www.bleepingcomputer.com/forums/t/370380/malware-or-sudden-bad-driver/
Relevancy 47.3%

Hello Names Jason Hopefully someone can help me with this I downloaded a video malware Sudden after Ovoo?? chat program Sudden malware after Ovoo?? called Ovoo the other day my fiance lives miles from me she did the same and we both began finding viruses through avast Removed the viruses and thought we were fine I noticed though that my internet seemed slower so I checked the task manager and found Bjb exe which I had never seen before Sudden malware after Ovoo?? Researched ran hjt and the logfile also found some Sudden malware after Ovoo?? weird things It showed some entries of nameservers related to domain hijacking Which I removed I also removed the Bjb exe with avast before this and it came back after restart I researched the IP s listed with the nameserver entries and they led me back to a very suspicious Ukraine based company ukrtelegroup com ua Not sure what s going on but I own a few websites so the domain hijacking bit is scary Any help would be great Oh ya forgot something When I restarted my machine a bit ago avast network shield blocked access to gamecetera com never done that before I wasn t even getting online I had just restarted I can paste the hjt logfile if you guys like as well but for now here s the dds DDS Ver - - - NTFSx Run by Jason at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes E WINDOWS system svchost -k DcomLaunchsvchost exeE WINDOWS System svchost exe -k netsvcssvchost exesvchost exeE Program Files Alwil Software Avast aswUpdSv exeE Program Files Alwil Software Avast ashServ exeE WINDOWS Explorer EXEE PROGRA ALWILS Avast ashDisp exeE Program Files VIA VIAudioi HDADeck HDeck exeE Program Files Common Files LogiShrd LComMgr Communications Helper exeE Program Files Common Files Java Java Update jusched exeE WINDOWS system spoolsv exesvchost exeE Program Files Bonjour mDNSResponder exeE Program Files Java jre bin jqs exeE Program Files Common Files LogiShrd LVCOMSER LVComSer exeE Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeE Program Files REALTEK USB Wireless LAN Utility RtlService exeE WINDOWS system svchost exe -k imgsvcE WINDOWS System vssvc exeE Program Files Yahoo SoftwareUpdate YahooAUService exeE Program Files Alwil Software Avast ashMaiSv exeE Program Files Alwil Software Avast ashWebSv exeE Program Files Common Files Logishrd LQCVFX COCIManager exeE Program Files Common Files LogiShrd LVCOMSER LVComSer exeE WINDOWS System svchost exe -k HTTPFilterE Program Files Mozilla Firefox firefox exeE Program Files Skype Phone Skype exeE Program Files Skype Toolbars Shared SkypeNames exeE Documents and Settings Jason Desktop dds scr Pseudo HJT Report uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - e program files yahoo companion installs cpn yt dllBHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - e program files yahoo companion installs cpn yt dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - e program files common files adobe acrobat activex AcroIEHelperShim dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - e program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - e program files java jre lib deploy jqs ie jqs plugin dllBHO SingleInstance Class fdad da - a - fd - c - f ac - e program files yahoo companion installs cpn YTSingleInstance dllTB Yahoo Toolbar ef bd -c fb- d - f- d f - e program files yahoo companion installs cpn yt dlluRun IBP uRun M T QL YW e docume jason locals temp Bjb exemRun avast e progra alwils avast ashDisp exemRun HDAudDeck e program files via viaudioi hdadeck HDeck exe mRun QuickTime Task quot e program files quicktime qttask exe quot -atboottimemRun LogitechCommunicationsManager quot e program files common files logishrd lcommgr Communications Helper exe quot mRun LogitechQuickCamRibbon quot e program files logitech quickcam Quickcam exe quot hidemRun Adobe Reader S... Read more

A:Sudden malware after Ovoo??

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/316100/sudden-malware-after-ovoo/
Relevancy 47.3%

Hey all I just hope someone here can help with my problem I have an ASUS N SF laptop that is about years old Very recently it has been giving me blue screen errors I have used blue screen viewer and tried updating some drivers and my net framework - however it still seems to be happening To my recollection I have Ntoskrnl/wdfsys01000.sys BSOD Random - onset not installed any recent new programs the only thing that may update are Random onset BSOD - Ntoskrnl/wdfsys01000.sys games in my steam library I can power on my PC on safe mode with network connection indefinitely however in windows proper it will blue Random onset BSOD - Ntoskrnl/wdfsys01000.sys screen at some point Very recently now also the battery light is flashing orange - even when connected to AC power I have looked through other topic posts but am unable to solve the problem on my own I would be most grateful if anyone can help me OS - Windows home premium bit Processor - Intel Core i QM CPU GHz Graphics card - NVIDIA GeForce GT M GB DDR VRAM As specified ALL my dmp files are attached - yeah there are a few Thanks in advance Kind regards Saj

A:Random onset BSOD - Ntoskrnl/wdfsys01000.sys

Hello,


Code:
Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed.
This is caused by a corrupt install of an Anti-Virus program. Which ever AV you have uninstall it completely, and I recommend installing Microsoft Security Essentials - Microsoft Windows


Code:
Probably caused by : memory_corruption
It's possible that there may be something wrong with your ram. Run a RAM - Test with Memtest86+
Run for atleast 8 hours!

After this post back results.

-Gamer

http://www.sevenforums.com/bsod-help-support/330021-random-onset-bsod-ntoskrnl-wdfsys01000-sys.html
Relevancy 46.87%

Yesterday evening, the HD on my laptop suddenly started going mad. I don't know what was causing it, but no other application could run.

I re-booted in safe-mode, and ran anti-malware scans (all just updated) - Microsoft Security Essentials, AntiMalwareBytes and SuperAntiSpyware. Nothing showed up, but the HD activity stopped. I also downloaded and ran Autoruns, but I couldn't see anything that was obviously alien.

Is there a reasonable explanation for this (perhaps index rebuilding, or something)? If not, is there a way I can tell next time what's causing this burst of activity, so I can deal with it?

Thanks

A:Sudden very heavy HD usage - malware?

Open task manager to the processes tab, sort on the cpu column, and see if any process is spiking

http://www.bleepingcomputer.com/forums/t/386994/sudden-very-heavy-hd-usage-malware/
Relevancy 46.87%

I have noticed that recently today my computer has been acting up I have noticed that DVD s put into my computer have been skipping and so has the itunes music on my hard drive when I try to play it music all of a Malware? DVD's sudden. and Slow This has Slow music and DVD's all of a sudden. Malware? been a recent development and I am not sure Slow music and DVD's all of a sudden. Malware? if it is due to some type of Malware I have a Compaq Presario V and I am using Trend Micro Office Scan I have added my HJT log below Thank you for your help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Trend Micro OfficeScan Client ntrtscan exe C WINDOWS system svchost exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files Trend Micro OfficeScan Client tmlisten exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Trend Micro OfficeScan Client TmPfw exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files HP QuickPlay QPService exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files iTunes iTunesHelper exe C Program Files Canon MyPrinter BJMyPrt exe C Program Files Hp HP Software Update HPWuSchd exe C WINDOWS system rundll exe C Program Files Trend Micro OfficeScan Client pccntmon exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C WINDOWS exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqimzone exe C PROGRA hpq Shared HPQTOA EXE C Program Files Trend Micro OfficeScan Client CNTAoSMgr exe C WINDOWS TEMP TO F A EXE C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Mozilla Firefox firefox exe C Program Files Uniblue RegistryBooster RegistryBooster exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot mailurl mailto email protected R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run QPService quot C P... Read more

A:Slow music and DVD's all of a sudden. Malware?

bump
 

https://forums.techguy.org/threads/slow-music-and-dvds-all-of-a-sudden-malware.839547/
Relevancy 46.87%

Hello, I was suddenly infected with a malware or something that keeps the computer in this loop that tells me I'm infected,that I need to install a cure program (Spyware recover 2009 or something). It keeps opening up WARNING! and DANGER windows...It has removed my desktop image and plays loud obnoxious music and instructions for building a "james bond blue laser". I normally work on a mac but this is a PC that runs some machines in my shop. Please help!

A:I need help curing sudden infection of malware

Hello and welcome to BC. I am moving this to the Am I Infected forum from XP for scans. Hopefully we'll have you cleaned out quick.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

http://www.bleepingcomputer.com/forums/t/211799/i-need-help-curing-sudden-infection-of-malware/
Relevancy 46.87%

My problem is that ever since around December th all my programs have been frequently hanging ie temporarily freezing and saying not responding The problem has gotten a little better after I tried uninstalling some things running CCleaner and switching from AVG to adaware anti virus Once odd thing that happened is has going is it slow a - malware? all sudden of my been computer that all my system restore points disappeared At first after the slowless started I had the ability to use system restore but I did not choose to at that time Then like a week later I opened up system restore and was surprised to find that it said I have no restore points Is that normal or is that proof of a virus At another point a message appeared in the bottom right hand of the desktop screen that said this isn t a my computer has been going slow all of a sudden - is it malware? genuine version of windows or something like that It was only for a few minutes so I forgot the exact message Sometimes it s been showing a blue screen my computer has been going slow all of a sudden - is it malware? and crashing causing me to re-boot I didn t write down what the blue screen said This happens every few days and it didn t happen nearly that often before Something that happened before the slowness was that I bought a bluetooth adapter to plug into the usb I bought two only the second one worked I don t how else I might ve been infected since I don t download much and haven t been using bittorrent I attached two screenshots of messages that displayed when I tried to follow the directions in the sticky Thank you Tech Support Guy System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Core TM i - M CPU GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card Intel R HD Graphics Family Mb Hard Drives C Total - MB Free - MB D Total - MB Free - MB E Total - MB Free - MB Motherboard Hewlett-Packard Antivirus Ad-Aware Antivirus Updated and Enabled Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C Users Tim AppData Local FluxSoftware Flux flux exe C Program Files TrueCrypt TrueCrypt exe C Users Tim AppData Local Amazon Cloud Player Amazon Music Helper exe C Program Files x Google Gmail Notifier gnotify exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Adobe Acrobat Acrobat acrotray exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Program Files x Common Files microsoft shared virtualization handler cvh exe C Program Files x Common Files microsoft shared virtualization handler OfficeVirt exe C Program Files x Windows Media Player wmplayer exe C Program Files x HP SimplePass TouchControl exe C Program Files x HP SimplePass BioMonitor exe Q enu Office WINWORDC EXE Q enu Office OffSpon EXE C Users Tim Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search yahoo com type amp fr spigot-yhp-ie R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll O - BHO Java tm Plug-In SSV Helper -... Read more

Relevancy 46.87%

I have a crappy little laptop that I use out in the living room, I don't do much with it other than browsing and Netflix. Recently, I've seen the following seemingly malicious message appearing above my systray.

Speccy

A:Sudden Malware Warning. No system changes.

I would suggest removing that belarc link, your office key is open to the world.

http://www.sevenforums.com/system-security/305803-sudden-malware-warning-no-system-changes.html
Relevancy 46.87%

Hello I was surfing the net a little bit ago and hung on a web site Immediately afterwards I started getting all these quot XP Security popups quot the popups looked EXACTLY like a real window perhaps it was but kept saying quot unregistered version quot This is my work laptop so everything is typically registered It showed several of my c directories and various malware infections said I have of them I didn t click on the window but did delete the popup window s through task manager Down where the XP shield is on my tool task bar bottom right by clock I keep getting the callout windows saying my security has been compromised etc My machine runs mcafee but i didn t see anything suspicous found in recent scans Please help me My laptop had crashed a few weeks back bad hard drive and I just got myself all pulled together again only to get this The IT staff at my company is massive - malware XP issues!! sudden typically not much help the answers are always quot we will have to rebuild your machine XP - sudden massive malware issues!! quot and I can t afford that unless absolutely necessary I ve used you guys before and have recommened people to you and know you guys rock hoping you can help me Thanks in advance My hijack log is below Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel WiFi bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Intel WiFi bin EvtEng exe C Program Files McAfee FrameworkService exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C oracle product client bin omtsreco exe C Program Files Common Files Intel XP - sudden massive malware issues!! WirelessCommon RegSrvc exe C Program Files Utimaco SafeGuard Easy SgeCtl exe C WINDOWS system StacSV exe C Program Files UPHClean uphclean exe C Program Files Utimaco SafeGuard Easy WksCfgSrv exe C Program Files Intel WiFi bin WLKeeper exe C WINDOWS system CCM CcmExec exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files SigmaTel C-Major Audio WDM stsystra exe C Program Files Utimaco SafeGuard Easy Ecview exe C WINDOWS system igfxsrvc exe C Program Files McAfee udaterui exe C Program Files Java jre bin jusched exe C Program Files McAfee McTray exe C Program Files Intel WiFi bin ZCfgSvc exe C Program Files Common Files Intel WirelessCommon iFrmewrk exe C WINDOWS system wbem unsecapp exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Cisco Systems VPN Client vpngui exe C WINDOWS system taskmgr exe C Documents and Settings jacksonn Local Settings Application Data ave exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride jsqpstsps josqpstssr poprojapp adpcorp com nj adp com bis adp com jsq bsg ad adp com bsgint adp com bsg ad adp com rbcportal fg rbc com ad... Read more

A:XP - sudden massive malware issues!!

downloaded Microsoft Security essentials and that detected win32/FakeRean as well as another item. The security essentials program cleaned it up a nd all seems better now. this site is the best. thanks guys!!!
 

https://forums.techguy.org/threads/xp-sudden-massive-malware-issues.918776/
Relevancy 46.87%

I haven t found any malware before now on average McAfee finds avg Would you please ready my scriptfraud and HJT Thank you so much SmitFraudFix v Scan done at Tue Run from C Documents and Settings Owner Desktop SmitfraudFix OS Microsoft Windows XP Version - Windows NT The filesystem type is NTFS Fix run in normal mode Process C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program avg. malware Solved: detection 27 sudden Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Windows Defender MSASCui exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C DOCUME Owner MYDOCU COMCAS data xtras mssysmgr exe C Program Files Dell Support Center bin sprtcmd exe C WINDOWS system dllhost exe C WINDOWS System svchost exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA Solved: sudden malware detection avg. 27 McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee mcproxy mcproxy exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C Program Files McAfee MPF MPFSrv exe C PROGRA McAfee MPS mps exe C WINDOWS system HPZipm exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS System vssvc exe C WINDOWS system svchost exe C WINDOWS System dmadmin exe C Program Files McAfee MPS mpsevh exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe c PROGRA mcafee VIRUSS mcvsshld exe C WINDOWS system cmd exe hosts C C WINDOWS C WINDOWS system C WINDOWS Web C WINDOWS system C WINDOWS system LogFiles C Documents and Settings Owner C Documents and Settings Owner Application Data Start Menu C DOCUME Owner FAVORI Desktop C Program Files Corrupted keys Desktop Components HKEY CURRENT USER Software Microsoft Internet Explorer Desktop Components quot Source quot quot About Home quot quot SubscribedURL quot quot About Home quot quot FriendlyName quot quot My Current Home Page quot IEDFix Attention following keys are not inevitably infected IEDFix Credits Malware Analysis amp Diagnostic Code S Ri VACFix Attention following keys are not inevitably infected VACFix Credits Malware Analysis amp Diagnostic Code S Ri Sharedtaskscheduler Attention following keys are not inevitably infected SrchSTS exe by S Ri Search SharedTaskScheduler s dll AppInit DLLs Attention following keys are not inevitably infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Windows quot AppInit DLLs quot quot quot Winlogon System Attention following keys are not inevitably infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon quot System quot quot quot Rustock DNS Description Intel R PRO VE Network Connection - Packet Scheduler Miniport DNS Server Search Order DNS Server Search Order HKLM SYSTEM CCS Services Tcpip FBA F - EC - -AAA - BA D DhcpNameServer HKLM SYSTEM CS Services Tcpip FBA F - EC - -AAA - BA D DhcpNameServer HKLM SYSTEM CS Services Tcpip FBA F - EC - -AAA - BA D DhcpNameServer HKLM SYSTEM CCS Services Tcpip Parameters DhcpNameServer HKLM SYSTEM CS Services Tcpip Parameters DhcpNameServer HKLM SYSTEM CS Services Tcpip Parameters DhcpNameServer Scanning for wininet dll infection HJT Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Windows Defender M... Read more

Relevancy 46.87%

Friends I need some ideas here - this is a cobbler s kids story My wife s - ??? Sudden-death malware - Blackscreen no own lovely and spirited HP DC with XP Pro SP squeaky clean lots of ram - normally flawless operation I use a Belkin wireless card for connectivity So this morning I tinkered with my DD-WRT router rig and that forced a need for the Sudden-death Blackscreen - no malware - ??? various machines to renew their IP Did that on hers a few moments ago All looked good So fired up Chrome and hit a web page and quot BAM quot - sudden death prior to the screen actually displaying the web page Quick Black Screen followed by an uneventful reboot came up quickly the way I like If this were an unknown machine that had a pattern of such I would be looking for overtemp condition This one is free of obstruction and apparently cooling normally but it sure smells like a hardware or driver issue Sudden-death Blackscreen - no malware - ??? of some sort All wisdom gratefully received Thanks nbsp

A:Sudden-death Blackscreen - no malware - ???

Try a system restore from safe mode if you can get into safe mode?
 

https://forums.techguy.org/threads/sudden-death-blackscreen-no-malware.955534/
Relevancy 46.87%

I recently joined a forum http www Sudden using ups forum pop when Malware/virus ukscooterforum co uk forums index php and everything was going great until i came home from work tried to go on one topic as new posts had been made all of a sudden Avast pops up out of nowhere and tells me theres viruses spyware malware similar to what this guy had http forums techguy org malware-removal-hijackthis-logs -infected-vbs-malware-gen-win html Avast gave me this info about one fo the viruses File name http www ukscooterforum co uk forums viewtopic php t Malware name VBS Malware-gen Sudden Malware/virus pop ups when using forum Malware type Virus worm VPS version - the next Avast pop up had this to say File name C Documents and Settings Daniel Blythe Local Settings Application Data Mozilla Firefox Profiles avrrr s default Cache BE d Malware name VBS Malware-gen Malware type Virus worm VPS version - i think this was the same as above So what i did then was found the link i displayed earlier but i tried running through what it said but my com went a bit crazy and wouldn t enter the advance options after the bleep And basically this is the only time that Avast ha ever come up with this virus And i can t get on any of the topics on the UK Scooter Forum anymore as both anti virus malware pop ups come up everytime S What happening PLEASE CAN THIS BE FIXED SOMEHOW any help IS sooooooooooooooo much appreciated Thanks in advance for any help Daniel nbsp

A:Sudden Malware/virus pop ups when using forum

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

https://forums.techguy.org/threads/sudden-malware-virus-pop-ups-when-using-forum.675626/
Relevancy 46.87%

Today around or so I was browsing Help! Spyware/Malware attack Sudden around this blogspot site in order to download some files off of mediafire I downloaded Help! Sudden Spyware/Malware attack a couple of files and then all of these pop-ups started popping up one of which asking me to install some sort of antivirus program which I said no to Then more pop-ups kept on popping up and system pop-ups popped up saying that it couldn't open various files that I have never seen before in my life It was that type of system pop-up that comes up when the pc doesn't recognize the file type and doesn't know what program to use to open it It gives those two options of picking a program from a list or using the internet service to find the proper program Anyhow so I tried to do a system restore but found that there were no restore points except for one dated as today at pm which is about the time when all the spyware and stuff popped up I did not go through with that restore I believe that there is also a problem concerning this wscntfy exe file in my C Windows System I kept on getting those warnings on my toolbar saying that windows updates weren't enabled so I checked the security center settings On the main screen of the security settings it says that the updates are disabled But when I click on automatic updates under quot Manage security settings for quot it says that Automatic updates are on Besides that random websites keep popping up periodically whenever I'm using Firefox which is the browser I typically use Thanks for the help in advance gt lt Here are the contents of the dds text file DDS Version - NTFSx Run by Kristine at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated FW Norton Internet Worm Protection enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system ctfmon exe C WINDOWS system conime exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exe C PROGRA AVG AVG avgrsx exe C Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exe C Program Files Sony Sony TV Tuner Library SMceMan exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Program Files Viewpoint Common ViewpointService exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C WINDOWS system dllhost exe C Program Files Sony Sony TV Tuner Library RM SV exe C WINDOWS AGRSMMSG exe C WINDOWS ehome ehtray exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C WINDOWS System spool DRIVERS W X E FATIADA EXE C WINDOWS eHome ehmsas exe C Program Files Sony VAIO Update VAIOUpdt exe C PROGRA Sony SONICS SsAAD exe C PROGRA AVG AVG avgtray exe C WINDOWS system rundll exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files AIM aim exe C Program Files DAEMON Tools Lite daemon exe C Program Files Glary Utilities memdefrag exe C Program Files Windows Media Player WMPNSCFG exe C Program Files AIM aolsoftware ... Read more

A:Help! Sudden Spyware/Malware attack

I forgot to mention that after the "attack," I did an AVG scan of my computer and it found 4 files, various cookies, and "healed" them, but the problems listed above persisted.
The infections listed under AVG's history are all this gadcom.exe file(found in four locations on my C: drive).

Also, this pop-up that says "Unhandled Exception" keeps popping up. It says "aawservice.exe has unfortunately experienced an unhandled exception and was forced to close. Please submit this error and we will endeavor to solve the problem as soon as possible." It gives some information, which I assume is the crash report, and then gives two options (to send or not send the crasp report to Lavasoft). This deals with my Adaware software, which isn't the latest version; it is Adaware 2007 (not 2008).

http://www.techsupportforum.com/forums/f284/help-sudden-spyware-malware-attack-327751.html
Relevancy 46.44%

I have a Pavilion DV laptop Gigs of RAM Windows SP and was recently infected with Malware which I tried to remove myself I have done this in the past and been successful which I thought I was this time after removing threats indicated from Malwarebytes However my computer is still running very sluggish and something just doesn't seem right I have attached the logs requested and I appreciate any help in advance DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by SEAN at on - - Microsoft Windows Laptop slow all running to malware of due very sudden a Home Premium GMT - SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files IDT WDM STacSV exe C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k LocalService C Windows system Hpservice exe C Windows system svchost exe -k NetworkService C Windows System Laptop all of a sudden running very slow due to malware spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files IDT WDM AESTSr exe C Program Files Intel BluetoothHS BTHSAmpPalService exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Laptop all of a sudden running very slow due to malware Intel BluetoothHS BTHSSecurityMgr exe C Program Files x CinemaNow CinemaNow Media Manager CinemanowSvc exe C Program Files x Digidesign Drivers MMERefresh exe C Program Files x Hewlett-Packard HP Quick Launch HPWMISVC exe c Program Files x Common Files Protexis License Service PsiService exe C Program Files x Microsoft Application Virtualization Client sftvsa exe C Windows System svchost exe -k secsvcs C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Microsoft Application Virtualization Client sftlist exe C Laptop all of a sudden running very slow due to malware Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Common Files Microsoft Shared Virtualization Handler CVHSVC EXE C Windows System alg exe C Windows system SearchIndexer exe C Program Files x Hewlett-Packard HP Support Framework hpsa service exe C Program Files Hewlett-Packard HP Wireless Assistant HPWA Service exe C Program Files x Intel Intel R Management Engine Components LMS LMS exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Hewlett-Packard Shared hpqWmiEx exe C Windows system wbem wmiprvse exe C Program Files x Intel Intel R Management Engine Components UNS UNS exe C Windows system taskhost exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files IDT WDM sttray exe C Program Files Hewlett-Packard HP MediaSmart SmartMenu exe C Windows System igfxpers exe C Program Files Microsoft Mouse and Keyboard Center itype exe C Program Files Microsoft Mouse and Keyboard Center ipoint exe C Windows System igfxtray exe C Windows System hkcmd exe C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Hewlett-Packard Media Webcam YCMMirage exe C Program Files Hewlett-Packard HP Wireless Assistant HPWA Main exe C Windows sysWOW wbem wmiprvse exe C Windows system wbem WmiApSrv exe C Program Files x Mozilla Firefox firefox exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows System cscript exe Pseudo HJT Report dURLSearchHooks A BC A - F - -AA - D C - lt orphaned gt BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO E DDE - B E- CE- B -DC BF F B - lt orphaned g... Read more

Relevancy 46.44%

Hi everyone im hoping someone out there can help with this problem ive got days ago i downloaded some movies bad internet malware of access' after alot sudden 'no using rapidshare flashget which i do all the time with no problems however this time immediatly after my laptop will connect to the network but with no internet access Ive tried everything within my power and ive been trying to teach myself how to fix this using forums etc but im getting nowhere and sudden 'no internet access' after alot of bad malware very frustrated a little before this happened and since ive had a few warnings detection of malware spyware and ive got a incling that they are related There are laptops using this network aswell and they have had no problem at all which seems to suggest the problem is my end types of virus mal badsrc- mal JSShell-B Troj fujif-Gen im using windows on an Assus X DIJ trying to connect to Gigaset SE from telus ive tried ipconfig release and renew plus Flushing of DNS and sudden 'no internet access' after alot of bad malware a few other bits n bobs i saw on forums but im notgetting anywhere also tried disabling atheros wireless connection and re-enabling it here is my ipconfig results C Users More thangreen gt ipconfig all Windows IP Configuration Host Name DelilahII Primary Dns Suffix Node Type Hybrid IP Routing Enabled No WINS Proxy Enabled No DNS Suffix Search List domain invalid Wireless LAN adapter Wireless Network Connection Media State Media disconnected Connection-specific DNS Suffix Description Microsoft Virtual WiFi Miniport Adapter Physical Address A- B-D - -E - A DHCP Enabled Yes Autoconfiguration Enabled Yes Ethernet adapter Local Area Connection Connection-specific DNS Suffix sudden 'no internet access' after alot of bad malware domain invalid Description Atheros AR AR AR PCI-E Ethern et Controller Physical Address - B- - - - D DHCP Enabled Yes Autoconfiguration Enabled Yes Link-local IPv Address fe cf cb ef Preferred IPv Address Preferred Subnet Mask Lease Obtained November Lease Expires November Default Gateway DHCP Server DHCPv IAID DHCPv Client DUID - - - - - -B -FE- C- B-D - -E - A DNS Servers NetBIOS over Tcpip Enabled Wireless LAN adapter Wireless Network Connection Connection-specific DNS Suffix domain invalid Description Atheros AR Wireless Network Adapter Physical Address C- B-D - -E - A DHCP Enabled Yes Autoconfiguration Enabled Yes IPv Address Preferred Subnet Mask Lease Obtained November Lease Expires November Default Gateway DHCP Server DNS Servers NetBIOS over Tcpip Enabled Tunnel adapter isatap BBE CD- C- B- - EC BB C Media State Media disconnected Connection-specific DNS Suffix Description Microsoft ISATAP Adapter Physical Address - - - - - - -E DHCP Enabled No Autoconfiguration Enabled Yes Tunnel adapter Teredo Tunneling Pseudo-Interface Media State Media disconnected Connection-specific DNS Suffix Description Teredo Tunneling Pseudo-Interface Physical Address - - - - - - -E DHCP Enabled No Autoconfiguration Enabled Yes Tunnel adapter isatap domain invalid Media State Media disconnected Connection-specific DNS Suffix domain invalid Description Microsoft ISATAP Adapter Physical Address - - - - - - -E DHCP Enabled No Autoconfiguration Enabled Yes Ive also had the following script error message http client kuaiche com client download right english index html i cant pint any http site but when plugged into the router i get something back from the dns ip but cant access it in browser Mozila The strangest thing of all is when i log into skype i can still chat and message people in there and the network says i have internet access however its always the same server not found error message in mozilla and IE Id appreciate any help im a bit of a beginner with all this but just tell me what other info youll need cheers nbsp

https://forums.techguy.org/threads/sudden-no-internet-access-after-alot-of-bad-malware.964379/
Relevancy 46.44%

First off this is my parents computer and it was only until McAfee was not renewed or replaced with avast or an equivalent that this happened but the actual problem is pretty serious and beyond me When I boot the computer which is help malware/spyware infection. appreciated. Sudden Any a standard XP Home OS with the service pack the desktop is all white with a Sudden malware/spyware infection. Any help appreciated. warning message built in that says quot Warning Spyware detected on your computer quot with some smaller print underneath I can type that as well if Sudden malware/spyware infection. Any help appreciated. you need that Then a window titled opens There is also a warning message on the toolbar that says quot svchost exe - Corrupt file quot When I attempted to open IE for the first time all sorts of pornographic pop-ups immediately jumped up everywhere but even then I was unable to manipulate it at all I can boot it fine in safe mode but apparently the spyware or virus deleted all of the system restore points before the infection Here is the HJT log I am not sure what can be determined by it but any help would be appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network support Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C PROGRA McAfee MSC mcmscsvc exe C Program Files McAfee MPF MPFSrv exe C PROGRA McAfee com Agent mcagent exe C WINDOWS Explorer EXE c PROGRA mcafee msc mcuimgr exe C WINDOWS system ctfmon exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system verclsid exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main First Home Page http www dell com O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO BhoApp Class - A AFD - D -E -D - F F BBC D - C Program Files altcmd altcmd dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - B D A-CA - D - C - D C D - C AntivirAsistant dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dll file missing O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dll O - Toolbar no name - C A B - A D- FA -B AD- E F AA C - no file O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run IAAnot... Read more

https://forums.techguy.org/threads/sudden-malware-spyware-infection-any-help-appreciated.746659/
Relevancy 46.44%

Hi I ve - feeling I malware its Sudden a Slowness have General received great support here in the past so I have a really good feeling that someone is going to be able to help me now as well I can t say for sure that I m infected with anything but I have a feeling this is some sort of virus or other form of malware I m running XP Pro Intel Core Duo GB RAM but Sudden General Slowness - I have a feeling its malware at the moment I am posting this through Ubuntu dual boot since XP is having a hard time booting My computer is verrrry slow sometimes it boots sometimes it doesn t Sometimes I get the login screen and after logging in it just freezes When it boots and logs in it just performs very slowly Also I often get messages saying quot Eset Service has encountered a problem and needs to close quot This is the main reason I m thinking this is malware I usually scan everything I download before opening it including program setup files Last programs I remember downloading installing recently are an update to VLC and TaggedFrog a program that lets me tag files on XP I m not saying one of them caused this but I m not ruling it out either I ended up uninstalling ESET NOD v in order to install NOD v The reason I hadn t updated up til today is because I had used v before didn t like it it slowed down my PC much more than v which is the reason I loved v more than all other antivirus programs Currently XP has no antivirus installed since everything got slower around the time I wanted to install it I even started getting some Windows Installer errors I guess if I rebooted a few times I could get into XP again but if there are any tests I can run through Ubuntu on the XP hard drives that would probably be best Thanks for any help I really appreciate the time and effort Also I d just like to point out that I consider myself generally safe and aware so I really can t explain how anything might have gotten into my system It just so happens really coincidental I had gotten infected with malware a few months back which RPMcMurphy a member on TechGuy helped me out with Before that I hadn t had any case of virus nor malware on this PC and I ve had this computer for nearly years Thanks in advance to anyone who can lend a hand nbsp

https://forums.techguy.org/threads/sudden-general-slowness-i-have-a-feeling-its-malware.972014/
Relevancy 46.44%

The touchscreen on my laptop works for the most part like a mouse would, except that it does not actually register that the 'mouse button' is 'down' until the 'click' is released (that is, you lift your finger or move it). Are there any drivers that would allow me to send a 'mousedown' event as soon as the screen is touched?
 
Thanks.

http://www.bleepingcomputer.com/forums/t/523977/registering-click-on-onset-of-touch-on-touchscreen-win8-laptop/
Relevancy 46.44%

I have moved this post as I believe this is more a compound program related caused by an attack Please read the post below as well Since while I am posting this I am going to run a full back up of my bad laptop s drive with Corbian and then go into safemode run a scandisk then a degfrag per the instructions from the quot Slow Computer quot post Then I will report back to any replies from you if this is not processes, & rapid finding nothing programs AV onset sluggishness, suspicious SP of the right thing to do and I see a response from you all I will follow any instructions I am no pc expert but I am a quick learner THANK YOU for any help you can lend me quot EDIT I have been able to suspend the update process even though it was frozen anyways and the update manager from control panel does not show me updating anything I suspended the process trustedinstaller exe while in the suspicious processes, rapid onset of sluggishness, SP & AV programs finding nothing resource manager I am aware this is usually a Microsoft process but yea I am just suspicious this time APOLOGIES if I am in the wrong section Hi all IN SHORT window update installer frozen suspicious processes, rapid onset of sluggishness, SP & AV programs finding nothing amp not responding to kill start commands general system sluggishness amp low responsiveness even after scans from malwarebytes symantech found nothing and I cleaned up with CCleaner Also when I am connected to the internet via suspicious processes, rapid onset of sluggishness, SP & AV programs finding nothing my home connection even when I have no software operating that utilizes the net I am seeing quite a few hosts and copies of svchost running in the network window of the resource monitor Also now just recently in the past day or so the time it takes to shut the pc down or go to sleep and reboot and awake has increased by a factor of or more So since I am not sure exactly what is going on I am new yes I skimmed the new user area I thought I would start with the first issue Note specs Windows Ultimate bit So the other day I decided to go ahead and let my update installer install a few things firefox had been sluggish for a few days before this and I said ok you can install this update for this office service pack and this other security update don t have actual names as I cannot get into the update manager right now And now I am here on the site I would try another reset but it hasent helped at all to resolve the issue Issue as state at top of topic also in the past few days I have experience a few pc crashes to a black screen with one smallish white block in the top left odd this is outside of a system crash I experienced while I was playing mass effect sort of expected a crash or two from that game legally purchased via Steam I am a fast learner and well I need some help sorting out why my laptop has decided to fritz on me and leave me no clues Thank you for reading Best Regards quot

A:suspicious processes, rapid onset of sluggishness, SP & AV programs finding nothing

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/414250/suspicious-processes-rapid-onset-of-sluggishness-sp-av-programs-finding-nothing/
Relevancy 46.01%

I have been horribly infected with a spread of nasty items - cannot free myself Here is the report dialer/toobar/malware/hijack! Sudden simultaneous - should I throw this pc away Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe Sudden simultaneous dialer/toobar/malware/hijack! C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Common Files Microsoft Shared Sudden simultaneous dialer/toobar/malware/hijack! VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C PROGRA Grisoft AVGFRE avgcc exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS system rundll exe C Program Files Microsoft IntelliPoint point exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Program Files QuickTime qttask exe C WINDOWS system rundll exe C Program Files Grisoft AVG Anti-Spyware avgas exe C WINDOWS system ctfmon exe C Program Files Chameleon Clock ChamClock exe C Program Files Skype Phone Skype exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Sony Handheld HOTSYNC EXE C Program Files SpamPal spampal exe C Program Files Trillian trillian exe C Program Files Internet Explorer IEXPLORE EXE C HJT HijackThis exe R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run PCSuiteTrayApplication C PROGRA Nokia NOKIAP LAUNCH EXE -startup O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run rjqayoj dll C WINDOWS system rundll exe C WINDOWS system rjqayoj dll dkasecf O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run HomeAlarm C Program Files Chameleon Clock ChamClock exe O - HKCU Run NBJ quot C Program Files Ahead Nero BackItUp NBJ exe quot O - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimized O - Startup SpamPal lnk C Program Files SpamPal spampal exe O - Startup Trillian lnk C Program Files Trillian trillian exe O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup AutoCAD Startup Accelerator lnk C Program Files Common Files Autodesk Shared acstart exe O - Global Startup BTTray lnk O - Global Startup HotSync Manager lnk C Program Files Sony Handheld HOTSYNC EXE O - Extra context menu item amp ieSpell Options - res C Program Files ieSpell iespell dll SPELLOPTION HTM O - Extra context menu item Check amp Spelling - res C Program Files ieSpell iespell dll SPELLCHECK HTM O - Extra context menu item Clear Fields - file C Program Files Siber Systems AI RoboForm RoboFormComClearFields html O... Read more

A:Sudden simultaneous dialer/toobar/malware/hijack!

I also notice when I log in to WindowsXP I get a Blue Screen with no Icons or bar and I have to use Ctrl-Alt-Delete to log off.

The next log in is normal with the various pop-ups...
Can anyone help??

Cheers!
 

https://forums.techguy.org/threads/sudden-simultaneous-dialer-toobar-malware-hijack.511421/
Relevancy 45.58%

I ve been dealing w computer problems the last few months It seemed to start w a virus or malware I m not very savvy about the difference that redirected my internet browser I noticed that web addresses kept coming up w quot gogoogle quot and every time I tried to investigate my computer would keep redirecting me to often times adult websites I researched this using my BlackBerry and found instructions to fix the quot gogoogle quot problem I thought everything was fixed but not for long even though the gogoogle problem has not gone a sudden. is my stuff all apps All and Office of of Virus? Windows Malware? come back My internet explorer often shuts down randomly - but probably most often when I m going from one link to another Then a bunch of my apps were gone and I no longer have my MS Office no Word PPT Outlook just WordPad NotePad I had to download some things again like Adobe Reader My son also says that our DVDs are no longer playable It seems like we had no computer problems until the last few months since I started using Facebook and iGoogle I noticed a window open that said quot HotKey quot which I didn t install So I have two issues What is causing this virus malware how do I get rid of Virus? Malware? All of my apps and Windows Office stuff is gone all of a sudden. it and How do I get my MS Office and other apps back w o wiping out the current docs ppts and other things already saved on my computer do I need to back them up first LOG Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP Virus? Malware? All of my apps and Windows Office stuff is gone all of a sudden. SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati Virus? Malware? All of my apps and Windows Office stuff is gone all of a sudden. evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system svchost exe C Documents and Settings All Users Application Data Wyyo wyyo exe C WINDOWS system dllhost exe C Program Files iPod bin iPodService exe C Program Files Wyyo wyyo exe C WINDOWS system winlogon exe C WINDOWS system Ati evxx exe C Program Files Wyyo wyyo exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Windows NT Accessories wordpad exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C WINDOWS system taskmgr exe C Program Files Adobe Reader Reader AcroRd exe C Program Files Common Files Adobe Updater Adobe Updater exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Comcast R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook NetAssistantBHO Class - E FA E-F A- -ABF - C E C A - C Program Files My Freeze com NetAssistant NetAssistant dll O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C P... Read more

https://forums.techguy.org/threads/virus-malware-all-of-my-apps-and-windows-office-stuff-is-gone-all-of-a-sudden.809162/
Relevancy 45.15%

Hi all, first time poster, hoping someone can help me out.
So on 10/2/13 I had downloaded a file and my AVG antivirus came up saying it had detected and deleted an svchost.exe clone and a cmd.exe clone.
Regardless of this, I am worried my actual svchost.exe has been compromised, as even when idle, the usage continues to rise well past 400mb.
I'd like to know if anyone can help diagnose and resolve this issue, I currently have malwarebytes installed, but it comes up clean, as does AVG and TDSSkiller.
Thanks in advance,
Mitchell
P.S. I am running Win 7 64 bit, and when booted in safe mode, no instances of svchost.exe rise above 12mb
(See image for AVG report)

A:Sudden high svchost.exe usage, antivirus detected and removed malware

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.===================================================ESET Online Scanner--------------------I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normalHold down Control and click on this link to open ESET OnlineScan in a new window.Click the   button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:

Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsCopy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.Click the Back button.Click the Finish button.===================================================Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. TDSSKiller logaswMBR logESET results 

http://www.bleepingcomputer.com/forums/t/484985/sudden-high-svchostexe-usage-antivirus-detected-and-removed-malware/
Relevancy 44.72%

Recently Sygate Personal Firewall came up with a message asking to allow a site that came out of nowhere not thinking I allowed it to open and here's the kicker I clicked the quot remember my choice quot button Now that makes me feel stupid I'd looked into the log for Sygate but couldn't figure out what was what to block things about an hour later I decide to do a random scan with Xoftspy and found objects I didn't get the names down and after that I did a scan with Spybot S amp D which came up with about objects got rid of them didn't get names They seem to be registry objects that are meant to stop me from using Windows updates they are Adware and come up as Severe Risk a replication of a Sygate scan will be included at the bottom the scan having taken place after a reboot of this PC I reset Sygate's security settings back to default everything blocked needing permission There are programs and sites that ask for access out of nowhere and have odd names I deny access One thing I should mention is I can't boot up into Safe Mode something I gave up on after my last Repair Install of Windows XP Pro when I try to I get to the Windows login screen and then after a few seconds it automatically restarts boots Everything has worked find in normal mode though I've always worried about my computer becoming infected and the only cure 4 steps by Sudden of surge 5 done. updates?) of Xoftspy. (anti-windows found Malware requiring me to be able to enter safe mode Also when I try and get Windows updates now I can't get past the quot Checking for the latest updates for your computer quot Sudden surge of Malware (anti-windows updates?) found by Xoftspy. 4 of 5 steps done. screen Edit An error comes up if I allow the page to load times Sudden surge of Malware (anti-windows updates?) found by Xoftspy. 4 of 5 steps done. out I guess quot The website has encountered a problem and cannot display the page you are trying to view The options provided below might help you solve the problem quot ----------------------- Xoftspy log replication - Vendor - Type - Category - Object - Danger - Windows Update Features Disabled - Registry Value - Adware - software policies microsoft windows windowsupdate donotallowxpsp - Severe Risk - Default Windows Settings - Registry Value Changed - Adware - software microsoft ole enabledcom n N - Severe Risk - Default Windows Settings - Registry Value Changed - Adware - system currentcontrolset control waittokillservicetimeout - Severe Risk - Windows Update Features Disabled - Registry Value Changed - Adware - software microsoft security center updatesdisablenotify - Severe Risk - Windows Update Features Disabled - Registry Value Changed - Adware - software microsoft windows currentversion windowupdate auto update auoption - severe Risk ----------------------------- STEP complete Ad-aware found nothing Spybot finds some objects but they reappear every scan CWShredder found nothing ----------------------------- STEP complete Used TrendMicro Housecall and eTrust Antivirus Web Scanner Niether one found anything ----------------------------- STEP removals one found Viewpoint Media Player - uninstalled ----------------------------- STEP removals none found ----------------------------- SETP Windows updates Can't seem to update hangs at quot Checking for latest updates for your compter quot screen Edit Waited for loading and this message comes up quot The website has encountered a problem and cannot display the page you are trying to view The options provided below might help you solve the problem quot Final Note I'm guessing you'll ask me to try and fix the windows updates first so I'm not posting a HJT log yet to make sure you understand what I'm refering to Note There are some infections that may prevent you from updating your Operating System In these cases please make sure you tell the analyst this on your first post They will provide a quot General quot fix and try to fix that option first Found at http www techsupportf... Read more

A:Sudden surge of Malware (anti-windows updates?) found by Xoftspy. 4 of 5 steps done.

I forgot to add this to my last post, this is all the potentially useful information Avast gave during some of the various times that I'd rebooted this PC (and then logging in). You'll notice that only two viruses would appear each boot.

~~~~~~~
#1

avast! Warning

a Trojan Horse Was Found!

There is no reason to panic, though, Try to follow the given advice and links.

File name: C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\1QIV2FAZ\drsmartload[1].exe

Malware name: Win32:Agent-QJ [Trj]

Malware type: Trojan Horse

VPS version: Win32:Agent-QJ [Trj]

Recommended action: Move to chest


~~~~~~~
#2


avast! Warning

a Trojan Horse Was Found!

There is no reason to panic, though, Try to follow the given advice and links.

File name: C:\drsmartload1.exe

Malware name: Win32:Agent-QJ [Trj]

Malware type: Trojan Horse

VPS version: 0625-7, 06/23/2006

~~~~~~~
#3 (after reboot 1)

File name: C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\FVW6Y26D\drsmartload[1].exe

Malware name: Win32:Agent-QJ [Trj]

Malware type: Trojan Horse

VPS version: 0625-7, 06/23/2006

~~~~~~~
#4 Exact repeat of #2

~~~~~~~
#5 (after reboot 2) almost the same as #3

File name: C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\W9ABCD2R\drsmartload[1].exe

Malware name: Win32:Agent-QJ [Trj]

Malware type: Trojan Horse

VPS version: 0625-7, 06/23/2006

~~~~~~~
#6 (another) Exact repeat of #2

~~~~~~~
#7 (after reboot 3) almost the same as #3 and #5

File name: C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\O123GTIJ\drsmartload[1].exe

Malware name: Win32:Agent-QJ [Trj]

Malware type: Trojan Horse

VPS version: 0625-7, 06/23/2006

~~~~~~~
#8 (another) Exact repeat of #2

-------------------------------------------------------------
I'm not the only user (can't take every reboot into account).

http://www.techsupportforum.com/forums/f284/sudden-surge-of-malware-anti-windows-updates-found-by-xoftspy-4-of-5-steps-done-105763.html
Relevancy 42.14%

I've been experiencing this quot No Internet Access quot problem since forever on random of "No Internet problem onset Endless Access" my Windows computer When that happens I stop receiving any packets and I'm as good as disconnected while connected It happens like this My wireless connection always goes from normal to quot No internet access quot A yellow exclamation mark at my wireless network connection at random and very frequently like as every secs At best days I can go for hr without getting it But on average it happens every mins Whenever becomes quot No internet access quot I have to run quot Windows Network Diagnostics quot and it will say quot Problem with Wireless adapter or Access Point quot and says it's Endless random onset of "No Internet Access" problem fixed But the cycle continues non-stop Everytime it happens I'd have to disconnect and reconnect Endless random onset of "No Internet Access" problem it manually It's annoying as shit I'm using Aztech HW - G as my router The stats of the router is as of below G Mobile Broadband - HW - G DW n WLAN PCIe Card as my inbuilt wireless adapter My Iphone s ISO is having the exact same problem Because I noticed that my wireless doesn't work Endless random onset of "No Internet Access" problem at all especially when I leave my phone connected to the router after long hours And have to manually disconnect and reconnect for it to work After upgrading to ISO my wireless connection totally doesn't work at all even though I'm connected However My router works fine with my old vista amp windows XP computers as well as Samsung S phones My wireless adapter works fine connecting to my iphone's G Hotspot Right now I need to know how to solve this or at least know whether the problem lies with my wireless adapter or router so that I can get it changed Please let me know if there's any information I should provide or that I've missed out Below is the diagnostics test Diagnostics Information Wireless Connectivity Details about wireless connectivity diagnosis Information for connection being diagnosed Interface GUID b - a - d- b -cd ae b Interface name DW n WLAN PCIe Card Interface type Native WiFi Connection incident diagnosed Auto Configuration ID Connection ID Connection status summary Connection started at - - - Profile match Success Pre-Association Success Association Success Security and Authentication Success List of visible access point s item s total item s displayed BSSID BSS Type PHY Signal dB Chnl freq SSID ------------------------------------------------------------------------- - - - F-B -D Infra lt unknown gt - Kira -EA- A-E - C-D Infra lt unknown gt - lkhLKMlkt - -D -C - D- C Infra lt unknown gt - pandora Connection History Information for Auto Configuration ID List of visible networks item s total item s displayed BSS Type PHY Security Signal RSSI Compatible SSID ------------------------------------------------------------------------------ Infra lt unknown gt Yes Yes Kira Infra lt unknown gt Yes Yes lkhLKMlkt Infra lt unknown gt Yes Yes pandora List of preferred networks item s Profile Kai SSID Kai SSID length Connection mode Infra Security Yes Set by group policy No Connect even if network is not broadcasting No Connectable No Reason x Profile Kira SSID Kira SSID length Connection mode Infra Security Yes Set by group policy No Connect even if network is not broadcasting No Connectable No Reason x Information for Connection ID Connection started at - - - Auto Configuration ID Profile Kira SSID Kira SSID length Connection mode Infra Security Yes Pre-Association and Association Connectivity settings provided by hardware manufacturer IHV No Security settings provided by hardware manufacturer IHV No Profile matches network requirements Success Pre-association status Success Association status Success Last AP - - - f-b -d Security and Authentication Configured security type WPA-PSK Configured encryption type TKIP X protocol No Key e... Read more

A:Endless random onset of "No Internet Access" problem

You are going to want to change the wireless Security to WPA2 rather than WEP, you will also want to use AES encryption.

If you can post the ipconfig/all it would also be helpful.

http://www.sevenforums.com/network-sharing/274592-endless-random-onset-no-internet-access-problem.html
Relevancy 38.27%

Hi I just adopted a used computer and much to my dissapointment it came infested with problems Thus I would appreciate any help The symptoms up Need help--pop infestation Pop ups to webpages will occur every few minutes or so--these pages lead to nothing--it says page not found and the URL is something very longish I ran a few virus scans that were recommended from this site I also ran Ad aware and spybot in safe mode After that here is my HJT log Logfile of HijackThis v Scan saved at AM on Platform Windows XP WinNT MSIE Internet Explorer v Running processes G WINDOWS System smss exe G WINDOWS system winlogon exe G WINDOWS system services exe Need help--pop up infestation G WINDOWS system lsass exe G WINDOWS system svchost exe G WINDOWS System svchost exe G WINDOWS system spoolsv exe G WINDOWS System nvsvc exe G WINDOWS Explorer EXE G WINDOWS System wpabaln exe G Program Files Internet Explorer iexplore exe C hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www techsupportforum com O - DPF E E - AF- - C -A ADCBF BD HouseCall Control - http housecall trendmicro com housecall xscan cab O - DPF B BFD- E - -B AF- A B EA WScanCtl Class - http www ca com securityadvisor v fo webscan cab O - Need help--pop up infestation DPF Need help--pop up infestation A A - DA - DAF-B - F E E ActiveScan Installer Class - http acs pandasoftware com actives ree asinst cab O - Winlogon Notify IPConfTSP - G WINDOWS system m rmlg dll O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - G WINDOWS System nvsvc exe

A:Need help--pop up infestation

Your log looks suspiciously barren. If you had disabled any startup entry using msconfig, please re-enable them & post a new log.

http://www.techsupportforum.com/forums/f100/need-help-pop-up-infestation-74999.html
Relevancy 38.27%

Hi there. I'm back with a problem. My daughter's computer has definitely been infested with something, because the pop-ups are popping up like crazy. The latest version of HijackThis I have is 1.98.0.2. Should I run this one and post results here?

Thanks.

Honna

A:pop up infestation

The latest version, released early last year is ver 1.99.1. You may download it from here

http://www.techsupportforum.com/forums/f284/pop-up-infestation-101197.html
Relevancy 38.27%

Hello everyoneYou've hepled me in the past and despite doing all my previous Infestation Axe Spy fixes ccleaner spybot adaware etc I still have these issues with spyaxe securityindex net and onlinesecuritytest net Can you help- my new business epends on it-Thanks in advanceDaveLogfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Spy Axe Infestation Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC Program Files ewido security suite ewidoctrl exeC Program Files Kerio Personal Firewall kpf ss exeC WINDOWS System RioMSC exeC WINDOWS System svchost exeC Program Files Kerio Personal Firewall kpf gui exeC WINDOWS Explorer EXEC Program Files Kerio Personal Firewall kpf gui exeC WINDOWS System mssearchnet exeC WINDOWS System nvctrl exeC Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exeC Program Files McAfee com Agent mcagent exeC WINDOWS BCMSMMSG exeC WINDOWS System hkcmd exeC Program Files Logitech Video LogiTray exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS System LVComS exeC Program Files Picasa PicasaMediaDetector exeC Program Files Support com bin tgcmd exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC Program Files Yahoo Messenger ypager exeC Program Files MSN Messenger MsnMsgr ExeC Program Files SpywareGuard sgmain exeC Program Files SpywareGuard sgbhp exeC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings Owner Desktop hijackthis sfx exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page res mshp dll sp html R - HKLM Software Microsoft Internet Explorer Main Start Page R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride searchap untd com localhost windowsupdate microsoft com windowsupdate com wustat windows com pogo com test-speed com liveupdate symantecliveupdate com symantec com nai com networkassociates com lt local gt O - BHO HomepageBHO - e b e- f - b- cf- a fbf f bc - C WINDOWS System hp BD tmpO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dllO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - HKLM Run MMTray C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exeO - HKLM Run MCAgentExe C Program Files McAfee com Agent mcagent exeO - HKLM Run MCUpdateExe C PROGRA McAfee com Agent mcupdate exeO - HKLM Run BCMSMMSG BCMSMMSG exeO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exeO - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exeO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run LifeScape Media Detector C Program Files Picasa PicasaMediaDetector exeO - HKLM Run tgcmd quot C Program Files Support com bin tgcmd exe quot server startmonitor deafO - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exeO - HKLM Run SpyAxe C Program Files SpyAxe spyaxe exe hO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run Yahoo Pager C Program Files Yahoo Messenger ypager exe -quietO - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot backgroundO - Startup SpywareGuard lnk... Read more

A:Spy Axe Infestation

Hi and My name is David Download the SpyAxeFix.exe here:http://noahdfear.geekstogo.com/SpyAxeFix.exeSave it to your desktop. Close all other programs and windows. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will disappear, and your computer will restart when the tool completes. A text file will be created in the SpyAxeFix folder. Post it's contents and a new Hijack This log in your thread here:________________ Click here to download smitRem.zip. Save the file to your desktop. Unzip smitRem.zip to extract the files it contains. Do not do anything with it yet. You will run the RunThis.bat file later in safe mode. Download Cleanup from Here A window will open and choose SAVE, then DESKTOP as the destination. On your Desktop, click on Cleanup40.exe icon. Then, click RUN and place a checkmark beside "I Agree" Then click NEXT followed by START and OK. A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality. Click OK DO NOT RUN IT YET Download the trial version of Ewido Security Suite here.Install ewido.During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewidoIt will prompt you to update click the OK button and it will go to the main screenOn the left side of the main screen click updateClick on Start and let it update.DO NOT run a scan yet. You will do that later in safe mode. Click here for info on how to boot to safe mode if you don't already know how. Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. Restart your computer into safe mode now. Perform the following steps in safe mode: Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish. Run Ewido:Click on scannerClick Complete System Scan and the scan will begin.During the scan it will prompt you to clean files, click OKWhen the scan is finished, look at the bottom of the screen and click the Save report button.Save the report to your desktop Start Ccleaner and click Run Cleaner Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.Restart back into Windows normally now. Run ActiveScan online virus scan here When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.- Save the results from the scan!Post a new HiJackThis log along with the results from ActiveScan and the ewido scanDavid

http://www.bleepingcomputer.com/forums/t/36704/spy-axe-infestation/