Windows Support Forum

Trojan-cookies tracker-blue screen

Q: Trojan-cookies tracker-blue screen

Hello please disregard or delete my tracker-blue screen Trojan-cookies previous post as I don't think I followed your procedures correctly as I posted from work and was rushing I am experiencing vista blue screen which Trojan-cookies tracker-blue screen I guess is from downloading Photoshop not the one that's installed now though through LIMEWIRE now uninstalled and possibly accepting an end user agreement by accident called 'netnucleus' which I think transferred a TROJAN I ran Mcafee and it picked this trojan up and I deleted it but forgot the name of the trojan Ran mcafee again and it said clean Still blue screened Ran Windows Defender and it said clean still blue screened so I ran dumpchk on the minidump with debugging tools and it gave me probably caused by Mpfp sys Mpfp seems to be a mcafee driver as in - c pograms mcafee FWdriver Mpfp sys amp in - drivers c windows system I uninstalled Mcafee Still blue screened Ran debugging tool dumpchk on the new minidump file and it gave me probably caused by ntoskrnl exe nt e b Which I have been advised is a legitimate program I then downloaded SPYBOT and it picked up 'webtrends' a cookie collecting application removed ran Spybot and said clean Still blue screened System does seem to be alot more stable but still blue screens now and then PLEASE HELP I have attached the correct zip files now and here's the DDS log DDS Ver - - - NTFSx Run by Dan at on Internet Explorer Microsoft Windows Vista Home Premium GMT SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system agrsmsvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files Intel WiFi bin EvtEng exe C Program Files Common Files LightScribe LSSrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files CyberLink Shared Files RichVideo exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows system taskeng exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Samsung Easy Display Manager dmhkcore exe C Windows system taskeng exe C Windows System igfxpers exe C Windows RtHDVCpl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files SAMSUNG EasySpeedUpManager EasySpeedUpManager exe C Program Files Samsung Samsung Magic Doctor MagicDoctorKbdHk exe C Program Files Samsung EBM EasyBatteryMgr exe C Windows system igfxext exe C Windows system igfxsrvc exe C Program Files iPod bin iPodService exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Mobile Broadband Connect AutoUpdateSrv exe C Users Dan AppData Local Google Chrome Application chrome exe C Windows TEMP xktvuldwto exe C Windows system UI Detect exe C Windows system wuauclt exe C Users Dan AppData Local Google Chrome Application chrome exe C Users Dan Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page uSearch Bar Preserve uStart Page hxxp www google co uk uDefault Page URL hxxp www samsungcomputer com mStart Page hxxp www samsungcomputer com mDefault Page URL hxxp www samsungcomputer com BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll mRun IgfxTray c windows system igfxtray exe mRun Persistence c windows system igfxpers exe mRun RtHDVCpl RtHDVCpl exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun cftmon c windows system lecdi exe mRun HotKeysCmds c windows system hkcmd exe mPolicies-explorer BindDirectlyToPropertySetStorage x mPolicies-system EnableUIADesktopToggle x IE CCA CA-C - ef- - C D F - c program files widcomm bluetooth software btsendto ie htm IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL IE DFB A - F - C -A - CAB FD A - - F - D - - D F - c progra spybot SDHelper dll Trusted Zone nai com vil DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF E E F- F- FB - -AC BF A - hxxp platformdl adobe com NOS getPlusPlus gp cab TCP C C- - AA -BC F- D B B DEB Notify igfxcui - igfxdev dll FIREFOX FF - ProfilePath - c users dan appdata roaming mozilla firefox profiles udom aj default FF - HiddenExtension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation dotnetassistantextension ---- FIREFOX POLICIES ---- c program files mozilla firefox greprefs all js - pref quot media enforce same site origin quot false c program files mozilla firefox greprefs all js - pref quot media cache size quot c program files mozilla firefox greprefs all js - pref quot media ogg enabled quot true c program files mozilla firefox greprefs all js - pref quot media wave enabled quot true c program files mozilla firefox greprefs all js - pref quot media autoplay enabled quot true c program files mozilla firefox greprefs all js - pref quot browser urlbar autocomplete enabled quot true c program files mozilla firefox greprefs all js - pref quot capability policy mailnews wholeText quot quot noAccess quot c program files mozilla firefox greprefs all js - pref quot dom storage default quota quot c program files mozilla firefox greprefs all js - pref quot content sink event probe rate quot c program files mozilla firefox greprefs all js - pref quot network http prompt-temp-redirect quot true c program files mozilla firefox greprefs all js - pref quot layout css dpi quot - c program files mozilla firefox greprefs all js - pref quot layout css devPixelsPerPx quot - c program files mozilla firefox greprefs all js - pref quot gestures enable single finger input quot true c program files mozilla firefox greprefs all js - pref quot dom max chrome script run time quot c program files mozilla firefox greprefs all js - pref quot network tcp sendbuffer quot c program files mozilla firefox greprefs all js - pref quot geo enabled quot true c program files mozilla firefox greprefs security-prefs js - pref quot security remember cert checkbox default setting quot true c program files mozilla firefox defaults pref firefox-branding js - pref quot browser search param yahoo-fr quot quot moz quot c program files mozilla firefox defaults pref firefox-branding js - pref quot browser search param yahoo-fr-cjkt quot quot moz quot c program files mozilla firefox defaults pref firefox js - pref quot extensions blocklist level quot c program files mozilla firefox defaults pref firefox js - pref quot browser urlbar restrict typed quot quot quot c program files mozilla firefox defaults pref firefox js - pref quot browser urlbar default behavior quot c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown history quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown formdata quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown passwords quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown downloads quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown cookies quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown cache quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown sessions quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown offlineApps quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy clearOnShutdown siteSettings quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd history quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd formdata quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd passwords quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd downloads quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd cookies quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd cache quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd sessions quot true c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd offlineApps quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy cpd siteSettings quot false c program files mozilla firefox defaults pref firefox js - pref quot privacy sanitize migrateFx Prefs quot false c program files mozilla firefox defaults pref firefox js - pref quot browser ssl override behavior quot c program files mozilla firefox defaults pref firefox js - pref quot security alternate certificate error page quot quot certerror quot c program files mozilla firefox defaults pref firefox js - pref quot browser privatebrowsing autostart quot false c program files mozilla firefox defaults pref firefox js - pref quot browser privatebrowsing dont prompt on enter quot false c program files mozilla firefox defaults pref firefox js - pref quot geo wifi uri quot quot https www google com loc json quot SERVICES DRIVERS R BcmSqlStartupSvc Business Contact Manager SQL Server Startup Service c program files microsoft small business business contact manager BcmSqlStartupSvc exe - - R KMDFMEMIO SAMSUNG Kernel Driver c windows system drivers KMDFMEMIO sys - - R SBSDWSCService SBSD Security Center Service c program files spybot - search amp destroy SDWinSec exe - - R IntcHdmiAddService Intel R High Definition Audio HDMI c windows system drivers IntcHdmi sys - - R VMC Vimicro Camera Service VMC c windows system drivers vmc sys - - S MSSQL MSSMLBIZ SQL Server MSSMLBIZ c program files microsoft sql server mssql mssql binn sqlservr exe - - Created Last - - lt DIR gt --d----- c programdata - - lt DIR gt --d----- c progra - - lt DIR gt --d----- c program files common files PC Tools - - lt DIR gt --d----- c program files Spyware Doctor - - a------- c windows system msxml dll - - lt DIR gt --d----- c users dan appdata roaming Birdstep Technology - - a------- c windows system drivers mod sys - - a------- c windows system drivers ewusbnet sys - - a------- c windows system drivers ewusbfake sys - - a------- c windows system drivers ewusbmdm sys - - a------- c windows system drivers ewdcsc sys - - a------- c windows Huawei ModemsUninstall exe - - lt DIR gt --d----- c program files Huawei Modems - - lt DIR gt --d----- c program files Mobile Broadband - - lt DIR gt --d----- c users dan appdata roaming AVG - - lt DIR gt --d----- c program files Debugging Tools for Windows x - - lt DIR gt --d----- c windows pss - - lt DIR gt --d----- c program files CCleaner - - lt DIR gt --d----- c programdata Spybot - Search amp Destroy - - lt DIR gt --d----- c program files Spybot - Search amp Destroy - - lt DIR gt --d----- c progra Spybot - Search amp Destroy - - a------- c windows system vsp cln exe - - lt DIR gt --d----- c programdata CyberLink - - a------- c windows system winset ini - - a------- c windows dqsbg exe - - a------- c windows ixddc exe - - lt DIR gt --d----- c program files IEToolbar - - a------- c windows avfe exe - - lt DIR gt a-d----- c programdata TEMP - - lt DIR gt --d----- c users dan WebCam Media - - lt DIR gt --d----- c windows system eu-ES - - lt DIR gt --d----- c windows system ca-ES - - lt DIR gt --d----- c windows system vi-VN - - lt DIR gt --d----- c windows system EventProviders - - a------- c windows system wbem wmiprov dll - - a------- c windows system wbem wbemcore dll - - a------- c windows system wbem fastprox dll - - a------- c windows system wbem repdrvfs dll - - a------- c windows system wbem esscli dll - - a------- c windows system wbem mofd dll - - a------- c windows system wbem wmiutils dll - - a------- c windows system wbem wbemprox dll - - a------- c windows system SmiEngine dll - - a------- c windows system wdscore dll - - a------- c windows system PkgMgr exe - - a------- c windows system drvstore dll - - a------- c windows system GEARAspi dll - - a------- c windows system drivers GEARAspiWDM sys - - lt DIR gt --d----- c program files iPod - - lt DIR gt --d----- c programdata CD F AF-ECFA- -BF -D F DBFF - - lt DIR gt --d----- c program files iTunes - - lt DIR gt --d----- c progra CD F AF-ECFA- -BF -D F DBFF - - lt DIR gt --d----- c program files Bonjour - - lt DIR gt --d----- c programdata Apple Computer - - lt DIR gt --d----- c programdata Apple - - lt DIR gt --d----- c program files Microsoft CAPICOM - - a------- c windows system deploytk dll - - lt DIR gt --d----- c program files MSXML - - lt DIR gt --d----- c program files common files Microsoft Games - - a------- c windows system d dx dll - - lt DIR gt --d----- c users dan Tracing - - lt DIR gt --d----- c program files Microsoft - - lt DIR gt --d----- c program files common files Windows Live - - a------- c windows system netfxperf dll - - a------- c windows system wininet dll - - a------- c windows system ieencode dll - - a------- c windows system mshtml tlb - - a------- c windows system rpcrt dll - - a------- c windows system localspl dll - - a------- c windows system atmfd dll - - a------- c windows system t embed dll - - a------- c windows system fontsub dll - - a------- c windows system atmlib dll - - a------- c windows system lpk dll - - a------- c windows system dciman dll - - a------- c windows system win k sys - - a------- c windows system wucltux dll - - a------- c windows system wudriver dll - - a------- c windows system wuwebv dll - - a------- c windows system wuapp exe - - lt DIR gt --d----- c programdata Birdstep Technology - - lt DIR gt --d----- c progra Birdstep Technology - - lt DIR gt --d----- c programdata LightScribe - - lt DIR gt --d----- c progra LightScribe Find M - - a------- c windows inf infstrng dat - - a------- c windows inf infstor dat - - a------- c windows inf infpub dat - - a------- c windows inf drvindex dat - - a--sh--- c program files desktop ini - - a------- c windows inf perflib perfi dat - - a------- c windows inf perflib perfh dat - - a------- c windows inf perflib perfd dat - - a------- c windows inf perflib perfc dat - - a------- c windows inf perflib perfi dat - - a------- c windows inf perflib perfh dat - - a------- c windows inf perflib perfd dat - - a------- c windows inf perflib perfc dat FINISH SORRY FOR THE PREVIOUS POST THANKS AGAIN

Relevancy 100%
Preferred Solution: Trojan-cookies tracker-blue screen

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Trojan-cookies tracker-blue screen

I just though I'd update this post.

I understand it may push back it being looked at though.

Just ran updated Windows Defender and it found this.


Trojan:Win32/winwebsec

Alert Level: Severe

Category:
Trojan

Description:
This program is dangerous and executes commands from an attacker.

Advice:
Remove this software immediately.

Resources:
file:
C:\Windows\Temp\ xktvuldwto.exe

file:
C:\ProgramData\19214044\19214044.exe



Also this file tried/caused this window pop up...

***********************************************************
interactive secrices dialog detection.

a program can't display a mssage on your desktop.
the program may need information or permission to complete a task.

*show me the message

*remind me in a few minutes


program(s) or device(s) requesting attention...

Message title: Crytical Error!
Program Path: c:\windows\temp\xktvuldwto.exe
received 35th July 2009, 14:01:27
This problem happened because of a partial incopatibility with windows.
please contact the program or device manufacturer(s) for more information.


***********************************************************

The trojan it found is also in the dds log..

xktvuldwto can be found in 'Running Processes' near the bottom.

And

19214044 can be found in 'Created Last 30' at the top.

Which you guys already probably spotted!

Sorry if this update has upset anyone as it may been seen as a bump but i understand that it the older posts that seen to first. I really appreciate what you guys do and hope you can still resolve this as I'm sure my registry has damage.


Thanks all!

http://www.techsupportforum.com/forums/f100/trojan-cookies-tracker-blue-screen-398428.html
Relevancy 72.67%

Hi there A Few days ago i contracted the nasty cool web search adware malware program from a pop-up from the imageavenue website I was using Avast virus scanner of which i am no longer using because it seemed to be letting various trojans in so i ran a scan with AVG and it detected it and removed it However i have began having trouble with tracker cookies Whenever i am browsing online my AVG will pop up on resident shield telling me a tracker cookie attempted to run Such as Adrevolver amp Tacoda I ran a scan with Search Cookies Tracker / Web ad-aware and found an infection in my registry which has now been removed and several infections in my cookies I followed the program and removed them I then ran a search with Spybot which came up clean a virus malware check with AVG and ran a scan with McAfee Stinger as instructed on this site and came up clean I restarted my pc thinking everything was now fine However when i started browsing again the Tracker Cookie warnings were once again poping up I ran a scan with ad-aware and the infections which i had removed were now back I cannot seem to get rid of them and have me really worried Everytime i change my security settings to Web Search / Tracker Cookies block all cookies once a tracker cookie warning pops up it re-sets it to accept all cookies and occasionally i am still receiving pops up which leads me to beleive the adware malware may have not been totally removed from my system Can Anyone please please help i am really loosing sleep over this have never had anything like this happen before Thankyou for Web Search / Tracker Cookies reading Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS RTHDCPL EXEC WINDOWS system CmUCReye exeC Program Files Medion Info Display MdionLCM exeC WINDOWS mHotkey exeC PROGRA COMMON aol ACS AOLacsd exeC WINDOWS CNYHKey exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Common Files AOL ACS AOLDial exeC PROGRA COMMON aol AOLSPY AOLSP Scheduler exeC PROGRA AVG AVG avgfws exeC Program Files Common Files Real Update OB realsched exeC Program Files Bonjour mDNSResponder exeC Program Files Home Cinema PowerCinema Kernel TV CLCapSvc exeC Program Files Home Cinema PowerCinema Kernel CLML NTService CLMLServer exeC Program Files Common Files LightScribe LSSrvc exeC Program Files MySecurityCenter Programs service exeC Program Files Home Cinema PowerDVD PDVDServ exeC WINDOWS system nvsvc exeC Program Files Home Cinema PowerCinema PCMService exeC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exeC Program Files BroadJump Client Foundation CFD exeC PROGRA ntl BROADB SMARTB MotiveSB exeC Program Files Java jre bin jusched exeC Program Files Sony CONNECTAutoUpdate CONNECTScheduler exeC WINDOWS System spool DRIVERS W X E S I H EXEC Program Files iTunes iTunesHelper exeC Program Files Home Cinema PowerCinema Kernel TV CLSched exeC PROGRA AVG AVG avgtray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgam exeC Program Files Sony CONNECTAutoUpdate CONNECTAUTrayApp exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files Common Files Sony Shared GMR GMRMan exeC Program Files ntl broadband medic bin mpbtn exeC PROGRA AVG AVG avgemc exeC PROGRA COMMON X Common x nets exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC PROGRA FREEDO fdm exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www ebay co uk R - HKLM Software Microsoft Internet Explorer Main Default Page... Read more

A:Web Search / Tracker Cookies

Update:

The Exact Programs found by my AVG Were

ADWARE: Generic.IIJ
ADWARE: CoolWebSearch

They are both in my virus vault but still having problems

I have also found NvCPL in my Sytem Configuration Utility

http://www.bleepingcomputer.com/forums/t/178061/web-search-tracker-cookies/
Relevancy 65.36%

What a pain:

Windows XP Professional SP3 - I have a dodgy USB that got damaged, every now and again a little bit of pressure on it, causes BSOD.

THEN all my cookies get wiped!!

How do I stop this happening? No idea what setting is causing this.

http://www.techsupportforum.com/forums/f10/blue-screen-abends-wiping-out-all-my-cookies-493845.html
Relevancy 57.62%

When it comes to technology I have no luck On my week-old computer I opened an extremely innocuous page with an article about a game I found through Google and cmd exe started asking permission to make changes to my computer I had Ad-Aware enabled with the latest definitions so I don t know how it happened but my system restarted without my asking or granting cmd exe permission and when it turned on again I found a tracking trojan named syshost exe nestled in the list of files that run at startup The executable itself was located at Trojan/Virus Windows Please - 7 Syshost.exe Tracker Help on C Windows Installer D - -F - E- B A DE A syshost exe Ad-Aware couldn t remove it but MalwareBytes got rid of that file It s not all gone however Spybot Search amp Destroy found tons of residual files in my registry Internet Explorer which I don t use Direct D etc - fixing or removing them does no good as they come right back I have lost the ability to turn on Windows Firewall Error code x and taskmanager has been bricked Error pcwum dll is missing it won t open at all I am terrified malware not being covered under warranty and don t wish to pay to some hack tech to come fix the problem but I have no idea what to do and little time to get Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help this fixed Computer specs MalwareBytes log HijackThis log DDS txt Attach Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help txt and screenshots of Spybot Scans and Windows Errors are below You people are awesome and I really appreciate anyone who tries to help save me from my plight Please help Tech Support Guy Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Core TM i - CPU GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card Intel R HD Graphics Family - Mb Hard Drives C Total - MB Free - MB D Total - MB Free - MB Motherboard PEGATRON CORPORATION AC Antivirus Lavasoft Ad-Aware Updated and Enabled Malwarebytes Log Malwarebytes Anti-Malware Trial www malwarebytes org Database version v Windows Service Pack x NTFS Internet Explorer Saya SAYA-PC administrator Protection Disabled PM mbam-log- - - - - txt Scan type Quick scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Windows Installer D - -F - E- B A DE A syshost exe Trojan Phex THAGen - gt Quarantined and deleted successfully end HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C Program Files x Hewlett-Packard HP Odometer hpsysdrv exe C Program Files x Spybot - Search amp Destroy SDTray exe C PROGRA AD-AWA AdAware exe C Program Files x Spybot - Search amp Destroy SDWelcome exe C Program Files x Internet Explorer IELowutil exe C Users Saya Downloads SysInfo exe C Windows SysWOW NOTEPAD EXE C Program Files x Mozilla Firefox firefox exe C Users Saya Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com HPDSK R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http g msn com HPDSK R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolb... Read more

A:Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help

Informational bump: my local service center is only open today this week (don't ask me why), and I need the issue fixed long before next Monday, so I will be taking it in one hour.

I know there are a lot of other people in this forum with various issues, and I'd never expect any special treatment just because I'm in a rush, but anyone able to respond within an hour or so to try to help me deal with this issue myself without breaking the bank would have my eternal esteem and gratitude . Otherwise, this thread will probably be closed later.
 

https://forums.techguy.org/threads/syshost-exe-tracker-trojan-virus-on-windows-7-please-help.1067489/
Relevancy 56.76%

Hi, recently i came across a few notices on asking me for permission to access my mouse and screen when i accept buddy request from an online chatgroup web. I'm not sure whether my computer is affected by it but i would like to know how to remove these so as to make sure that my computer is safe. Thanks.

A:Help in removing mouse and screen tracker sent by others

Hello and welcome to TSF.


Quote:




recently i came across a few notices on asking me for permission to access my mouse and screen when i accept buddy request from an online chatgroup web.




You should not allow anybody to access your computer remotely unless you know and trust the person 100%.

If you suspect that they may have infected your computer , we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f100/help-in-removing-mouse-and-screen-tracker-sent-by-others-510807.html
Relevancy 52.89%

- weeks ago XP chrashed and a blue screen appeared with error code STOP x e About a week ago the same thing happened I posted my problem in another topic in the XP forum Two days ago Avast found a trojan named Gaobot in my system volume information folder and moved it to the chest Since the first blue screen I've scaned with Lavasoft Spybot AVG antispyware superantispyware Norton and Kaspersky's web scan None of them found the Gabot trojan or anything else for that matter but Avast's thorough scan mode detected it The next day I scaned with Panda's internet scan but it only found some cookies Could the Gabot trojan be the reason for my blue screens And could I bee infected by anything else as well Looks to me like some trojans like the system volume information folder the last two trojans I've detected have been found by Avast in that folder I've tried to locate the folder so that I can scan that specific folder without runing a full Avast Screen And Trojan Blue scan but I cant find it so can you teel me so that I can search it from time to time Here's my log Hope its clean Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Blue Screen And Trojan XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC Programfiler Fellesfiler Symantec Shared ccProxy exeC Programfiler Fellesfiler Symantec Shared ccSetMgr exeC Programfiler Norton Internet Security ISSVC exeC Programfiler Fellesfiler Symantec Shared SNDSrvc exeC Programfiler Fellesfiler Symantec Shared SPBBC SPBBCSvc exeC Programfiler Fellesfiler Symantec Shared ccEvtMgr exeC Programfiler Lavasoft Ad-Aware aawservice exeC Programfiler Alwil Software Avast aswUpdSv exeC Programfiler Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Programfiler Fellesfiler Symantec Shared ccApp exeC Programfiler CyberLink PowerDVD DVDLauncher exeC Programfiler Adobe Photoshop Album Starter Edition Apps apdproxy exeC Programfiler Java jre bin jusched exeC WINDOWS system Rundll exeC Programfiler Fellesfiler InstallShield UpdateService issch exeC WINDOWS system dla tfswctrl exeC Programfiler BillP Studios WinPatrol winpatrol exeC Programfiler SiteAdvisor SiteAdv exeC Programfiler Dell Photo AIO Printer dlccmon exeC PROGRA ALWILS Avast ashDisp exeC Programfiler iTunes iTunesHelper exeC Programfiler ATI Technologies ATI ACE Core-Static MOM EXEC WINDOWS system ctfmon exeC Programfiler Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Programfiler Creative MediaSource MtdAcqu exeC Programfiler Fellesfiler Apple Mobile Device Support bin AppleMobileDeviceService exeC Programfiler Symantec LiveUpdate ALUSchedulerSvc exeC Programfiler Fellesfiler Nero Lib NMFirstStart exeC Programfiler Grisoft AVG Anti-Spyware guard exeC WINDOWS system CTsvcCDA exeC Programfiler Fellesfiler Nero Lib NMIndexStoreSvr exeC Programfiler Hotspot Shield bin openvpnas exeC Programfiler Fellesfiler LightScribe LSSrvc exeC Programfiler Fellesfiler Microsoft Shared VS DEBUG MDM EXEC Programfiler Norton Internet Security Norton AntiVirus navapsvc exeC Programfiler Nero Nero Nero BackItUp NBService exeC Programfiler SiteAdvisor SAService exeC WINDOWS system svchost exeC Programfiler Fellesfiler Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system dlcccoms exeC Programfiler Fellesfiler Nero Lib NMIndexingService exeC Programfiler ATI Technologies ATI ACE Core-Static ccc exeC Programfiler iPod bin iPodService exeC WINDOWS system wuauclt exeC WINDOWS System svchost exeC Programfiler Messenger msmsgs exeC Programfiler Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com... Read more

A:Blue Screen And Trojan

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

http://www.bleepingcomputer.com/forums/t/134695/blue-screen-and-trojan/
Relevancy 52.46%

Per directions from Boopme in this topic he suggested I create a DDS log and post it here I have a two fold problem First is a blue screen problem on reboot Windows will load get the music and my desktop complete with icons The hour glass will appear and my icons will blink Then after about seconds the Task Bar will turn white my icons will blink and then I get a blue screen Stop C a Fatal System Error the windows login process system and Screen Browser Trojan Blue process terminated unexpectedly with a status Blue Screen and Browser Trojan of xc x x The system has been shutdown If I reboot in Safe Mode and chose Safe Boot with last known good configuration Windows will load but that is the only way it will load Now for the second problem I have a Trojan When I click on links in my browser I am being redirected to various sites Blue Screen and Browser Trojan or I get a Shield saying I might get a virus that one is new today I run a Host file so the site Blue Screen and Browser Trojan yesterday it said Podmena in is being blocked by the Hosts file I have turned off the Host file and it makes no difference I have run Malwarebytes repeatedly and the Trojan still comes back I am wondering if rebooting with the good configuration is causing it Here are the steps I have done some many timesOperating System Windows XP service pack WinPatrol loads on Start Up as well as AVG FreeUsing Mozilla Firefox although I get the same results with IE You can see the Malwarebytes logs in the linked topic above Thank you so much for your time Sandy----------------------------------------------------------DDS logDDS Ver - - - NTFSx Run by Sandy at on Mon Internet Explorer Microsoft Windows XP Home Edition GMT - Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files AVG AVG avgchsvx exeC WINDOWS system spoolsv exeC WINDOWS explorer exeC WINDOWS system ntload exeC WINDOWS stsystra exeC Program Files Dell Media Experience DMXLauncher exeC WINDOWS System DLA DLACTRLW EXEC Program Files BillP Studios WinPatrol winpatrol exeC Program Files Intel Intel Matrix Storage Manager Iaanotif exeC PROGRA AVG AVG avgtray exesvchost exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC WINDOWS system svchost exe -k imgsvcC Program Files Mozilla Firefox firefox exeC Documents and Settings Sandy Desktop dds scr Pseudo HJT Report uLocal Page c windows pchealth helpctr system panels blank htmuStart Page hxxp www google com ig hl en amp source iglkuSearch Page hxxp www google comuSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search htmluDefault Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uDefault Search URL hxxp www google com iemDefault Page URL hxxp www yahoo com mDefault Search URL hxxp us rd yahoo com customize ie defaults su msgr http www yahoo commSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo commLocal Page c windows pchealth helpctr system panels blank htmmStart Page hxxp www yahoo com mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search htmluInternet Connection Wizard ShellNext hxxp www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uSearchAssistant hxxp www google com ieuSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo commSearchAssistant hxxp www google com hws sb dell-usuk-rel en side html channel usmWinlogon SHELL explorer exe c windows system ntload exeBHO D -C F - efb- B - ECA - No FileBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla DLASHX W DL... Read more

A:Blue Screen and Browser Trojan

Hello Sandy HWelcome to BleepingComputer You can run the following in Safe Mode.==========================Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/340499/blue-screen-and-browser-trojan/
Relevancy 52.46%

I'm running XP sp and according to AVG managed to acquire trojan horse generic which had been removed That didn't do the trick as I continue to have browser windows mysteriously screen death plus trojan blue of open to unwanted sites my Windows task bar changes font and my trojan plus blue screen of death wireless connection switches to a different network after a period of time I have downloaded and successfully run dds scr but running gmer scans has resulted in multiple blue screens of death and the error quot trojan plus blue screen of death STOP d uknown Hard Error unknown Hard Error quot each time I tried to run Combofix after disabling my antispyware but it would never start I would be happy to run whatever else will get me help I do not have access to a Windows Install disc or a Boot CD Thank you in advance Here is DDS txt DDS Ver - - - NTFSx Run by Administrator at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system Ati evxx exe C PROGRA AVG AVG avgwdsvc exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files EPSON Projector EPSON USB Display V EMP UDSA exe C WINDOWS system svchost exe -k imgsvc C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS Explorer EXE C Program Files NETGEAR WG Utility WG WLU exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD DVDLauncher exe C PROGRA AVG AVG avgtray exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system rundll exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files NETGEAR WG Configuration Utility WG CFG exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Documents and Settings Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp yahoo com uInternet Settings ProxyOverride local BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat acrobat activex AcroIEHelper dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO AcroIEToolbarHelper Class ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dll BHO Google Gears Helper e fefe -fbf - ae-ba - ca e fb - c program files google google gears internet explorer gears dll TB FireShot e e e- d - ce - a a- dfffe f - c documents and settings administrator application data mozilla firefox profiles w e hcp default extensions b caa- d- a- fe -c d a ba library fsaddin- dll TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe uRun eFax quot c program files efax messenger J GDllCmd exe quot R uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot background uRun D A E -F -C - B - BFF B quot c documents and settings administrator application data miema yvofy exe quot uRun Dlawak rundll exe quot c windows dpscol dll quot Startup mRun ATIModeChange Ati mdxx exe mRun WG WLU c program files netgear wg utility WG WLU exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun DVDLauncher quot c program files cyberlink powerdvd DVDLauncher exe quot mR... Read more

A:trojan plus blue screen of death

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you. Please delete your existing copy of gmer.

Please run this renamed version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

------------------------------------------------------

If you still have trouble, try running gmer again and this time also uncheck Files

------------------------------------------------------

If you still have trouble, Please download Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers and Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close then Yes
Copy the entire contents of the report and paste it in your next reply.
Note: If you get a message 'Rootkit Unhooker has detected parasite inside itself!
It is recommended to remove parasite, okay?', click Okay

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/trojan-plus-blue-screen-of-death-517938.html
Relevancy 52.46%

Blue screen currently showing up on Blue Screen 3 + Trojan Viruses my computer preventing me from use STOP c a fatal system error the windows logon process system process terminated unexpectedly with a status of xc Blue Screen + 3 Trojan Viruses x x the system Blue Screen + 3 Trojan Viruses has been shut down Prior to I had the problem of spyware I downloaded AVG Malwarebytes PC Tools Spyware Doctor RKill Super Anti-Spyware to remove them Most of the problems were removed I experienced programs not working slower browser and my Google links were being redirected Upon downloading of PC Tools Spyware Doctor it informed me that I had Trojan Generic Trojan Bamital and Trojan something AV PC Tools Spyware Doctor also showed Trojan Bamital as being the files winlogon exe and explorer exe both of which I DID NOT remove however I had to uninstall and reinstall all my Adobe products to get them to work again What I did following the scans of PC Tools Spyware Doctor was remove cookies which came back upon startup anyways and then disable certain programs at startup None of this showed any problems as I had restarted once already During this time PC Tools Spyware Doctor found an infection and said to remove it must restart the computer I pressed okay and the above blue screen message appeared after restarting I can t even start using Safe Mode Was PC Tools Spyware Doctor what messed up my computer What can I do now

A:Blue Screen + 3 Trojan Viruses

Hello! I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.As you can see I am still a trainee and that means my work is revised by a coach.Therefore, it will take a bit longer for me to reply.So don't be impatient because I won't leave your case suspended in the air,waiting forever.NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended. I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied. First, I need you to answer to some questions:1.What version of Windows you have installed on your system?2.And do you have the install CD from it ?I will wait for your answer. Elle

http://www.bleepingcomputer.com/forums/t/344985/blue-screen-3-trojan-viruses/
Relevancy 52.46%

I recently downloaden sony vegas quot illegally quot from newsgroups Got myself into much troubles because of it normally i never download programs illegally but i just had to make one small movie didnt want to bother to buy to entire program big mistake i guess I have ran several anti spyware malware programs such as spy doctor free trojan remover they both detected several trojans and said they deleted it my pc crashes quot blue screen quot within seconds since when i booted Trojan, Blue 40 seconds screen within up I CANT - acces system recovery - boot into safe mode quot crashes blue screen as soon as u hit enter quot - acces network quot wont load quot Trojan, Blue screen within 40 seconds - disable everything in msconfig - Trojan, Blue screen within 40 seconds run hitman pro - install anti-virus programs I CAN - acces the internet but when i press i hyperlink it redirects me to some adds etc Basicly i think theres nothing else left then a format C but im hoping on some miracle program that can fix Trojan, Blue screen within 40 seconds it under seconds thanks in advanced with kind regards Quint Spierenburg

A:Trojan, Blue screen within 40 seconds

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f100/trojan-blue-screen-within-40-seconds-419823.html
Relevancy 52.46%

My nod alerts me that i have an OBU trojan threat I always have a blue screen when i reboot I also get warnings that i have missing dll files In display options the desktop and screensaver tabs are also missing I have already removed a rogue antivirus but Trojan OBU and screen blue when reboot the problem remains here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass OBU Trojan and blue screen when reboot exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Nero Nero InCD InCDsrv exe C Program Files Eset nod krn exe C Program Files Sunbelt Software CounterSpy SBCSSvc exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS system svchost exe C Program Files Spyware Doctor pctsTray exe C WINDOWS system wdfmgr exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS SOUNDMAN EXE C Program Files Eset nod kui exe C Program Files Nero Nero InCD NBHGui exe C Program Files Nero Nero InCD InCD exe C Program Files Java jre bin jusched exe C Program Files Google Google Talk googletalk exe C Program Files Common Files Real Update OB realsched exe C Program Files TrojanHunter THGuard exe C Program Files Sunbelt Software CounterSpy SBCSTray exe C Program Files WordWeb wweb exe C Program Files Sunbelt Software CounterSpy CounterSpy exe C Program Files Spyware Doctor pctsGui exe C WINDOWS System alg exe C PROGRA MOZILL FIREFOX EXE C WINDOWS system wbem wmiprvse exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp defaults sb http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp defaults sp http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page www google com ph intl en R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ycomp defaults su http www yahoo com F - REG win ini run quot C Documents and Settings Administrator Application Data Adobe Manager exe quot O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO PDFCreator Toolbar Helper - C C A-EC - DF-AAAD- B AB E - C Program Files PDFCreator Toolbar v PDFCreator Toolbar dll O - Toolbar PDFCreator Toolbar - CF EBE- - A D-AC - D D B - C Program Files PDFCreator Toolbar v PDFCreator Toolbar dll O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICE O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run SecurDisc C Program Files Nero Nero InCD NBHGui exe O - HKLM Run InCD C Program Files Nero Nero InCD InCD exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run googletalk C Program Files Google Google Talk googletalk exe autostart O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run ISTray quot C Program Files Spyware Doctor pctsTray exe quot O - HKLM Run THGuard quot C Program Files TrojanHunter THGuard exe quot O - HKLM Run SBCSTray C Program Files Sunbelt Software CounterSpy SBCSTray... Read more

A:OBU Trojan and blue screen when reboot

I forgot to mention that im running on windows XP
 

https://forums.techguy.org/threads/obu-trojan-and-blue-screen-when-reboot.739835/
Relevancy 52.46%

Hi I'm new to the forums and and would like some help with fixing a problem with my computer I have ran Spybot and am running AVG SB seems to detect and fix things until I restart and I'm back to square one Please help ThanksLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files Common Blue Screen Trojan Infection Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC PROGRA AVG AVG avgfws exeC Trojan Infection Blue Screen Program Files Bonjour mDNSResponder exeC Program Files Dell Bluetooth Software bin btwdins exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC WINDOWS system Ati evxx Trojan Infection Blue Screen exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC PROGRA AVG AVG avgam exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Intel Wireless bin ZCfgSvc exeC PROGRA AVG AVG avgrsx exeC Program Files Intel Wireless Bin ifrmewrk exeC PROGRA AVG AVG avgnsx exeC WINDOWS system rundll exeC Program Files Dell QuickSet QuickSet exeC WINDOWS system dla tfswctrl exeC Program Files iTunes iTunesHelper exeC Program Files Adobe Acrobat Acrobat Acrotray exeC Program Files Hewlett-Packard Toolbox StatusClient StatusClient exeC WINDOWS system lphcl pj e a exeC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files DNA btdna exeC Program Files Hewlett-Packard Toolbox jre bin javaw exeC Program Files iPod bin iPodService exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Program Files Microsoft Office OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local lt local gt O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet WirelessO - HKLM Ru... Read more

A:Trojan Infection Blue Screen

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.Please post back with HijackThis log and Kaspersky report.Regards

http://www.bleepingcomputer.com/forums/t/165460/trojan-infection-blue-screen/
Relevancy 52.46%

Last night while playing poker my laptop displayed the blue screen of death rebooted blue screen screen, win32 trojan blue UMM I disabled all start up and running services in msconfig Re-starting each application one by one t il I find the culprit I ran HJT Log blue screen, win32 trojan below This is where I get a little confused O - DPF BB F - F - EC -BF D- BD C AE a-squared Scanner - http ax emsisoft com asquared cab Google this scanner blue screen, win32 trojan thingy and castlecops tells me it s a legit file How did it get on my pc Dunno Legit ummm Ran all scans ad-aware found quot win trojan downloader quot Where in my log does it tell me that this trojan was on my pc Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes D WINDOWS System smss exe D WINDOWS system winlogon exe D WINDOWS system services exe D WINDOWS system lsass exe D WINDOWS system svchost exe D WINDOWS System svchost exe D WINDOWS Explorer EXE D WINDOWS system spoolsv exe D PROGRA Grisoft AVGFRE avgcc exe D Program blue screen, win32 trojan Files MSN Messenger msnmsgr exe D PROGRA Grisoft AVGFRE avgamsvr exe D PROGRA Grisoft AVGFRE avgupsvc exe D PROGRA Grisoft AVGFRE avgemc exe D WINDOWS System svchost exe D WINDOWS system svchost exe D hjt HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http forum malwareremoval com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - D Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - D Program Files SpywareGuard dlprotect dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - D Program Files Java jre bin ssv dll O - HKLM Run AVG CC quot D PROGRA Grisoft AVGFRE avgcc exe quot STARTUP O - HKCU Run SpySweeper quot D Program Files Webroot Spy Sweeper SpySweeperUI exe quot startintray O - HKCU Run msnmsgr quot D Program Files MSN Messenger msnmsgr exe quot background O - Extra button no name - B E C - FCB- CF-AAA - C - D Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - D Program Files Java jre bin ssv dll O - Extra button UltimateBet - DB -B D- - DA- CBB F BF - D Program Files UltimateBet UltimateBet exe O - Extra Tools menuitem UltimateBet - DB -B D- - DA- CBB F BF - D Program Files UltimateBet UltimateBet exe O - Extra button Yahoo Messenger - E D C E- B F- D -B C - C C - D Program Files Yahoo Messenger YahooMessenger exe O - Extra Tools menuitem Yahoo Messenger - E D C E- B F- D -B C - C C - D Program Files Yahoo Messenger YahooMessenger exe O - DPF BB F - F - EC -BF D- BD C AE a-squared Scanner - http ax emsisoft com asquared cab O - DPF F A AE -A D- D - - C F EF D Hotmail Attachments Control - http by fd bay hotmail msn com activex HMAtchmt ocx O - Protocol livecall - A - C - - F- E F - D PROGRA MSNMES MSGRAP DLL O - Protocol msnim - A - C - - F- E F - D PROGRA MSNMES MSGRAP DLL O - Winlogon Notify WgaLogon - D WINDOWS O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - D PROGRA Grisoft AVGFRE avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - D PROGRA Grisoft AVGFRE avgupsvc exe O - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - D PROGRA Grisoft AVGFRE avgemc exe nbsp

https://forums.techguy.org/threads/blue-screen-win32-trojan.511474/
Relevancy 52.46%

I have a two fold problem First is a blue screen problem on reboot Windows will load get the music and my desktop complete with icons The hour glass will appear and my icons will blink Then after about seconds the Task Bar will turn Trojan Blue Browser and Screen white my icons will blink Blue Screen and Browser Trojan and then I get a blue screen Stop C a Fatal System Error the windows login process system process terminated unexpectedly with a status of xc x x The system has been shutdown If I reboot in Safe Mode and chose Safe Boot with last known good configuration Windows will load Blue Screen and Browser Trojan but that is the only way it will load Now for the second problem I have a Trojan When I click on links in my browser I am being redirected to various sites or I get a Shield saying I might get a virus that one is new today I run a Host file so the site yesterday it said Podmena in is being blocked by the Hosts file I have turned off the Host file and it makes no difference I have run Malwarebytes repeatedly and the Trojan still comes back I am wondering if rebooting with the good configuration is causing it Here are the steps I have done some many times Operating System Windows XP service pack WinPatrol loads on Start Up as well as AVG Free Using Mozilla Firefox although I get the same results with IE Ran ChkDsk Ran Registry First Aid Turned Off System Restore Ran Malwarebytes Full Scan Here are the last logs Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Full scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected C Documents and Settings Sandy ntload dll Trojan Agent - gt Delete on reboot Registry Keys Infected HKEY CURRENT USER Software WinServers Malware Trace - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C Documents and Settings Sandy ntload dll Trojan Agent - gt Delete on reboot C Documents and Settings Sandy rundll exe Heuristics Reserved Word Exploit - gt Quarantined and deleted successfully When this was done I rebooted got the blue screen mentioned above so booted with Safe Mode Good configuration and windows loaded For the first time I was able to click on some sites but after a few minutes I began having the same trouble I am not visiting any malicious sites just my blog and a Yahoo group So I ran Malwarebytes again and sure enough the files are back Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Quick scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected C Documents and Settings Sandy ntload dll Trojan Agent - gt Delete on reboot Registry Keys Infected HKEY CURRENT USER Software WinServers Malware Trace - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C Documents and Settings Sandy ntload dll Trojan Agent - gt Delete on reboot C Documents and Settings Sandy rundll exe Heuristics Reserved Word Exploit - gt Quarantined and deleted successfully Thanks in advance for any help this is so frustrating Sandy

A:Blue Screen and Browser Trojan

Hello ,I am moving this from XP to the Am I Infected forum.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now.

http://www.bleepingcomputer.com/forums/t/340414/blue-screen-and-browser-trojan/
Relevancy 52.46%

Log File - Done everything mentioned in the sticky thanks for any help Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Blue Desktop Screen Trojan Internet Explorer v SP Running processes D WINDOWS System smss exe D WINDOWS system csrss exe D WINDOWS system winlogon exe D WINDOWS system services exe D WINDOWS system lsass exe D WINDOWS system Desktop Blue Screen Trojan svchost exe D WINDOWS System svchost exe D WINDOWS System svchost exe D WINDOWS System svchost exe D WINDOWS system spoolsv exe D WINDOWS System alg exe D WINDOWS System wdfmgr exe C wp exe D WINDOWS EXPLORER EXE C Joel My Documents My Received Files Downloads HijackThis exe R - HKCU Software Microsoft Internet Desktop Blue Screen Trojan Explorer Main Start Page http www google co uk O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - d program files google googletoolbar dll O - Toolbar amp Radio - E - F- D - E- A C - D WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - d program files google googletoolbar dll O - HKLM Run Security iGuard D Program Files Security iGuard Security iGuard exe O - HKCU Run MSMSGS quot D Program Files Messenger msmsgs exe quot background O - HKCU Run MsnMsgr quot D Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run WindowsFY c wp exe O - Startup Shortcut to scam lnk C Joel My Documents scam txt O - Extra context menu item amp Google Search - res D Program Files Google GoogleToolbar dll cmsearch html O - Extra context menu item Backward Links - res D Program Files Google GoogleToolbar dll cmbacklinks html O - Extra context menu item Cached Snapshot of Page - res D Program Files Google GoogleToolbar dll cmcache html O - Extra context menu item Similar Pages - res D Program Files Google GoogleToolbar dll cmsimilar html O - Extra context menu item Translate into English - res D Program Files Google GoogleToolbar dll cmtrans html O - Extra button Messenger - FB F -F - d -BB E- C F - D Program Files Messenger MSMSGS EXE O - Extra 'Tools' menuitem Messenger - FB F -F - d -BB E- C F - D Program Files Messenger MSMSGS EXE O - Extra button Microsoft AntiSpyware helper - F A B - FDF- E -BA - B - no file HKCU O - Extra 'Tools' menuitem Microsoft AntiSpyware helper - F A B - FDF- E -BA - B - no file HKCU O - IERESET INF START PAGE URL http www tesco net O - DPF - - - - - ms-its mhtml file C foo mht http user mstlb chm e exe O - DPF D D - - D -BDCD- C F A B HouseCall Control - http a g akamai net ll xscan cab O - HKLM System CCS Services Tcpip DCEDEE A- BE- - B -A B D NameServer

A:Desktop Blue Screen Trojan

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro-europe.com/ente...all_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoftware.com/products/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\wp.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Security iGuard

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Security iGuard] D:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Startup: Shortcut to scam.lnk = C:\Joel\My Documents\scam.txt
O9 - Extra button: Microsoft AntiSpyware helper - {F62A6B82-5FDF-47E2-BA56-08B605114910} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F62A6B82-5FDF-47E2-BA56-08B605114910} - (no file) (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-its:mhtml:file://C:\foo.mht!http://195.225.176.25/user56/mstlb.chm::/1/e.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\wp.exe
C:\Joel\My Documents\scam.txt - unless you know what it's for
D:\Program Files\Security iGuard\

Reboot into Normal Mode run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.

Can you change your wallpaper?

http://www.techsupportforum.com/forums/f100/desktop-blue-screen-trojan-50308.html
Relevancy 52.46%

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

A:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

http://www.bleepingcomputer.com/forums/t/220056/trojan-trojan-horse-backdoorgeneric11hco-and-tracking-cookies-moved/
Relevancy 52.03%

I have been getting Blue screens ever since i got a trojan and tried to install and uninstall games. This is what I have :

Operating System
MS Windows XP Professional 32-bit SP3
CPU
AMD Athlon II X2 245 37 °C
Regor 45nm Technology
RAM
2.0GB Single-Channel DDR2 @ 400MHz (6-6-6-18)
Motherboard
BIOSTAR Group TA785GE 128M (CPU 1) 42 °C
Graphics
ASUS VH202 ([email protected])
1024MB GeForce 9500 GT (ZOTAC International) 51 °C
Hard Drives
488GB Hitachi Hitachi HDS721050CLA362 (SATA) 34 °C
Optical Drives
HL-DT-ST DVDRAM GH22NS40
Audio
Realtek High Definition Audio


I have run malwarebites and did a clean out with AVG as well as saved the malwarebites log. There are no more infections. I also deleted the game program files and uninstalled all games as well. Updated all drivers too. Havent gotten the bsod yet, but afraid to watch videos, dvd's, play itunes or install games. This computer was supposed to have been made for gaming. Please Help.
 

A:Blue Screen after Trojan and game installs

Oh yea and the games were:

Conflict Denied Ops
Far Cry 1
Sniper Ghost Warrior
 

https://forums.techguy.org/threads/blue-screen-after-trojan-and-game-installs.998816/
Relevancy 52.03%

Hello yesterday while was on desktop i saw an anti-virus been instaled from nothing i had not dowloaded any anti virus either instaled on purpose and received a windows message telling me shut blue trojan/ screen sudden down/ that had found a trojan i imediatly started scan with my avg free edition and suddenly blue screen soon i restarted i runned it again and noticed my desktop had links to porn sites S ofcourse were not created by me and sudenly my computer shows me a message telling that a certain ip as trying to acess my computer then my computer shuted down without blue screen just restarted sudden shut down/ trojan/ blue screen when it came back i unpluged internet cable and runned avg scan without a problem it detected viruses trojans that were deleted right after it i restarted my computer and my computer just didnt passed motherboard image i restarted several times and finnaly worked windows started fine sudden shut down/ trojan/ blue screen i reconnected intenet cable and suddddenly i get a message telling that anther ip was acessing my computer and seconds after it it shuted down and sudden shut down/ trojan/ blue screen when i try to start windows normaly after i put password it gives me a bluescreen and restarts i tryed several times and nothing right now the only way to get back to windows is by safety mode pressing f while computer is still starting but minutes after it it shuts down without blue screen it doesnt matter if the internet cable is pluged or not pls help me and most of it THX FOR YOUR TIME

http://www.techsupportforum.com/forums/f284/sudden-shut-down-trojan-blue-screen-396954.html
Relevancy 52.03%

I think my PC was infected with some Trojan malware - my AV s/w detected a Trojan and said it had successfully removed it. Immediately after that I got a "blue screen of death" . The dump points to runtime.sys. After that I was not able to load to my Win2003 neither in normal nor in a safe mode. The windows load process reaches the very first Windows "splash" logo screen and then jumps back to the very first pre-Windows black screen, and starts all over again.

I was offered by some IT guy to take my HD, move it on a different server as a secondary drive and to run a full MCAffee virus scan on it. I wonder whether that would be sufficient to clean up the disk. If not, what else I can do before start reformatting the drive? ...

Please help !
 

https://forums.techguy.org/threads/blue-screen-of-death-trojan-in-runtime-sys.610269/
Relevancy 52.03%

Hi today a blue screen appeared in my laptop I have tried some help here http www techsupportforum com f ml post Then they said to put the question here DDS Ver - - - NTFSx Run by Rod at on - - Internet Explorer Microsoft Windows Vista Home Premium GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF SP AVG Anti-Virus Free enabled Updated DDD - FF- F- E B- D D possible Virus/Trojan/Spyware screen, blue BF SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C blue screen, possible Virus/Trojan/Spyware Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe blue screen, possible Virus/Trojan/Spyware -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files ASUS ASUS Data Security Manager ADSMSrv exe C Program Files ATK Hotkey ASLDRSrv exe C Program Files ATKGFNEX GFNEXSrv exe C Windows system WLANExt exe C Windows System spoolsv exe C Windows system Dwm exe C Windows system taskeng exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files ASUS ASUS Live Update ALU exe C Windows system taskeng exe C Program Files ATK Hotkey Hcontrol exe C Program Files ATKOSD ATKOSD exe C Program Files Wireless Console wcourier exe C Program Files ASUS Splendid ACMON exe C Program Files P G BatteryLife exe C Windows System ACEngSvr exe C Windows system taskeng exe C Program Files ATK Hotkey ATKOSD exe C Program Files ATK Hotkey KBFiltr exe C Program Files Windows Defender MSASCui exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files ASUS ATK Media DMedia exe C PROGRA AVG AVG avgwdsvc exe C Windows system svchost exe -k bthsvcs C Program Files Intel Wireless Bin EvtEng exe C Windows system OSPPSVC EXE C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Intel Wireless Bin RegSrvc exe C Program Files ASUS NB Probe SPM spmgr exe C Windows system svchost exe -k imgsvc C Windows System StkCSrv exe C PROGRA AVG AVG avgrsx exe C Program Files TeamViewer Version TeamViewer Service exe C PROGRA AVG AVG avgnsx exe C Windows System TUProgSt exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files PowerForPhone PowerForPhone exe C Windows ASScrPro exe C Program Files Java jre bin jusched exe C Program Files AVG AVG avgtray exe C Windows system wbem wmiprvse exe C Windows System rundll exe C Windows System rundll exe C Program Files Microsoft Office Office GROOVEMN EXE C Program Files DAEMON Tools daemon exe C Windows ehome ehtray exe C Program Files Microsoft Office Office OfficeSAS officeSASscheduler exe C Windows ehome ehmsas exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C Windows system conime exe C Program Files Windows Media Player wmplayer exe C Windows explorer exe C Windows System mobsync exe C Windows system DllHost exe C Windows system DllHost exe C Users Rod Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www asus com uDefault Page URL hxxp www asus com mDefault Page URL hxxp www asus com BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c progra micros office GROOVEEX DLL BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin... Read more

http://www.techsupportforum.com/forums/f284/blue-screen-possible-virus-trojan-spyware-404688.html
Relevancy 52.03%

I was on the computer this morning and avg pops up and tells me I have trojan so I click heal and it tells me to restart and I do so Now I have this blue screen thats says Stop error c a fatal system error Trojan help & Flooder screen Blue Horse I logon through safe mode and do a system restore but it doesn t Trojan Horse Flooder & Blue screen help fix the problem I scan with avg and it says winlogon exe is infected So I logon in safe mode run avg and see that the trojan is still there in the vault I empty the vault re-scan and it s back again but avg deletes it I restart and still get the blue screen Scan with avg again and the trojan is back I doing this though safe mode with networking but after a while the internet stops working and I can t print here is my hi-jack log please help me Logfile of HijackThis v Scan saved at PM on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Netscape Netscape Browser netscape exe C Documents and Settings BENSON amp LESLY Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp adbe defaults sb http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp adbe defaults sp http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run NVRaidService C WINDOWS System nvraidservice exe O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run NVRTCLK C WINDOWS System NVRTCLK NVRTClk exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInit O - HKLM Run ezShieldProtector for Px C WINDOWS System ezSP Px exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - Startup RKLauncher lnk C Documents and Settings BENSON amp LESLY Desktop RK Launcher Beta RKLauncher exe O - Extra context menu item Download all by Free Download Manager - file C Program Files Free Download Manager dlall htm O - Extra context menu item Download by Free Download Manager - file C Program Files Free Download Manager dllink htm O - Extra context menu item Download selected by Free Download Manager - file C Program Files Free Download Manager dlselected htm O - Extra context menu item Download web site by Free Download Manager - file C Program Files Free Download Manager dlpage htm O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button PartyPoker com - B FE D - AA - F - C B- A F E - C Program Files PartyGaming PartyPoker RunApp exe O - Extra Tools menuitem PartyPoker com - B FE D - AA - F - C B- A F E - C Program Files PartyGaming PartyPoker RunApp exe O - Extra button Absolute Poker - EFFF D -D - -B -E EC E - C Documents and Settings All Users Start Menu Programs Absolute Poker Absolute Poker lnk O - Extra Tools menuitem Absol... Read more

Relevancy 52.03%

pc s with issues My son s yo none the less system is now a blue screen with the following message (FunWebProducts) PUPS Screen on Blue pc 2nd and Trojan and 1 on Start up Repair Your computer was unable to start Start up is checking your system Blue Screen on 1 pc and Trojan and PUPS on 2nd (FunWebProducts) for problems If problems are found start up repair will fix them automatically Your computer might restart several times during this process No changes will be Blue Screen on 1 pc and Trojan and PUPS on 2nd (FunWebProducts) made to your personal files or information This might take several minutes Attempting repairs Buttons are grayed out except for cancel which does not work Computer hangs and does not restart System is HP Pavillion running Windows Vista Intel Core Quad Processor Q Intel VIIV Processor Technology Blue Screen on 1 pc and Trojan and PUPS on 2nd (FunWebProducts) MB Memory GB Hard drive His pc was redirecting until internet explorer stopped connecting all together Firefox continued to work fine so not an internet connection problem We are running Norton It did not detect any items When he came to me The computer was almost toast I tried to manually update Norton and rescan in safe mode but nothing was found We updated Windows restarted and rescaned with Norton Nothing We turned the computer on one more time and we got the blue screen described above So I was unable to try anything else The nd PC mine was acting strange moving slow a couple weird pop ups I always x d out of them So I figured I was infected too since we are on the same home network Also way too many things running in start up but I m not sure what to get rid of and too many in services too Norton s phishing filter was turned off not by me And in msconfig it was changed to selective startup I got an error when I tried to change back to normal startup After attempts I got it to stick Having trouble opening certain scans sites etc It seems like any try to fix the issue the intelligent virus or whatever disables my attempts Only after doing it several times and while running a few at a time can i get it to open a web page or scan Norton was not detecting anything and was scanning but very slowly - hours I downloaded and ran several other antivirus programs AVG Kasperky SpySweeper etc and online scans Symantec Windows One Care HouseCall that found nothing I then downloaded SpyBot amp Ad-Aware Ad-Aware found several cookies and cleaned them second scan is taking a really long time h m SpyBot seems to be the only thing working SpyBot Search amp Destroy identified cookie DoubleClick - Trojans MyWebSearch a PUP FunWebProducts and an MS Internet Explorer security issue It fixed all of them I rescanned and the FunWebProducts showed up again with a different tag number the entry looked like this - SBI A Configuration File C WINDOWS Downloaded Program Files f initialsetup inf Properties size Properties md D D CD F B E ECF E SpyBot keeps finding this file and fixing it but it won t go away Each time the SBI is different If that means anything This PC is a DELL Vostro Laptop running Windows XP Home Edition Service Pack Intel Core Duo CPU T GHz MHz GB of RAM BTW I only run Norton but I have installed several antivirus programs in the last day or two I understand that running more than one at a time is not good But is it okay to run AVG SpyBot and Adaware at the same time I am through with Norton HJT file Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system acs exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Pro... Read more

https://forums.techguy.org/threads/blue-screen-on-1-pc-and-trojan-and-pups-on-2nd-funwebproducts.855001/
Relevancy 52.03%

this computer is beyond messed up There is a blue screen for the desktop saying that it s trojan-spy html smitfraud c i can t install norton antivirus and i also cannot install S amp D Here s my hijack this log please help me Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C trojan etc of lots blue screen, problems... WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS lots of problems... trojan blue screen, etc wanmpsvc exe C WINDOWS Explorer EXE c windows system xklxmpe exe C Program Files Messenger msmsgs exe C WINDOWS sfita exe C wp exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files Cas Client casclient exe C WINDOWS System nsvsvc nsvsvc exe C WINDOWS System vidctrl vidctrl exe C Program Files aim aim exe C Documents and Settings All Users Start Menu Programs Startup ciin exe C Program Files PrecisionTime PrecisionTime exe C PROGRA eZula mmod exe C Program Files Yahoo browser ybrowser exe C PROGRA Yahoo browser ycommon exe C PROGRA WEBOFF wo exe C Program Files Yahoo browser ybrwicon exe C WINDOWS System wuauclt exe C Program Files Yahoo browser ybrowser exe C DOCUME Laura LOCALS Temp Rar EX HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cus sbcydsl http www yahoo com search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize ie defaults sp sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dsl R - HKCU Software Microsoft Internet Explorer Search SearchAssistant res C WINDOWS oihke dll sp html R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - EE B -F - BB- FB-A BD B A - C Program Files SurfSideKick SskBho dll F - REG system ini Shell Explorer exe C WINDOWS Nail exe O - BHO no name - B E F-EDD - D - - B FEAE A - no file O - Toolbar no name - CDE A D-A - -BF -E B C F EB - no file O - Toolbar no name - C B-CEB - b-B -D A DD - no file O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run SurfSideKick C Program Files SurfSideKick Ssk exe O - HKCU Run Yahoo Pager C Program Files Yahoo Messenger ypager exe -quiet O - HKCU Run b tFRWdtj gsmtract exe O - HKCU Run sf C Program Files sf sf exe O - HKCU Run WindowsFY c wp exe O - HKCU Run NetZero uoltray C Program Files NetZero exec exe regrun O - HKCU Run CAS Client quot C Program Files Cas Client casclient exe quot O - HKCU Run Nsv C WINDOWS System nsvsvc nsvsvc exe O - HKCU Run vidctrl C WINDOWS System vidctrl vidctrl exe O - HKCU Run AIM C Program Files aim aim exe -cnetwait odl O - HKCU Run boo C WINDOWS boo exe O - HKCU Run eZmmod C PROGRA ezula mmod exe O - HKCU Run eZWO C PROGRA Web Offer wo exe O - Global Startup PrecisionTime lnk C Program Files PrecisionTime PrecisionTime exe O - Extra context menu item Yahoo Dictionary - file C Program Files Yahoo Common ycdict htm O - Extra context menu item Yahoo Search - file C Program Files Yahoo Common ycsrch htm O - Extra button Yahoo Login - C- BA - D -BD C- C D - C Program Files Yahoo Common ylogin dll O - Extra Tools menuitem Yahoo Login - C- BA - D -BD C- C D - C Program Files Yahoo Common ylogin dll O - Extra butt... Read more

Relevancy 52.03%

When I load up XP I get various exe Bad image system errors Blue Screens with errors saying things like No Virus/Trojan/Blue Screen [SOLVED] more irp stack locations Bogus Drivers Unexpected kernal trap Maxium waitobjects exceed Systeminternals great site irql not less or equal I can't run DSS because of an error stating DWW exe bad image so here's my hijack log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files ESET ESET NOD Antivirus ekrn exe C WINDOWS [SOLVED] Virus/Trojan/Blue Screen system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS Explorer EXE C WINDOWS BCMSMMSG exe C Program Files Java j re bin jusched exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Dell QuickSet quickset exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C program files tvs tvs b exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Google Google Desktop Search GoogleDesktop exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system lphc aej e l exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system sysrest exe C Program Files DellSupport DSAgnt exe C Program Files Messenger msmsgs exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS system igfxsrvc exe C Program Files Google Google Desktop Search GoogleDesktopIndex exe C Program Files HP Digital Imaging bin hpqSTE exe C WINDOWS System WScript exe C Program Files HP Digital Imaging Product Assistant bin hprblog exe C WINDOWS system wbem wmiapsrv exe C Documents and Settings JACKIE ARREDONDO Desktop hijackthis sfx exe C Documents and Settings JACKIE ARREDONDO Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer SearchURL http www searchonline com sp php R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http bfc myway com search de srchlft html R - HKCU Software Microsoft Internet Explorer Main Start Page http officialhomepage org home html R - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exe O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exe O - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exe O - HKLM Run MMTray quot C Program Files Musicmatch Musicmatch Jukebox mm tray exe quot O - HKLM Run tsvcin C WINDOWS system n EXE O - HKLM Run tvs b C program files tvs tvs b exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run AlfaCleaner C Program Files AlfaCleaner AlfaCleaner exe O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run Google Desktop Search quot C Program Files Google Google Desktop Search GoogleDesktop exe quot startup O - HKLM Run My Web Search Bar rundll C PROGRA MYWEBS bar bin MWSBAR DLL S O - HKLM Run MyWebSearch Email Plugin C PROGRA MYWEBS bar bin mwsoemon exe O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run lphc aej e l C WINDOWS system lphc aej e l exe O - HKLM Run egui quot C Program Files ESET ESET... Read more

Relevancy 52.03%

Less than a week ago I rebuilt my computer and started over with a new Windows bit installation on a new hard drive trojan BLUE win32/olmarik.ajl SCREEN! I apparently downloaded something i shouldn t have and when i double clicked the file the computer crashed to a blue screen that said IRQL NOT LESS OR EQUAL I haven t been able to use that installation since It blue screens as soon as I sign in to Windows I m now logged into my old Windows setup The affected hard drive is still installed as a backup in this computer though I haven t tried anything outside of the ESET scan which can t be completed anyway So now I do not have access to that particular Windows installation so I can t win32/olmarik.ajl trojan BLUE SCREEN! do anything from that one ESET finds a threat win32/olmarik.ajl trojan BLUE SCREEN! and says quot MBR sector of the physical disk Win Olmarik AJL trojan quot and the only action available is quot clean quot When I click finish ESET says quot Object cannot be opened It may be in use by another application or operating system quot Any help will be greatly apprectiated I want this trojan out of my system It s brand new Please ask whatever you need to to help me fix this Here is my dds file DDS Ver - - - NTFSx Run by Justin at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - AV ESET NOD Antivirus Enabled Updated CB F - -BA - E- B A SP ESET NOD Antivirus Enabled Updated E - B-B - E- FF EF B SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes H Windows system wininit exe H Windows system lsm exe H Windows system svchost exe -k DcomLaunch H Windows system nvvsvc exe H Windows system svchost exe -k RPCSS H Windows System svchost exe -k LocalServiceNetworkRestricted H Windows System svchost exe -k LocalSystemNetworkRestricted H Windows system svchost exe -k netsvcs H Windows system svchost exe -k LocalService H Program Files NVIDIA Corporation Display NvXDSync exe H Windows system nvvsvc exe H Windows system WUDFHost exe H Windows system WUDFHost exe H Windows system svchost exe -k NetworkService H Windows System spoolsv exe H Windows system svchost exe -k LocalServiceNoNetwork H Windows system svchost exe -k apphost H Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe H Program Files Bonjour mDNSResponder exe H Program Files WIDCOMM Bluetooth Software btwdins exe H Program Files ESET ESET NOD Antivirus ekrn exe H Windows system svchost exe -k LocalServiceAndNoImpersonation H Windows system svchost exe -k ftpsvc H Program Files NeoSmart Technologies iReboot iRebootd exe H Program Files Kodak AiO Center ekdiscovery exe H Windows system libusbd-nt exe H Program Files Autodesk ds Max mentalray satellite raysat dsmax server exe H Program Files Autodesk ds Max mentalray satellite raysat dsmax server exe H Program Files Motorola MotoHelper MotoHelperService exe H Windows System svchost exe -k HPZ H Windows System svchost exe -k HPZ H Program Files Common Files Seagate Schedule schedul exe H Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe H Program Files NVIDIA Corporation D Vision nvSCPAPISvr exe H Windows system svchost exe -k imgsvc H Windows system svchost exe -k iissvcs H Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE H Program Files Spybot - Search amp Destroy SDWinSec exe H Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe H Windows System svchost exe -k secsvcs H Windows system svchost exe -k NetworkServiceNetworkRestricted H Windows system wbem wmiprvse exe H Windows system taskhost exe H Program Files Motorola MotoHelper MotoHelperAgent exe H Windows system Dwm exe H Windows Explorer EXE H Program Files Seagate DiscWizard DiscWizardMonitor exe H Program Files Seagate DiscWizard TimounterMonitor exe H Program Files ESET ESET NOD Antivirus egui exe H Program Files Common Files Java Java Update jusched exe H Windows System spool drivers w x EKIJ MUI exe H Prog... Read more

A:win32/olmarik.ajl trojan BLUE SCREEN!

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER log Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/382574/win32olmarikajl-trojan-blue-screen/
Relevancy 52.03%

Dell Dimension E Windows XP 0xC000021A Screen Blue trojan + STOP XP Media Center SP and most mid-November Windows Updates I think I use AVG Free but update has been erroring out General Error for some time so the databases are badly out of date My bad - one of many poor decisions in the XP Blue Screen STOP 0xC000021A + trojan past days and I really really do know better On Jan I noticed that some Google searches were getting redirected to random pages and suspected malware I updated and ran CCleaner it had been awhile removed thousands of files freed MB of disk space Windows Defender no errors SpyBot S amp D one error corrected don t recall specifics MalwareBytes a few errors corrected don t rememeber then tried to run Ad-Aware - AVG interfered with it I deactivated AVG and was able to install Ad-Aware from an old installer - it downloaded the latest version and requested a reboot Upon reboot I had to deactivate AVG for the maximum minutes again then the new version of Ad-Aware finished its install updated dbs and started scanning It seems that in the middle of the Ad-Aware scan AVG came back to life and flashed a warning screen indicating approx infections including Trojan horse Patched c KAI in winlogon exe and Virus Win Patched GB in explorer exe - it did indicate that these are system files and should not be moved I was multitasking and clicked one of the options in the AVG window I think I asked it to disinfect bad bad idea That hung the AVG window and caused the Ad-Aware window to stop scanning files Keyboard amp mouse were still responsive and I could access other programs After about minutes of no change I clicked the close X in the AVG window About minute after it notified that the task could not be killed because it was locked paraphrase I didn t write down the exact text then the computer became completely unresponsive Another few minutes wait then hard reset resulting in the first BSOD STOP c a Fatal System Error The Windows Logon Process system process terminated unexpectedly with a astatus of xc x x The system has been shut down Restarting the computer and accessing the f boot menu I was able to get into Safe Mode I was able to run Ad-Aware in Safe Mode but it took hours and found no errors Inexplicably I then ran AVG again - in safe mode it runs in command line mode only It found the same two infections as above as well as ms dll with Generic c AERQ which it moved to the virus vault Hoping that this was enough to get back to Windows I restarted only to get the same STOP I then tried to get back to Safe Mode and now it also gives the same STOP I then tried the Last Known Good config with the same STOP error Per the Microsoft Support Pages this is a problem with either winlogon exe or csrss exe and it does seem that winlogon exe is infected During the list of processes that load before Safe Mode it was hanging at avgidseh sys so after some Internet searching and per suggestions at the AVG forum I got into Recovery Console from the OEM Windows reinstall disk and renamed a series of avg sys files did not help Now a safe mode boot attempt hangs at Mup sys Tonight I tried using the AVG Recovery CD install to go into the virus vault and extract ms dll into root of C and a copy into Windows System to see if that would get me any further - it did not So I used a clean Knoppix boot disk to get onto the file system and started copying important data onto a spare drive in preparation for a possible Windows repair from the Dell OS reinstall DVD It appears that I ll have to get back into Recovery Console and manually uninstall Internet Explorer first and the recovering from a repair install doesn t sound like that much fun and my data should be OK but I ll back it up anyway However that process should allow me to get back into Windows but won t solve the malware process Is it possible to confirm that I m on the right track even though I don t yet have DDS or GMER logs to post And if so am I in the right place to start Thanks ... Read more

A:XP Blue Screen STOP 0xC000021A + trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logIMPORTANT NOTE: If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.txt & attach.txt logs. Regards,Georgi

http://www.bleepingcomputer.com/forums/t/371274/xp-blue-screen-stop-0xc000021a-trojan/
Relevancy 52.03%

Hi And Screen Infected Pc Blue With Trojan.vundo there Its been days Pc Infected With Trojan.vundo And Blue Screen already since i tried to Pc Infected With Trojan.vundo And Blue Screen clean up my computer but seems its going to dead end again And with my work dateline coming in a few days so i decided to post my problem here My PC got infected by Trojan Vundo when i try to install Viewpoint Media Player which was prompt on one free D model website So i use Malwarebytes' Anti-Malware to clean up the trojan after clean up n reboot then i scan again n will found another registry infected n clean it again Then after that i rescanned and end up found nothing anymore Later i use RegCure to clean my Registry from errors i down to only errors which cause by the empty key registry which shouldn't be harmfull Then i scan with ad-aware to see if there anything else found only tracking cookies found then i quarantine that too But then i couldn't use google com properly and trying www avg com will give me my localhost page and website like bleepingcomputer com will give me error page not found i'm writing this from other pc And now i keep getting blue screen after some times below are my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Safe modeRunning processes C Windows Explorer EXEC Windows system igfxsrvc exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook acoostic Toolbar - de - c - f a-bea - a d d - C Program Files acoostic tbacoo dllR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo COMPAN Installs cpn yt dllO - Hosts localhostO - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo COMPAN Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO Google Update Helper - D E -BD - D A- - DF B E D - C Program Files Google Update GoopdateBho dllO - BHO acoostic Toolbar - de - c - f a-bea - a d d - C Program Files acoostic tbacoo dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Yahoo IE Suggest - A CF - A - D -A CF- BE BC - C Program Files Yahoo Search YSearchSuggest dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Anmelde-Hilfsprogramm - D - C - ABF- ECC- C - C Progr... Read more

A:Pc Infected With Trojan.vundo And Blue Screen

After reading through this forum, i tried to use the ComboFix together with Vista Repair DVD. Seems the google thing and bleepingcomputer now viewable thru my computer and even the website such as avg.com no more redirected to my localhost address. I'm running Sunbelt Personal Firewall for the time being for additional protection eventho i'm not sure if this firewall is really reliable.So thanks to this forum members, you guys sure are busy helping others. Appreciate it so much. THANKS AGAIN!!! Below are my latest Hijackthis.log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:09:22, on 2008-08-18Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Samsung\Easy Display Manager\DisplayManager.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Windows\System32\igfxtray.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\LowRateVoip\LowRateVoip.exeC:\Program Files\Nonoh.net\Nonoh\nonoh.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Thunderbird-Tray\TBTray.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\Program Files\Mozilla Thunderbird\thunderbird.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Users\saleiz\AppData\Roaming\Maxthon\Maxthon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dllO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Down... Read more

http://www.bleepingcomputer.com/forums/t/163838/pc-infected-with-trojanvundo-and-blue-screen/
Relevancy 52.03%

I have downloaded a registry cleaner ( CleanmyPC ) After the program analyzed my registry, my Avast noticed lots of viruses (trojans, etc on my temp folders). I tried deleting them with avast without luck then i noticed there were "virus generating files" were on C:\ so I manually deleted them, andlater I installed Spyware Terminator to kill any virus that is still left. I did. and this morning I woke up, turned on my PC and noticed a blue screen: (The system found an error and Windows turned off due to sec. reasons.......)
Although I can start my PC now with safe mode, I didn't manage to solve any problems with: deleting the cleanmyPC program, spyware terminator, and running the chkdsk. I still think somehow that virus(es) is(are) responsible.
Any help would be appreciated!
 

https://forums.techguy.org/threads/help-trojan-blue-screen-on-winxp-start.892719/
Relevancy 51.6%

Logfile of random's system information tool written by random random Run by Naitik Bhatt at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files (search-tracker.net) trojan redirected with Infected search malware, google Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS System GEARSec exeC Infected with trojan malware, google search redirected (search-tracker.net) WINDOWS system svchost exeC Program Files Java jre bin jqs exec program files mcafee com agent mcdetect exec PROGRA mcafee com vso mcshield exec PROGRA mcafee com agent mctskshd exec PROGRA mcafee com vso OasClnt exeC Program Files Common Files Microsoft Shared VS DEBUG mdm exeC PROGRA McAfee com PERSON MpfService exeC PROGRA McAfee SPAMKI MSKSrvr exec program files mcafee com vso mcvsshld exec program files mcafee com agent mcagent exec progra mcafee com vso mcvsescn exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC WINDOWS system igfxsrvc exeC Program Files Dell QuickSet quickset exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Norton Ghost Agent GhostTray exeC PROGRA McAfee SPAMKI MskAgent exeC PROGRA McAfee com PERSON MpfTray exeC WINDOWS eHome ehmsas exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS ZSSnp exeC WINDOWS Domino exeC PROGRA McAfee com PERSON MpfAgent exeC Program Files Java jre bin jusched Infected with trojan malware, google search redirected (search-tracker.net) exeC Program Files Lavasoft Ad-Aware AAWTray exeC WINDOWS system ctfmon exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Update GoogleUpdate exeC Program Files Spybot - Search amp Infected with trojan malware, google search redirected (search-tracker.net) Destroy TeaTimer exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Google Talk Plugin googletalkplugin exeC WINDOWS system wscntfy exeC Program Files FrostWire FrostWire exeC Documents and Settings Naitik Bhatt Desktop RSIT exeC Program Files trend micro Naitik Bhatt exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Internet Explorer Main Start Page www google com ig dell hl en amp client dell-usuk amp channel usR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId ... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/237586/infected-with-trojan-malware-google-search-redirected-search-trackernet/
Relevancy 51.17%

On others XP Stolen.data screen & plus blue Agent, Trojan May in the Am I Infected Trojan Agent, Stolen.data & others plus XP blue screen forum Quietman suggested I posted a HJT log here Topic referenced is here http www bleepingcomputer com forums t backdoorbot-infections OB From this posting date you can see that business took me away for some weeks and I left my Desktop computer off running Windows XP Home SP I ran Spybot Search amp Destroy and it found Win Agent pz Win Zbot These problems were fixed and I then ran Malwarebytes which found Backdoor botTrojan AgentStolen dataMalware TraceWorm KoobfaceThese Trojan Agent, Stolen.data & others plus XP blue screen were all quarantined and deleted successfully Using the Sofware programs Trojan Agent, Stolen.data & others plus XP blue screen some weeks ago I thought I had cleared these but it seems not I have run both programs again and both report all clear However to compound the annoyance I now get the Blue Screen of Death with XPwhich shuts down XP and leaves the screen which says that it has closed down Windows XP to prevent harm and says it is BAD POOL CALLER The technical details are STOP X C X X CD X X C A Having thought I had got rid of the Malware I am somewhat worried by the appearance of this screen and XP closing down The reboots all appear to be normal Anyway as suggested by Quietman I attach the DDS log I do have HijackThis and can post the log if requested Obviously any help or guidance would be appreciatedDDS Ver - - - NTFSx Run by Gerald at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV Kaspersky Anti-Virus On-access scanning enabled Updated C D BC - - -A F -E C FW ZoneAlarm Firewall enabled BDA - B - F - -F FCFF F B FW COMODO Firewall Pro enabled A - F - ef -AFC -F E A B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exec program files common files logitech lvmvfm LVPrcSrv exeC WINDOWS Explorer EXEC Program Files NVIDIA Corporation NvMixer NVMixerTray exeC WINDOWS system RunDLL exeC Program Files Common Files Real Update OB realsched exeC Program Files QuickTime qttask exeC WINDOWS system LVCOMSX EXEC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Java jre bin jusched exeC WINDOWS system rundll exeE Program Files ZoneAlarm zlclient exeC Program Files Lavasoft Ad-Aware AAWTray exeC WINDOWS system ctfmon exeE Program Files Eraser eraser exeE Program Files Spybot - Search amp Destroy Spybot - Search amp Destroy TeaTimer exeE Program Files SuperAntiSpyware SUPERAntiSpyware exesvchost exeC Program Files AskBarDis bar bin AskService exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files CyberLink PowerCinema Kernel TV CLCapSvc exeC Program Files CyberLink PowerCinema Kernel TV CLSched exeC Program Files CyberLink Shared Files CLML NTService CLMLServer exeC Program Files DriveCrypt DcrServ exeC Program Files CyberLink Shared Files CLML NTService CLMLService exeC Program Files Java jre bin jqs exeC Program Files Kontiki KService exeC WINDOWS system nvsvc exeC Program Files TalkTalk bin sprtsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Common Files Supportsoft bin tgsrvc exeC Program Files Canon CAL CALMAIN exeE Program Files Corel programs wpwin exeE Program Files HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC Program Files Internet Explorer iexplore exeC Documents and Settings Gerald Desktop dds scr Pseudo HJT Report uStart Page hxxp uk reuters com WT mc id ext SEM Google reuters amp WT srch mWindow Title Tiscali Internet AccessTB ZoneAlarm Spy Blocker Toolbar d e-fd b- e -b - d b f - c program files askbardis bar bin askBar dllTB CDD BF- FFB- - AD - DF B D - No FileTB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dlluRun CTFMON EXE c ... Read more

A:Trojan Agent, Stolen.data & others plus XP blue screen

Just noticed reading the DDS log that it says I have Comodo Firewall "enabled."

I am sure I had deleted this program as it clashed very badly with Kaspersky Anti Virus. Obviously there may be bits, or a Registry entry which remains?

The firewall I am using is ZoneAlarm (free).

http://www.bleepingcomputer.com/forums/t/234297/trojan-agent-stolendata-others-plus-xp-blue-screen/
Relevancy 51.17%

hello and thanks for the site blue death, screen of suspect rootkit/trojan Some background I am running windows XP professional on and HP DV notebook with GB DDR RAM Recently I had a problem with my computer involving a stopped svchost exe process which jacked my system up It caused my system to go to blank blue screen right before the Welcome quot screen should normally pop up I did a in-place re-install of windows which fixed the blue screen but after which I had problems with updating windows one of the updates kept causing the blue screen to re-appear Long story short after try many things I unistalled all of the antivirus antispyware software I had on my system suspecting a confict between one of these and the new updates This suprisingly seemed to work Problem is after blue screen of death, suspect rootkit/trojan fixing the boot problem blue screen of death, suspect rootkit/trojan a trojan seemed to have made it s way onto my system while I had no protection Now I had to deal with this trojan I ran spybot search -and-destroy and trojan remover but before I could install any other AV software I got an blue screen of death, suspect rootkit/trojan error screen on blue screen saying an error occured and windows needed to shut down This brings me to the purpose for my post Here is the error message x E xC x AC CBC xAA B x It then did a memory dump and after completion I restarted Everytime windows would get to my desktop before it could load any startup programs it would go to the same error screen and I would have to restart Unlie some other posters I read mine was not an intermittant problem but happens everytime I boot in normal mode without fail The rd and rth set of numbers in the error message would change everytime First I tried system restore in safe mode to no avail did not work at all Disabled the quot reboot on system failure quot as well which did nothing I can boot just fine in safe mode I am currently using safemode with networking so that I can get online and find a possible solution I have run HD and memory diagnostic scans from disc on boot up both show no errors I ran spybot and trojan remover in safemode and between the two was able to eliminate most of the spyware trojans found on my system All that remain is a Dealio exe which appears to contain some malware file and on one of the earlier scan tojan remover found what it suspected as containing a rootkit file and couldn t deal with it It did not show up on subsequent scans but I suspect it is still there I read a few places on other forums where the rootkit Rustock A caused problems similar to mine Anyway I tried intalling some other rootkit removers RootkitRevealer AVG anti-rootkit F-secure Blacklight and Icesword which havn t tried to use for fear of messing things up worse but they all won t run or install in safemode and I cannot successfully boot in normal mood I tried running debugging tools for microsoft so I could post a minidump for you all but that wouldn t run in safemode either I ran a search option with smitfraudfix but at certain points it said that registry editing was disabled by my system administrator which I have rights but I don t know how to enable registry editing so I don t know what good it did I will enclude the log anyway SmitFraudFix v Scan done at Thu Run from C Documents and Settings Israel Temple Desktop Diagnostics SmitfraudFix OS Microsoft Windows XP Version - Windows NT The filesystem type is NTFS Fix run in safe mode Process C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Internet Explorer iexplore exe C WINDOWS system ctfmon exe C Program Files Microsoft Office Office WINWORD EXE C WINDOWS system cmd exe hosts C C WINDOWS C WINDOWS system C WINDOWS Web C WINDOWS system C WINDOWS system LogFiles C Documents and Settings Israel Temple C Documents and Settings Isra... Read more

A:blue screen of death, suspect rootkit/trojan

I managed to run smitfraudfix with registry editing enabled, here is the log:

SmitFraudFix v2.207

Scan done at 11:27:03.79, Fri 07/27/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A3B151F-A179-4285-8E5F-128A99DF6FBE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0A3B151F-A179-4285-8E5F-128A99DF6FBE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0A3B151F-A179-4285-8E5F-128A99DF6FBE}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
 

https://forums.techguy.org/threads/blue-screen-of-death-suspect-rootkit-trojan.600395/
Relevancy 51.17%

Ok, I have been fighting this stupid thing with no success. I have spyware doctor and it finds and removes the virus fine- but upon restart I get the blue screen of death and have to do a system restore which of course puts the dumb thing back.
 
I have uploaded an image that gives location.
Any help will be most appreciated.
Thanks,
Steve
 virus location.png   55.41KB
  9 downloads

A:trojan.zeroaccess in desktop.ini/GAC_32 blue screen

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue!Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!If I instruct you to downloada specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;) Because of this, you must reply within 3 daysfailure to reply will result in the topic being closed!I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ñ an advanced kernel mode rootkitNEXT:

One or more of the identified infections is a backdoor trojan and password stealer.
This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.
I highly suggest you... Read more

http://www.bleepingcomputer.com/forums/t/488113/trojanzeroaccess-in-desktopinigac-32-blue-screen/
Relevancy 51.17%

I have been infected with a smitfraud trojan The best way I can see of fixing it is a program called smitfraudfix Seems to be working for other people but my problem is that when I try to boot my computer in safe mode I get the blue screen of death I have to push the power button on my comp to restart it and then if i boot it normally everything works fine So i need to be able to boot in safe mode to run this fixing program but can't Any help would be appreciated ThanksOh and here Safe Mode Screen Blue Trojan Smitfraud And is Smitfraud Trojan And Blue Screen Safe Mode my hjt logLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Smitfraud Trojan And Blue Screen Safe Mode Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS Explorer EXEC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS System svchost exeC Program Files Advanced Registry Doctor RegManServ exeC WINDOWS system svchost exeC WINDOWS stsystra exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files DAEMON Tools daemon exeC Program Files Roxio Media Experience DMXLauncher exeC Program Files iTunes iTunesHelper exeC PROGRA Grisoft AVG avgcc exeC Program Files Common Files Real Update OB realsched exeC Program Files SlySoft AnyDVD AnyDVD exeC Program Files Windows Media Player WMPNSCFG exeC Program Files Digital Line Detect DLG exeC Program Files iPod bin iPodService exeC Program Files Mozilla Firefox firefox exeC Program Files Hijack This HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO no name - - E - b -BBF -C D B BCE C - no file O - BHO no name - CAE - C E- - C A- ECB B - C Program Files Internet Explorer holemuvyj dllO - BHO no name - C FABF- F- - - CC FAC - no file O - BHO no name - E EEFFED- CD- CF -A F - D FEE - no file O - BHO no name - EF A F- B - A A- F - B F C A - C Program Files Internet Explorer holemuvyj dllO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run MSKDetectorExe C Program Files McAfee SpamKiller MSKDetct exe uninstallO - HKLM Run CloneCDTray quot C Program Files SlySoft CloneCD CloneCDTray exe quot sO - HKLM Run DAEMON Tools quot C Program Files DAEMON Tools daemon exe quot -lang O - HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot O - HKLM Run DMXLauncher quot C Program Files Roxio Media Experience DMXLauncher exe quot O - HKLM Run RoxioDragToDisc quot C Program Files Roxio Drag-to-Disc DrgToDsc exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXEO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched ex... Read more

A:Smitfraud Trojan And Blue Screen Safe Mode

Hello and welcome to BC Sorry for the delay in looking into your problem. Scan with HijackThis and put a checkmark against the following entries:O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - (no file)O2 - BHO: (no name) - {6272CAE9-6C1E-4154-9C4A-5ECB5790B878} - C:\Program Files\Internet Explorer\holemuvyj83122.dllO2 - BHO: (no name) - {72C5FABF-667F-4155-9246-8CC20FAC0775} - (no file)O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - (no file)O2 - BHO: (no name) - {EF6A664F-8B75-4A5A-96F5-97B5317F2C8A} - C:\Program Files\Internet Explorer\holemuvyj4444.dllClose all browsers/windows other than HijackThis and click on "fix checked".=================================Download Combofix and save it to your desktop.**Note: It is important that it is saved directly to your desktop**Close any open browsers. Disconnect from the internet.
Close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix. Remember to re-enable them when you are done.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

http://www.bleepingcomputer.com/forums/t/114488/smitfraud-trojan-and-blue-screen-safe-mode/
Relevancy 51.17%

My antimalware software antimalwarebytes pick in C:/windows< Trojan TDDSKiller < Blue Screen Svchost.exe up a trojan and tried to remove it After serveral restarts it is still there doing a bit of searching I found that it was actually a virus and was recommended to use TDDSkiller I ran TDDSKiller and as soon as I clicked the button to fix I got a blue screen On restart my comp will Svchost.exe Trojan in C:/windows< TDDSKiller < Blue Screen load my alienware logo but then goes to a blank screen with a blinking cursor I have an M x Alienware with Win bit Home Premium which I tried reloading windows and it did not fix it I can t access safemode F I can get into BIOS F and BOOT F menus I did a little digging and found someone with a similar issue on this forum http www bleepingcomputer com forums topic html I ran every instruction on post Here is what I have REPORT TXTTue Jun UTC Driver report for mnt sda Windows System drivers edd f db fdf dd bus sysMicrosoft Corporation b f f b f cc d ohci sysMicrosoft Corporation b a ce bf e af dcc cada acpipmi sysMicrosoft Corporation f e cdefd f aa f ddfe acpi sysMicrosoft Corporation f b b f c b ac f bf adp xx sysAdaptec f ee ea a d ced adpahci sysAdaptece c f fb b c b e adpu sysAdaptecb e d bc c a db bc afd sysMicrosoft Corporation ecff b b f a a a e agilevpn sysMicrosoft Corporation c dba d cb ed a a AGP sysMicrosoft Corporation a a ad c ca ee aliide sysAcer Laboratories ff b c ce c f c c amdide sysMicrosoft Corporation f cff a ef d cda amdk sysMicrosoft Corporation e b fe d c eb c d amdppm sysMicrosoft Corporation a b c cf a d amdsata sysAdvanced Micro Devicesf f e ed ff a f b b amdsbs sysAMD Technologiesb ad cacbab dd f ef e d amdxata sysAdvanced Micro Devices fd b fa e c bb f e appid sysMicrosoft Corporation af aefe f c fe c arcsas sysAdaptecc f ceb c db c e arc sysAdaptec ce cc cea b asyncmac sysMicrosoft Corporation c b b edc e c a f c atapi sysMicrosoft Corporationaa f a d ed ed cec ataport sysMicrosoft Corporationb ace a eeb ebfd df b nd a sysBroadcom Corporationf de ae a e badac bc ea c battc sysMicrosoft Corporation a ce decc b a f beep sysMicrosoft Corporation ee c a c acd b d blbdrive sysMicrosoft Corporation ce d dc dd e a d b bowser sysMicrosoft Corporationf eee edc b e f fde c BrFiltLo sysBrother Industriesb d e bdb bea b be BrFiltUp sysBrother Industries c f a e d aae b bridge sysMicrosoft Corporation bea d bf f e d e a bd BrSerId sysBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother IndustriesBrother Industriesa eca b a caceca c f b BrSerWdm sysBrother Industriesb c e cf bd cd BrUsbMdm sysBrother Industriesa c e ea a b bf BrUsbSer sysBrother Industries da f d f ab eb bf a e bthmodem sysMicrosoft Corporation e b f c bb bxvbda sysBroadcom Corporationb bd bb c c a cdfs sysMicrosoft Corporation d d e efb b c f db cdrom sysMicrosoft Corporationd cd c e b fa cfb cf circlass sysMicrosoft Corporation f ed f cb b a f d a c fd Classpnp sysMicrosoft Corporation d bddf f a c bd CmBatt sysMicrosoft Corporatione d f d f b edd cmdide sysCMD Technologyf fd cb da ba a ce f b c e cng sysMicrosoft Corporation de c f f c e ad compbatt sysMicrosoft Corporationf b a f fa ca b ab CompositeBus sysMicrosoft Corporation e b ec ba d a c crashdmp sysMicrosoft Corporation c a c fe f ee crcdisk sysMicrosoft Corporation f dc acb e afe ef da dfsc sysMicrosoft Corporation b ec f f c f e ab discache sysMicrosoft Corporation a b c be dd e cee Diskdump sysMicrosoft Corporation eee b ea ec af b a c disk sysMicrosoft Corporation b fe d e f b c a d f c Dumpata sysMicrosoft Corporation db f a cf dumpfve sysMicrosoft Corporationbf d f ed fe bfd b f e dxapi sysMicrosoft Corporation cb d b ce c bc f f d cec dxgkrnl sysMicrosoft Corporationddb ad ba db e adc dxgmms sys edd f db... Read more

A:Svchost.exe Trojan in C:/windows< TDDSKiller < Blue Screen

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/456759 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just... Read more

http://www.bleepingcomputer.com/forums/t/456759/svchostexe-trojan-in-cwindows-tddskiller-blue-screen/
Relevancy 51.17%

Hi On startup I get a windows msg that comes up with unkownn win trojan then a blue screenwhich says A problem has been detected and windows has been shutdown to prevent damage to the computer IRQL NOT LESS OR EQUAL collecting data for crash dump I can work in safe mode which I was on to collect the logs Thanks for your help DDS Ver - - - NTFSx NETWORK Run by computer fix at on Fri Internet Explorer Microsoft Windows Vista Home Premium GMT - AV Norton Internet Security On-access scanning enabled Outdated E A - - -B - C C F SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP Norton Internet Security disabled Outdated CBB EE - - DAB- B -D C AA E A FW Norton Internet Security disabled C A C -F F- AC -B -A E C F Running Processes C on then getting unkown win32/trojan. blue screen startup Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k NetworkServiceC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows Explorer EXEC Program Files Mozilla Firefox firefox exeC Windows system wbem wmiprvse exeC Users computer fix Downloads dds scr Pseudo HJT Report uStart Page hxxp www sony com vaiopeopleuDefault Page URL hxxp www sony com vaiopeoplemDefault Page on startup getting unkown win32/trojan. then blue screen URL hxxp www sony com vaiopeopleBHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO e a - - d f-beae-d a c - c program files common files symantec shared coshared browser NppBho dllBHO Canon Easy-WebPrint EX BHO d ad-bfff- f -bf b-a c fed - c program files canon easy-webprint ex ewpexbho dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO AOL Toolbar Launcher c - cb - a -b f - ea c f - c program files aol aol toolbar aoltb dllBHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dllTB AOL Toolbar de c f- - a - b-aa ed d - c program files aol aol toolbar aoltb dllTB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dllTB Show Norton Toolbar -f - -b -fbee c b df - c program files common files symantec shared coshared browser UIBHO dllTB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dllTB Canon Easy-WebPrint EX d - c f- -bab - a f c c f - c program files canon easy-webprint ex ewpexhlp dllEB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dlluRun Sidebar c program files windows sidebar sidebar exe autoRunuRun tmp c users computer fix appdata roaming defender exeuRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exemRun Windows Defender quot c program files windows defender MSASCui exe quot -hidemRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun AppMon Utility quot c program files sony appmonutil AppMonUtility exe quot StartmRun NvCplDaemon quot RUNDLL EXE quot c windows system NvCpl dll NvStartupmRun NvMediaCenter quot RUNDLL EXE quot c windows system NvMcTray dll NvTaskbarInitmRun lt NO NAME gt mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun IS CfgWiz quot c program files common files symantec shared opc d -d c- da - ... Read more

A:on startup getting unkown win32/trojan. then blue screen

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

http://www.bleepingcomputer.com/forums/t/344923/on-startup-getting-unkown-win32trojan-then-blue-screen/
Relevancy 51.17%

I was directed to place a gmer log on this site, but computer gave blue screen twice. can I try to run in safe mode?

A:Blue screen while trying to generate gmer log after trojan alureon.fq

I was directed to this forum by narenxp from the "Am I infected forum" after several, several steps trying to clear up problems from Trojan-Alureon.fq to post dds and gmer logs but now I have twice been shut down to blue screen while trying to run gmer log, I successfully got the dds logs. I was wondering if I could try to get the gmer log in safe mode, will it have all the information needed? (hopefully wont go to blue screen)I have been having several internet problems and about 3 blue screens since, linked below are the steps I have already done to attempt to clear all this up but right now I am just trying to get the proper logs. http://www.bleepingcomputer.com/forums/topic471798.htmlI finally could run the gmer scan in normal mode,the requested logs are posted below:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2Run by bronson at 21:05:52 on 2012-10-16Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.285 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files\Secunia\PSI\PSIA.exeC:\Program Files\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files\Dell DataSafe Local Backup\Toaster.exeC:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEc:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\WSED\WSED.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\... Read more

http://www.bleepingcomputer.com/forums/t/472226/blue-screen-while-trying-to-generate-gmer-log-after-trojan-alureonfq/
Relevancy 51.17%

About three friends came up to me with a virus in their computer. The first sign is the blue screen of death wallpaper that their desktop shows. when I ran their antivirus, it does not erase it, it only tells their is a virus in memory.
their antivirus is bullguard.
 

A:blue screen of death wallpaper. Caused by a trojan

Try an online virus scan:

Housecall : http://housecall.antivirus.com/housecall/start_frame.asp
Panda: http://www.pandasoftware.com/activescan/
 

https://forums.techguy.org/threads/blue-screen-of-death-wallpaper-caused-by-a-trojan.357365/
Relevancy 51.17%

Hi there I've run into this virus trojan and am also experiencing blue screen of death When it came up I quickly shut down what I was working on and checked my browser which was hijacked I shut down the machine thinking that I would use system restore I was able to go into Safe Mode and the screen came up asking if I wanted to do a system restore which I did It completed successfully and when I rebooted I got a blue screen indicating to try to run chkdsk f I've tried several times to go into Safe mode with networking or other options but it also seems to blue Screen Blue trojan 2012 XP Internet Security with screen as it's loading my personal settings I can't seem to download Malwarebyte's or anything else nor does it seem to see any XP Internet Security 2012 trojan with Blue Screen files on my flash drives I'm not sure what to do next Sorry I can't seem to do the initial things you request before posting but I can't keep my machine going very long I would appreciate any help you can give to get me going again Thanks

A:XP Internet Security 2012 trojan with Blue Screen

Hello and welcome to TSF

A few questions for you. Do you have the install disk for your computer? Also, am I correct that you have access to another computer besides the infected one and does it have a usable CD burner?


Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

http://www.techsupportforum.com/forums/f100/xp-internet-security-2012-trojan-with-blue-screen-587679.html
Relevancy 50.74%

Hey
Everytime I use my computer it only lasts about 5 or 10 minutes before blue screening and restarting... I am using Windows Vista.
Windows defender comes up and says I have a trojan called fakepowav and I constantly remove it only for it to come back again
Downloaded Malwarebytes and it found it and removed it, but the blue screen still happened, and each subsequent time I use malwarebytes 5 or more so infections pop up
any help would be appreciated
 

https://forums.techguy.org/threads/trojan-win32-fakepow-av-windows-keeps-crashing-to-blue-screen.766869/
Relevancy 50.74%

Lengthy explanation of scenario Hi my computer has been on the way out for sometime and lately I think I've got some kind of trojan on it My computer was on in the background idling and it turned itself off and rebooted After Win32.BackDoor-DNM / trojan / blue screen svchost.exe / popup that I was presented with a popup Win32.BackDoor-DNM popup / svchost.exe / trojan / blue screen it hasn't come up since so I don't have the exact details for you it was similar to the following except the name was Win BackDoor-DNM So I did click on enable protection and it links to some virus sortware webpage which seems to be endorsed by Windows windows gold security or something It had a download button beside a buy it now button which confused me and I wasn't paying for anything so I didn't click on anything on the page When I opened my firefox browser there was a page saying quot Insecure Internet activity Threat of virus attack Due to insecure Internet browsing your PC can easily get infected with viruses worms and trojans without your knowledge and that can lead to system slowdown freezes and crashes quot Again it looked fairly firefoxy I think it had a link saying enable security protection or something but I didn't follow it So I downloaded spybot S amp D and ran that along with AVG and Windows Malicious MRT thing The MRT thing jammed halfway so I did the quick scan version and that came out ok AVG came up with a few things but these have been coming up for a while Ntoskrnl exe shell dll user dll kernel dll wsock dll have all been coming up as quot change quot In reading around though I was kind of given the impression that this wasn't something to be concerned about as this could be due to a windows update Spybot came up with problems nearly all of which were tracker cookies There was a quot hijacker quot result as well though for a registry value Problem CoolWWWSearch Svchost when I expand this it says SBI C BE Autorun settings SVCHOST exe HKEY USERS S- - - - - - - SOFTWARE Microsoft Windows CurrentVersion Run SVCHOST EXE I quot fixed the problem quot and this was deleted Was still having the problems with the popups coming up though so I don't know if that had anything to do with it This morning when I turned on my computer it loaded up and an AVG popup came up saying it had identified a trojan downloader trying to execute sorry for not having exact details of this message so I told it to quot heal quot and it said it was healed and haven't seen that since However it then crashed fairly soon after to a blue screen error PAGE FAULT IN NONPAGED AREA STOP x xFEFEFEFE x x DC x Turned it off and reloaded and it loaded to just my desktop background and spybot loaded up to do a scan The toolbar and files on desktop were not visible during this time I decided to quot recover quot the svchost exe file as this blue screen error was a new problem When I closed spybot once it had finished everything loaded up and I immediately backed up recent work The blue screen error appeared again halfway through this process Turned off then reloaded again and things have been going ok long enough to run the scans and get online etc So where I am now the quot you have a trojan quot popups seem to have stopped and similarly when I open firefox the message comes up no more I still have that svchost exe file coming up in spybot what should I do with this Any ideas am I safe to use the net have been avoiding anything that involves me entering passwords or details in the meantime Oh I also have a horizontal line of dead pixels that appeared a few weeks ago apparently out of nowhere and I've noticed today there's another one Nightmare Basically my laptops pushing years and it seems to just be one thing after another very temperamental Thanks for your help Details DDS Ver - - - NTFSx Run by Jennifer at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV AVG On-access scanning enabled Updated Running Processes C WINDOWS system Ati evxx e... Read more

A:Win32.BackDoor-DNM popup / svchost.exe / trojan / blue screen

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/win32-backdoor-dnm-popup-svchost-exe-trojan-blue-screen-351381.html
Relevancy 50.74%

Update on my situation please refer to http www techsupportforum com secu ue-screen html for background information Sorry for the delay my computer has been functioning fairly normally quot normally quot being extremely slow but I rely on it for my university work so I was avoiding / Win32.BackDoor-DNM svchost.exe / blue screen popup trojan / doing any more lengthy scans Anyway I worked through your instructions on Sunday and everything went fairly well down to the Kaspersky online scan I linked up my external hard drive as well as my usb as instructed which was not something Win32.BackDoor-DNM popup / svchost.exe / trojan / blue screen I'd intentionally done before in previous scans It was running all day and I had to leave it on overnight It did detect something on my external hard Win32.BackDoor-DNM popup / svchost.exe / trojan / blue screen drive the first two variables read I think file name and threats detected However when I got up this morning my computer had turned off when I turned it on again it resumed scanning It was on about hours and was still going on my external hard drive having seemingly finished with my C drive I'd guess It was on about at this point When I went back to check on it's progress I was met with a blue screen error The top was cut off by the screen but it said the following quot for any windows updates you might need Run the driver verifier against any new or suspect drives If that doesn't reveal the corrupting driver try enabling special pool Both of these features are intended to catch the corruption at an earlier point where the offending driver can be identified If you need to use safe mode to remove or disable components restart your computer press F to select Advances startup options and to select safe Mode If this is the first time you've seen this stop error screen restart your computer If this screen appears again follow these steps Check to make sure any new hardware or software isproperly installed If this is a new installation ask your hardware or software manufacturer for any windows updats you might need If problems continue disable or remove any newly installed hardware or software Disable BIOS memory options such as caching or shadowing If you need to use Safe Mode to remove or disable components restart your computer press F to select Advanced Startup Options and selct Safe Mode Technical Information STOP x xFEFEFF x x x DE Beginning dump of physical memory Physical memory dump complete Contact your system administrator or technical support group for further assistance quot So I restarted my computer Another thing which has arisen since I started implementing your advice is a quick screen coming up asking me to select my operating system the first one about a recovery console and the second one which is automatically highlighted is Windows XP I don't have the exact details as it flashed up pretty quickly I've also been getting for the past few days a new popup saying quot You're about to lose your AVG Protection All updates for AVG free will stop soon When that happens you'll lose your protection against the thousands of new viruses that appear everyday Stay safe and upgrade to AVG today You'll get - protection against the latest viruses - protection against new web threats - even faster scanning for viruses and spyware Download later Download amp Upgrade quot I have kind of been ignoring this so far as I had those rogue security popups previously Think that's about it I restarted the Kaspersky scan this morning and have left it running I had to remove my usb though because I need something to work on at uni Maybe something else to mention was that my avg scanner did start scanning at pm last night I cancelled it when I noticed but maybe that messed up the Kaspersky thing Also AVG has been coming up with or new files that have quot changed quot I don't have a note of them to hand I shall update you if the scan manages to complete Thanks

A:Win32.BackDoor-DNM popup / svchost.exe / trojan / blue screen

Quote:





Originally Posted by Jenni.fer



I shall update you if the scan manages to complete.




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 16, 2009 09:45:15
Records in database: 1914530
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 189264
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 25:25:18


File name / Threat name / Threats count
F:\D drive\Program Files\Backup\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

The selected area was scanned.

http://www.techsupportforum.com/forums/f284/win32-backdoor-dnm-popup-svchost-exe-trojan-blue-screen-356617.html
Relevancy 50.74%

My computer has limited or no connectivity but the internet connection is fine it works with my laptop Norton Antivirus randomly says it has automatically blocked Trojan Fake AV but there is no internet or programs running When I try to run a full system scan it starts and finishes but when it completes it says error scanning Computer start up is slow and logging in takes time Computer performance varies each time I log in laggy sometimes it freezes and sometimes it works normal When my desktop loads the start menu is unaccessible it has a hourglass and does not work until explorer exe is stopped and restarted I have tried to Infected pops with screen up Trojan.FakeAV., randomly Blue re-install Windows XP but I get a blue screen reading A problem has been detected and Windows has been shut down to prevent damage to your computer If it is the first time you ve seen this Stop error screen restart your computer If this screen appears again follow these steps Check for viruses on your computer Remove any newly installed hard drives or hard drive controllers Check your hard drive to make sure it is properly configured and terminated Run CHKDSK F to check for hard drive corruption and then restart your computer Technical information STOP x B xF x x Microsoft Windows XPMedia Center EditionVersion Service Pack Inter Core CPU GHz GHz MB of Infected with Trojan.FakeAV., Blue screen randomly pops up RamPhysical Address ExtensionIt is a Dell XPS DDS Ver - - - NTFSx MINIMAL Run by Administrator at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS system svchost exe -k netsvcsC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Documents and Settings Administrator VENEGAS Desktop dds scr Pseudo HJT Report uInternet Connection Wizard ShellNext hxxp url urtbk com cpv jsp p amp ip amp url http A F Fen-us www mozilla com Fen-US Ffirefox F Ffirstrun F amp context Welcome to Firefox amp selectedKeyword firefox mozilla amp selectedListingId amp default http A F F F Fsource Dvenus ron affid D guid D daa b e d eba bc b a d e uid D aba f b c debf ffffff rid Dota ver D m D sc b D mSearchAssistant hxxp www google com ieBHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program files norton engine coIEPlg dllBHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files norton engine IPSBHO DLLTB CCC A -B CA- -B A - F DD - No FileTB amp Windows Live Toolbar fa ef- d- d - b f- a d - c program files windows live toolbar wltcore dllTB Norton Toolbar febefe - b - - d -ffb d b ca - c program files norton engine coIEPlg dlluRun ctfmon exe c windows system ctfmon exeuRun Uniblue SpyEraser quot c program files uniblue spyeraser SpyEraser exe quot -mdPolicies-explorer NoSetActiveDesktop x dPolicies-explorer NoActiveDesktopChanges x dPolicies-system DisableTaskMgr x IE E amp xport to Microsoft Excel - c progra mi office EXCEL EXE IE C - CB - a-A C -D FCDDC D - F B - A - F - DB-E F AEC - c program files windows live writer WriterBrowserExtension dllIE EAF BB - F- D - - C FAE D F - EAF BB - F- D - - C FAE D F - c progra mi aa INetRepl dllIE EAF BB - F- D - - C FAE D F - EAF BB - F- D - - C FAE D F - c progra mi aa INetRepl dllDPF - f - bb - d -fa d f a ab - c program files yahoo common Yinsthelper dllDPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current polarbear ultrashim cabDPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabDPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabDPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com pub shockwave cabs flash swflash cabSEH AE D - AFB- E - A-EBB F A DA - No FileLSA Authentication Packages msv nwprovauLSA Notification Packages scecli hulahake dll FIREFOX FF - ProfilePath - c docume admini ven applic mozilla firefox ... Read more

A:Infected with Trojan.FakeAV., Blue screen randomly pops up

Hello picture167148Welcome to BleepingComputer ========================Ok it appears that your problems are caused by a corrupted file system.From your event log shows this:QUOTEThe file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:May be a good time to back up anything important.Go to Start >Run type in cmd then hit ok.THen type in this chkdsk /r /f then hit enter.Type in Y at the prompt and then restart the computer.Let it run through this check and then let me know how it goes.

http://www.bleepingcomputer.com/forums/t/328530/infected-with-trojanfakeav-blue-screen-randomly-pops-up/
Relevancy 50.31%

Hey For the last two weeks I have randomly started having a ton of problems with my laptop First Incredibar showed up and I screen trojan/no on death google/blue links of Incredibar/svchost tried to keep deleting it but then I realized it was spyware or something so I got a AVAST and Malwarebytes downloaded Malwarebytes kept blocking a ton of things but the process was always from svchost A couple times it would say that I need to quarantine a trojan agent that was in svchost exe Ever since I got AVAST downloaded anytime I search something on google nothing appears A blank white screen appears Finally now I get the blue screen of death every couple of hours stating a physical dump I started my laptop in safemode after the last physical Incredibar/svchost trojan/no links on google/blue screen of death dump blue screen I ran AVAST Incredibar/svchost trojan/no links on google/blue screen of death and found o corrupted Trojan files so I deleted all of them and then ran at Boot scan as well Also while in safemode I deleted Incredibar When I started it back on normal so I could post here I still get threats from AVAST saying malicious URLs from svchost exe Not sure what to do so here are my logs Thanks a lot in advance -------- Here is the hijackthis log Incredibar/svchost trojan/no links on google/blue screen of death Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x HP SimplePass TouchControl exe C Program Files x HP SimplePass BioMonitor exe C Program Files x CyberLink YouCam YCMMirage exe C Program Files x Spyware Doctor pctsTray exe C Users HP AppData Roaming Dropbox bin Dropbox exe C Program Files x Intel Intel R Rapid Storage Technology IAStorIcon exe C Program Files x Renesas Electronics USB Host Controller Driver Application nusb mon exe C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Hewlett-Packard HP On Screen Display HPOSD exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Mozilla Firefox firefox exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files AVAST Software Avast AvastUI exe C Program Files x Mozilla Firefox plugin-container exe C Users HP Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http mystart incredibar com mb a PQnOrGFUg amp i R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g msn com HPNOT R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http g msn com HPNOT R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer optimized for Bing and MSN R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO CrossriderApp - - - - - - C Program Files x Premiumplay Codec-C Premiumplay Codec-C dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Browser Defender BHO - A F D B- - FF -B - CCE E - C Program Files x Spyware Doctor BDT PCTBrowserDefender dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GROOVEEX DLL O - BHO TSBHO Class - E-EC C- C -A C-E C B B B - C Program Files x HP SimplePass IEBHO dll O - BHO avast WebRep - E E -AD D- bf-AC D-D F D - C Program F... Read more

A:Incredibar/svchost trojan/no links on google/blue screen of death

UPDATE: Google works, but the links lead to a misleading site, so I am pretty sure it has to be spyware. Incredibar is nowhere on my computer now. I only use Firefox as my internet browser
 

https://forums.techguy.org/threads/incredibar-svchost-trojan-no-links-on-google-blue-screen-of-death.1044387/
Relevancy 50.31%

HIWhen we use a search engine and click on the recommended link we are redirected to a different site Sometimes our computer even crashes or we receive a warning message that when with down screen closing redirect virus/trojan/malware and blue issue our computer is being infected instead of just being redirected We d appreciate any help we can get on this Previous to this issue we were and continue to now get a blue screen when we close down our computer The bluescreen error says STOP X E XC X XB E B X Also a Just-in-time debugging message appears which says possible debuggers new instance of microsoft script editor Not sure why but we can t get it issue with redirect virus/trojan/malware and blue screen when closing down to go away even if we open the task manager and try to end task Thanks TeresaAnd thanks to whomever laid out the preparation guide I ve attached the attach file and the ark fileHere is the DDS txt logDDS Ver - - - NTFSx Run by The Werners at on Fri Internet Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Outdated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS system Ati evxx exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS Explorer EXEC Program Files Intel Wireless Bin WLKeeper exesvchost exesvchost exeC WINDOWS system spoolsv exesvchost exeC Program Files Java jre bin jqs exeC Program Files Common Files McAfee HackerWatch HWAPI exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exeC PROGRA McAfee VIRUSS mcods exeC PROGRA Intel Wireless Bin XConfig exec PROGRA COMMON mcafee mcproxy mcproxy exec PROGRA COMMON mcafee redirsvc redirsvc exeC PROGRA McAfee VIRUSS mcshield exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files McAfee MPF MPFSrv exeC PROGRA McAfee MPS mps exeC Program Files McAfee MSK MskSrver exeC Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exec PROGRA mcafee com agent mcagent exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files McAfee MPS mpsevh exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exe -k imgsvcC Program Files Canon CAL CALMAIN exeC WINDOWS system taskmgr exeC WINDOWS system dwwin exeC WINDOWS system dwwin exec PROGRA mcafee msc mcuimgr exeC WINDOWS system wuauclt exeC Program Files Apoint Apoint exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files Real Update OB realsched exeC Program Files McAfee MSK MskAgent exeC Program Files SiteAdvisor SiteAdv exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Samsung Samsung Media Studio SMSTray exeC Program Files Google Quick Search Box GoogleQuickSearchBox exeC Program Files Java jre bin jusched exeC Program Files HP HP Officejet Pro K Series Toolbox HPWUTBX exeC PROGRA WALGRE WALGRE data Xtras mssysmgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files DellSupport DSAgnt exeC WINDOWS system ctfmon exeC Program Files Digital Line Detect DLG exeC Program Files Apoint Apntex exeC Program Files CASIO Photo Loader Plauto exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC PROGRA MICROS OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC PROGRA COMMON McAfee EmProxy emproxy exeC WINDOWS system wscntfy exec PROGRA mcafee com agent mcupdate exeC Documents and Sett... Read more

A:issue with redirect virus/trojan/malware and blue screen when closing down

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do no... Read more

http://www.bleepingcomputer.com/forums/t/287242/issue-with-redirect-virustrojanmalware-and-blue-screen-when-closing-down/
Relevancy 50.31%

Well thanks for nothing.
I solved it.

Your site lies, fast help my ***.
 

A:HELP! Blue screen of death, Desktop, taskbar disappearing, Loops, help, plz! trojan

https://forums.techguy.org/threads/help-blue-screen-of-death-desktop-taskbar-disappearing-loops-help-plz-trojan.802902/
Relevancy 50.31%

McAfee Antivirus is fatal generic.dx trojan blue system error removal screen + picking up a generic dx trojan Every time the alert window pops up usually right after startup it says it they were deleted but always under different names or in different locations Also my computer will randomly just die with a fatal system error message coming up on a blue screen followed by a reboot followed by more virus detection I am assuming the two issues are related Here s my HijackThis log PLEASE HELP Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program generic.dx trojan removal + blue fatal system error screen Files Intel Wireless Bin S EvMon exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Apoint Apoint exe C WINDOWS ehome ehtray exe C Program Files Java jre bin jusched generic.dx trojan removal + blue fatal system error screen exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony ISB Utility ISBMgr exe C Program Files Sony VAIO Update generic.dx trojan removal + blue fatal system error screen VAIOUpdt exe C Program Files Sony Wireless Switch Setting Utility Switcher exe C Program Files Sony VAIO Camera Utility VCUServe exe C PROGRA Sony SONICS SsAAD exe C Program Files HP HP Software Update HPWuSchd exe C Program Files iTunes iTunesHelper exe C Program Files McAfee VirusScan Enterprise SHSTAT EXE C Program Files McAfee Common Framework UdaterUI exe C Program Files McAfee Common Framework McTray exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C Program Files McAfee Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise mcshield exe C Program Files McAfee VirusScan Enterprise vstskmgr exe C Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exe C PROGRA Pharos Bin CTskMstr exe C Program Files McAfee Common Framework naPrdMgr exe C WINDOWS system HPZipm exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtSrv exe C Program Files Sony VAIO Event Service VESMgr exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C WINDOWS ehome mcrdsvc exe C Program Files Windows Media Player WMPNetwk exe C WINDOWS system igfxext exe C WINDOWS system igfxsrvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS System alg exe C WINDOWS eHome ehmsas exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files MSN Messenger usnsvc exe C Program Files Apoint Apntex exe C Program Files Internet Explorer iexplore exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtHid exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exe C Program Files Toshiba Bluetooth Toshiba Stack TosAVRC exe C Program Files Toshiba Bluetooth Toshiba Stack tosOBEX exe C Program Files Toshiba Bluetooth Toshiba Stack tosBtProc exe C DOCUME MATTGA LOCALS Temp Temporary Directory for hijackthis zip HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www duke... Read more

A:generic.dx trojan removal + blue fatal system error screen

Closing duplicate thread, please continue here:
http://forums.techguy.org/security/575286-help-trojan-system-error.html
 

https://forums.techguy.org/threads/generic-dx-trojan-removal-blue-fatal-system-error-screen.574642/
Relevancy 50.31%

Hiya one half of my PC is a mess when I run SAS it detects Adware Vundo Variant Resident Trojan - reboot SAS loop help causing and screen blue trojan Solved: pls scan Vundo-Variant Small-GEN Adware Vundo Variant Rel so I send the items to quarantine and reboot like it asks me Now the PC won t reboot unless I select safe mode from the options that pop up When in safe mode I notice zone alarm total security won t load To get the pc to boot I have to restore the items from quarantine but even now the zone alarm suite will not activate I can see zlclient in the task manager but the user interface won t show I m currently on a dual boot and so far vista seems unaffected but I haven Solved: SAS scan causing reboot loop and blue screen - pls help trojan t accessed the other partition yet I m running avira from vista I was going to ask if it would help with the mess on the other partition but it has just detected a virus TR Crypt XPACK Gen not to sure if that is part of the problem Any help would be great Thanks nbsp

A:Solved: SAS scan causing reboot loop and blue screen - pls help trojan

Got it sorted...yeah for dual boot
 

https://forums.techguy.org/threads/solved-sas-scan-causing-reboot-loop-and-blue-screen-pls-help-trojan.744457/
Relevancy 50.31%

Hi im a new user and my computer knowledge is pretty basic in every sense of the word i did download the hijackthis program and did the scan and save the log and have no idea now where it is saved and when ive tried to go back into the program i cant my problems are my laptop crashes alot the blue screen comes blue trojan crashes computer screen comes AND and up threats CONSTANTLY backdoor up i dont really understand computer crashes and blue screen comes up AND trojan backdoor threats CONSTANTLY why and im constantly getting trojan backdoor threat pop-ups like literally every mins and the option is to quarantine or allow the files are always in my windows system folder so i basically removed every file my laptop computer crashes and blue screen comes up AND trojan backdoor threats CONSTANTLY allowed me to from my system folder and as a result think i have affected other sections of my laptop please help i cant do anything on my laptop without the threat popups coming and im beyond annoyed thanks these are my basic comp details Tech Support Guy System Info Utility version OS Version Microsoft Windows computer crashes and blue screen comes up AND trojan backdoor threats CONSTANTLY Vista Home Premium Service Pack bit Processor AMD Athlon tm X Dual-Core Processor TK- x Family Model Stepping Processor Count RAM Mb Graphics Card ATI Radeon X Mb Hard Drives C Total - MB Free - MB E Total - MB Free - MB Motherboard TOSHIBA Antivirus AVG Anti-Virus Free Edition Updated and Enabled nbsp

A:computer crashes and blue screen comes up AND trojan backdoor threats CONSTANTLY

dds:

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\sys... Read more

https://forums.techguy.org/threads/computer-crashes-and-blue-screen-comes-up-and-trojan-backdoor-threats-constantly.1052933/
Relevancy 49.88%

I am operating on Windows XP and my AVG free antivirus is saying that a trojan is infecting the following C WINDOWS system drivers agp sys I have scanned this file with Malwarebytes Anti-Malware and the scan says there is no virus present in that file Lately my computer has been going to a blue screen with white writing for no reason lately saying that there is either a problem with some newly installed software i haven t installed any new software i dont think or a driver or something This blue screen has been comeing more screen. my to causing a Trojan shut blue a to driver computer in down/turn infection and more often and right now i am operating my computer in safe mode with networking in order to have the time to write this before my computer would divert to that screen First i used system restore about two weeks ago to a point in time two weeks before the time at which i was using system restore about a month ago however the blue screen came back and started to come more frequently Recently i resotred my computer to a date months before today and i still have this blue screen which started showing up about a month ago Is there anyway you could help me with this

http://www.bleepingcomputer.com/forums/t/302261/trojan-infection-in-a-driver-causing-my-computer-to-shut-downturn-to-a-blue-screen/
Relevancy 49.88%

My computer was infected by the Virus Remover Trojan in addition to Vimax and for death of this screen errors Blue log Trojan.Win32.Monder.ahbh Hijac attack ads and Hijac this log for Trojan.Win32.Monder.ahbh errors and Blue screen of death i suspect Other viruses I can t find On January second this caused the computer to freeze wile a zone alarm scan was still running upon restarting i was able to bypass the virus and install trials Avast Protector plus and adaware I ran Hijac this log for Trojan.Win32.Monder.ahbh errors and Blue screen of death scans with each and manually deleted all the Virus Remover files but even with it gone the desktop and start menu disappeared every twenty seconds or so I ran Kaspersky Online scanner and found I had a Trojan Win Monder ahbh and four other infections I erased the only visible Trojan from my registry and when I reset the computer the desktop stopped flickering Later today while I was running an Hijac this log for Trojan.Win32.Monder.ahbh errors and Blue screen of death adaware scan the text on Firefox started to disappear randomly and I got the blue screen of death This is my current Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files Common Files Autodesk Shared Service AdskScSrv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Autodesk dsMax mentalray satellite raysat dsmax server exe C WINDOWS system nvsvc exe C Protector Plus PPAVMon exe C Protector Plus PPServ exe C WINDOWS system svchost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C PROGRA ALWILS Avast ashDisp exe C PROTEC PPTbc EXE C PROTEC PPInupdt exe C Program Files Messenger msmsgs exe C PROGRA MICROS wcescomm exe C WINDOWS system ctfmon exe C Protector Plus POPSCAN EXE C PROGRA MICROS rapimgr exe C WINDOWS system rundll exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO EWPBrowseObject Class - F E- - E - AAF- BC A A BE - C Program Files Canon Easy-WebPrint EWPBrowseLoader dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run Protector Plus Taskbar Control C PROTEC PPTbc EXE O - HKLM Run Protector Plus InstaUpdate C PROTEC PPInupdt exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run H PC Connection Agent quot C PROGRA MICROS wcescomm exe quot O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - Run Power GoExpress NA User SYSTEM O - HKUS DEFAULT Run Power GoExpress NA User Default user O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Easy-WebPrint Add To Print List - res C Program Files Canon Easy-WebPrint Toolband dll RC AddTo... Read more

A:Hijac this log for Trojan.Win32.Monder.ahbh errors and Blue screen of death

I found out that the browser crash and blue screen of death were caused by Protector plus.
I also noticed that the option to make my system 32 folder private cannot be checked in the properties menu, The same for every folder in my program files. I don't know if that's normal. I managed to delete the urqQiJYS.dll but afterwards I noticed the system 32 folder updated twice without any command to do so.
 

https://forums.techguy.org/threads/hijac-this-log-for-trojan-win32-monder-ahbh-errors-and-blue-screen-of-death.787189/
Relevancy 48.59%

I am currently operating in safe mode and Cannot 32bit due boot blue screen/minidumps Virus to in on - Windows mode normal Trojan Vista I have run BitDefender online scan and McAfee online scan BitDefender identified various viruses but I believe failed to remedy one or more Trojan Virus on Windows Vista 32bit - Cannot boot in normal mode due to blue screen/minidumps The most prevelant one which might be causing my problem is a Trojan with a file name wscsvc exe I am unable to boot in normal mode Trojan Virus on Windows Vista 32bit - Cannot boot in normal mode due to blue screen/minidumps Thus far I have tried to run several programs which I have come to find out will not run while I am in safe mode When I try to boot in normal mode a blue screen appears and says quot dumping to disk quot among other things I believe this is called a minidump and I have tried to look at how to repair from such an occurrence I am really in the dark on this one Im not sure if this enough information to get started but please let me know anything I can do I cannot even run a Hijack This log due Trojan Virus on Windows Vista 32bit - Cannot boot in normal mode due to blue screen/minidumps to safe mode operation Edit Moved topic from Vista to the more appropriate forum Animal

http://www.bleepingcomputer.com/forums/t/277445/trojan-virus-on-windows-vista-32bit-cannot-boot-in-normal-mode-due-to-blue-screenminidumps/
Relevancy 48.59%

HI guys
 
When booting up my laptop in "last known good configuration" mode i keep getting the blue screen of death and the laptop freezes and cuts out and is very over heated. When i have booted up in "safe mode with networking" the latop is still over heating but it dosn't freeze or i don't get the blue screen of death. I am also limited to what i can doin safe mode.
 
Any ideas what the problem could be please chaps?
 
Thanks in advance
 
Tony

A:Blue screen of death on normal boot up but no blue screen in safe mode ?

Exact wording of BSOD error message?
 
System manufacturer and model?
 
Conditions/events which may have led to this?
 
When did problem begin?
 
Louis

http://www.bleepingcomputer.com/forums/t/489566/blue-screen-of-death-on-normal-boot-up-but-no-blue-screen-in-safe-mode/
Relevancy 47.73%

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think Viruses Other Infected Annoying Horse Cookies Trojan I Lop.as; And And Dialer.coh; Trojan Horse Am Some With it is because I was using IE but now I have permanently switched to Firefox I have scanned my computer with Spybot search and destroy adaware avg antivirus and vundo both in normal and safe mode It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop as Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files That is probably why I cannot remove these viruses permanently I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop AS I am running on Windows XP with I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses SP The security tools that I run are the teatimer of Spybot AVG real-time antivirus and Zonealarm firewall Now that I think I have gotten rid of Trojan horse dialer COH my computer seems to be running at the previous speed before becoming infected However I still want to get rid of the Trojan Horse Lop I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses AS since the popup notice from AVG is so annoying In conclusion I have come to BC for a permanent solution

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

http://www.bleepingcomputer.com/forums/t/76265/i-am-infected-with-trojan-horse-dialercoh;-trojan-horse-lopas;-and-some-other-annoying-cookies-and-viruses/
Relevancy 47.73%

Gest a Blue Screen no message.....no error nothing comes up just a Blue blank screen

A:Gest a Blue Screen no message.....no error nothing comes up just a Blue blank screen

more info please. we need more info before we can help you out. system specs, what is the error message? etc.etc.

http://www.techsupportforum.com/forums/f10/gest-a-blue-screen-no-message-no-error-nothing-comes-up-just-a-blue-blank-screen-83680.html
Relevancy 47.3%

i downloaded uniblue but it only repaired 14 errors (trial version), would love to repair the other 100 , and also every time i let the little ones use the PC they watch videos and a bunch of other noise and then i end up with a bunch of cookies of all makes and models..... i raise the security level on cookies in the internet options and then they complain that they cant watch videos or get in other sites, whats up with that ?

A:Registry Needs Repair / Cookies Cookies And More Cookies

Unless you know what you're doing I would stay away from the registry. Cleaning your registry is unlikely to improve your computer's performance in any noticeable way and you run the risk of really screwing up the operating system.

http://www.bleepingcomputer.com/forums/t/98450/registry-needs-repair-cookies-cookies-and-more-cookies/
Relevancy 46.87%

I can t seem to get rid of these problems Any help would be appreciated I learned from the last time I tried to fix this that I can t get into safe mode -If that helps SAS Log SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Memory items scanned Memory threats detected and Trojan.Winfixer Cookies Tracking Shake Can't Registry items scanned Registry threats detected File items scanned File threats detected Trojan WinFixer C WINDOWS SYSTEM SSQPN DLL C WINDOWS SYSTEM Can't Shake Trojan.Winfixer and Tracking Cookies SSQPN DLL HKLM Software Classes CLSID DF - C - - F -BB C E D BE HKCR CLSID DF - C - - F -BB C E D BE HKCR CLSID DF - C - - F -BB C E D BE InprocServer HKCR CLSID DF - C - - F -BB C E D BE InprocServer ThreadingModel HKLM Software Microsoft Windows CurrentVersion Explorer Browser Helper Objects DF - C - - F -BB C E D BE Software Microsoft Windows NT CurrentVersion WinLogon Notify ssqpn Adware Tracking Cookie C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt C Documents and Settings Lisa Cookies email protected txt HijackThis Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C PROGRA TRENDM INTERN PcCtlCom exe C PROGRA TRENDM INTERN Tmntsrv exe C PROGRA TRENDM INTERN tmproxy exe C WINDOWS Explorer EXE C PROGRA TRENDM INTERN TmPfw exe C WINDOWS system wuauclt exe C PROGRA TRENDM INTERN PccGuide exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS stsystra exe C WINDOWS system igfxsrvc exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C WINDOWS system dla tfswctrl exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Corel Corel Photo Album MediaDetect exe C WINDOWS system WLTRAY exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files DellSupport DSAgnt exe C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C Program Files Google Google Desktop Search GoogleDesktopIndex exe C Program Files Digital Line Detect DLG exe C Program Files Nikon NkView NkvMon exe C Documents and Settings Lisa My Documents HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O... Read more

Relevancy 46.87%

Hi I had such Trojan.Vundo, and Adware Tracking Cookies great success cleaning up my work computer thanks to the help here I hope I can prevail upon you for helping me clean up my home computer as well I did an AVG Spyware scan and got the following log --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- Created at PM Scan result C Program Files Microsoft AntiSpyware Quarantine A -B - F - B B-C B A CB - B- -B C- CF ClientAX dll - gt Adware Solutions No action taken C System Volume Information restore FE E - A- -B - B D RP A dll - gt Adware Virtumonde No action taken C Documents and Settings Phil Cookies phil abetterinternet txt - gt TrackingCookie Abetterinternet No action taken C Trojan.Vundo, Adware and Tracking Cookies Documents and Settings Phil Cookies phil www burstbeacon txt - gt TrackingCookie Burstbeacon No action taken C Documents and Settings Phil Cookies phil com txt - gt TrackingCookie Com No action taken C Documents and Settings Phil Cookies phil charon gamershell txt - gt TrackingCookie Gamershell No action taken C Documents and Settings Phil Cookies phil www gamershell txt - gt TrackingCookie Gamershell No action taken C Documents and Settings Phil Cookies phil search msn txt - gt TrackingCookie Msn No action taken C Documents and Settings Phil Cookies phil toplist txt - gt TrackingCookie Toplist No action taken C System Volume Information restore FE E - A- -B - B D RP A dll - gt Trojan Vundo No action taken Report end So I went ahead with the HijackThis and here is the report Logfile of HijackThis v Scan saved Trojan.Vundo, Adware and Tracking Cookies at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Trojan.Vundo, Adware and Tracking Cookies Ahead InCD InCDsrv exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA Avast ashDisp exe C Program Files Ahead InCD InCD exe C Program Files Windows Defender MSASCui exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video LogiTray exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files Skype Phone Skype exe C WINDOWS system ctfmon exe C Program Files Logitech SetPoint KEM exe C Program Files Logitech SetPoint KHALMNPR EXE C Program Files Logitech Video FxSvr exe C Program Files Skype Plugin Manager SkypePM exe C Program Files Avast aswUpdSv exe C Program Files Avast ashServ exe C Program Files Grisoft AVG Anti-Spyware guard exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files UPHClean uphclean exe C Program Files Avast ashMaiSv exe C Program Files Avast ashWebSv exe C WINDOWS system wuauclt exe C WINDOWS system msiexec exe C Documents and Settings Phil amp Cindy Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - DB BD-AAA - D A-BAA - D CEDD C - C WINDOWS olgofnt dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files J... Read more

A:Trojan.Vundo, Adware and Tracking Cookies

Hi again,

Not much seem to be going on in your home computer, but let's check it up. Before we begin, you'll need to place HijackThis in a folder of its own for it to function properly. Please right click on an empty space on your desktop and choose New>Folder. Name the folder HijackThis and move HijackThis.exe on your desktop into that new folder.

============================

Please disable Windows Defender: Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

============================

Open AVG Anti Spyware.
Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.

============================

Scan with HijackThis and have the following fixed with HijackThis. Make sure that you have no open browsers when you click on "fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {60DB71BD-AAA2-4D6A-BAA7-55D0CEDD24C3} - C:\WINDOWS\olgofnt.dll (file missing)
O20 - Winlogon Notify: olgofnt - C:\WINDOWS\olgofnt.dll (file missing)

=============================

Reboot your computer.

=============================

Please download Combofix and save it to your desktop.

Note: It is important that it is saved directly to your desktop.
Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the ComboFix.txt in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

http://www.techsupportforum.com/forums/f100/trojan-vundo-adware-and-tracking-cookies-146982.html
Relevancy 46.87%

Hey I trojan.Win32.Obfuscated.auw ups, Pop updates. - cookies, and am having problems with pop ups just the usual malware ones like dating direct etc also using internet explorer I cannot access any site that requires cookies to be enabled even though cookies are enabled in the options due to this fact I cannot access my Gmail in order to register for the Pandascan asked for in the steps I have tried using firefox and opera as well but niether can access my email Also after I started noticing these problems I also noticed that automatic windows updates where switched off and is not allowing me to turn them on I use Zonealarm full security suite and I have downloaded Spybot S amp D to try and fix this problem with no Pop ups, cookies, and updates. - trojan.Win32.Obfuscated.auw success My antivirus keeps find the trojan trojan Win Obfuscated auw and trys to rename delete delete on reboot with no avail each time Here is my Pop ups, cookies, and updates. - trojan.Win32.Obfuscated.auw log Deckard's System Scanner v Run by Dave on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- HijackThis run as Dave exe ------------------------------------------------ Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Kontiki KService exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS SM BG EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Digital Media Reader shwiconem exe C WINDOWS System svchost exe C WINDOWS AGRSMMSG exe C WINDOWS eHome ehmsas exe C Program Files CyberLink PowerDVD PDVDServ exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files D-Tools daemon exe C Program Files iTunes iTunesHelper exe C Program Files Razer DeathAdder razerhid exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system Rundll exe C WINDOWS system ctfmon exe C Program Files Razer DeathAdder razerofa exe C Program Files Messenger msmsgs exe C Program Files DNA btdna exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files iPod bin iPodService exe C Program Files RALINK Common RaUI exe C Program Files OpenOffice org program soffice exe C Program Files Zone Labs ZoneAlarm MailFrontier mantispm exe C Program Files OpenOffice org program soffice BIN C Program Files Windows Live Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Internet Explorer iexplore exe C WINDOWS notepad exe C Documents and Settings Dave My Documents Downloads utilites dss exe C PROGRA TRENDM HIJACK Dave exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO no name - EF F- - -A A- E DE E - C WINDOWS system nnnoLfgF dll file missing O - BHO no name - F EAFB-F - D - - D D E - no file O - BHO cd a -f c - -e a -e bd a - a db - e- a e- - c f a dc - C WINDOWS sy... Read more

A:Pop ups, cookies, and updates. - trojan.Win32.Obfuscated.auw

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

http://www.techsupportforum.com/forums/f284/pop-ups-cookies-and-updates-trojan-win32-obfuscated-auw-262926.html
Relevancy 46.44%

I've scanned my computer various times to get rid of these infections by using Spy Sweeper Windows Defender PC Tools Firewall and Ad-Aware but every time I restart Virtumonde is still there At times I get alerts from these defenders and firewalls Infection/adware/spy Horses Cookies/trojan Virtumonde telling me that this specific malicious odd named item is trying to 'send information off of my computer ' or 'is trying to install itself ' or 'trying to connect to the internet ' I'm now sure how to fully get rid of these infections and I thank you so Virtumonde Infection/adware/spy Cookies/trojan Horses much for taking the time to do this Deckard's System Scanner v Run by Kristina on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- Last Restore Point s -- - - UTC - RP - Windows Defender Checkpoint - - UTC - RP - Windows Defender Checkpoint - - UTC - RP - Windows Defender Checkpoint - - UTC - RP - Installed Ad-Aware - - UTC - RP - Windows Update-- First Restore Point -- - - UTC - RP - Windows UpdateBacked up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows Vista MSIE Internet Explorer Boot mode NormalRunning processes C Windows System smss exeC Windows System csrss exeC Windows System wininit exeC Windows System csrss exeC Windows System services exeC Windows System lsass exeC Windows System lsm exeC Windows System svchost exeC Windows System winlogon exeC Program Files PC Tools Firewall Plus FWService exeC Windows System svchost exeC Windows System svchost exeC Windows System svchost exeC Windows System svchost exeC Windows System svchost exeC Windows System SLsvc exeC Windows System svchost exeC Windows System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Windows System spoolsv exeC Windows System svchost exeC Windows System dwm exeC Windows System taskeng exeC Windows explorer exeC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hp QuickPlay Kernel TV CLCapSvc exeC Program Files Hewlett-Packard HP Software Update hpwuSchd exeC Program Files Hp QuickPlay QPService exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files McAfee VirusScan Enterprise shstat exeC Program Files McAfee Common Framework UdaterUI exeC Windows vVX exeC Program Files Maxtor OneTouch Status MaxMenuMgr exeC Program Files Java jre bin jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files ThreatFire TFTray exeC Program Files PC Tools Firewall Plus FirewallGUI exeC Program Files Webroot Spy Sweeper SpySweeperUI exeC Program Files Hewlett-Packard HP Advisor HPAdvisor exeC Program Files Skype Phone Skype exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Windows ehome ehtray exeC Program Files Windows Media Player wmpnscfg exeC Windows System rundll exeC Windows System rundll exeC Program Files Google Google Updater GoogleUpdater exeC Program Files Hewlett-Packard Digital Imaging bin hpqtra exeC Windows System rundll exeC Windows ehome ehmsas exeC Program Files McAfee Common Framework Mctray exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Windows System svchost exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Maxtor Maxtor Backup MaxBackServiceInt exeC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise mcshield exeC Program Files McAfee VirusScan Enterprise vstskmgr exeC Program Files McAfee Common Framework naPrdMgr exeC Program Files Microsoft LifeCam MSCamS exeC Windows System svchost exeC Program Files Maxtor Utils SyncServices exeC W... Read more

A:Virtumonde Infection/adware/spy Cookies/trojan Horses

Hello Kristina and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/151049/virtumonde-infectionadwarespy-cookiestrojan-horses/
Relevancy 46.44%

It all started with Trojan.Vundo i think i have removed it. But it downloaded other viruses such as Trojan.BHO, Trojan.Agent and malware.trace. I think i am just left with malware.Trace now. I keep finding loads of tracking cookies deleting them going on the internet and finding more again. Also i am getting loads of popups. I have been using Malwarebytes, spybot, Ad-Aware, virtumundoBeGone, Norton 360, Vundo Fix, FixVundo (symantec) and Stinger to get rid of it. Here is my Hijack this log.

Thank you.

A:Trojan.vundo - Malware.trace - Tracking Cookies

Hello Biltho and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Restart your computer.4. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/165230/trojanvundo-malwaretrace-tracking-cookies/
Relevancy 46.44%

It seems like I have been Trojan? or Redirects, and tracing rootkit Hijacked? cookies hijacked I run Windows Ultimate x and it seems like someone Hijacked? Redirects, tracing cookies and rootkit or Trojan? istrying hijack me with the use of windows server applications WMI services rootkits malware IE FF redirects to malicious sites and access permissions Many Windows files and programs have been replaced by older versions to limit control and security I can t start windows firewall there is windows advanced firewall which seems to open access I installed Comodo firewall however somehow the settings change without my consent CHKDSK for example looked normal when I ran it but then I found a log that might give som insight Checking file system on C The type of the file system is NTFS Volume label is BOOTCAMP A disk check has been scheduled Windows will now check the disk CHKDSK is verifying files stage of file records processed File verification completed large file records processed bad file records processed EA records processed reparse records processed CHKDSK is verifying indexes stage of index entries processed Index verification completed unindexed files scanned unindexed files recovered CHKDSK is verifying security descriptors stage of file SDs SIDs processed Cleaning up unused index entries from index SII of file x Cleaning up unused index entries from index SDH of file x Cleaning up unused security descriptors Security descriptor verification completed data files processed CHKDSK is verifying Usn Journal USN bytes processed Usn Journal verification completed CHKDSK is verifying file data stage of files processed File data verification completed CHKDSK is verifying free space stage of free clusters processed Free space verification is complete CHKDSK discovered free space marked as allocated in themaster file table MFT bitmap CHKDSK discovered free space marked as allocated in the volume bitmap Windows has made corrections to the file system KB total disk space KB in files KB in indexes KB in bad sectors KB in use by the system KB occupied by the log file KB available on disk bytes in each allocation unit total allocation units on disk allocation units available on disk Internal Info b d i quot f I Windows has finished checking your disk Please wait while your computer restarts -----------------------------------------------I also ran DDS here is the log DDS Ver - - - NTFSAMD Internet Explorer Run by Sigh at on - - Running Processes Pseudo HJT Report uStart Page hxxp www bleepingcomputer comuDefault Page URL hxxp www bleepingcomputer commWinlogon Userinit userinit exe mPolicies-explorer NoActiveDesktop x mPolicies-explorer UseDefaultTile x mPolicies-system ConsentPromptBehaviorUser x mPolicies-system EnableUIADesktopToggle x DPF BFB - - D - - A AFC - hxxp download eset com special eos OnlineScanner cabDPF E E F- F- FB - -AC BF A - hxxp platformdl adobe com NOS getPlusPlus gp cabTCP DhcpNameServer TCP Interfaces C - A - F - -D A BA DhcpNameServer AppInit DLLs C Windows SysWOW guard dllAppInit DLLs-X C Windows SysWOW guard dll FIREFOX FF - ProfilePath - C Users Sigh AppData Roaming Mozilla Firefox Profiles yhfusq v default FF - prefs js browser search selectedEngine - Bing SERVICES DRIVERS Created Last - - -------- d-sh--w- C RECYCLE BIN - - ----a-w- C Windows SysWow drivers BlackBox sys - - -------- d-----w- C Windows System appmgmt - - ----a-w- C Windows System deployJava dll - - -------- d-----w- C Users Sigh AppData Local Apps - - -------- d-----w- C Users Sigh AppData Local Mozilla - - ----a-w- C Program Files x Mozilla Firefox D DCompiler dll - - ----a-w- C Program Files x Mozilla Firefox d dx dll - - -------- d-----w- C Users Sigh AppData Local factormystic net - - -------- d-----w- C Users Sigh AppData Local Apple - - ----a-r- C Users Sigh AppData Roaming Microsoft Installer A - BC- B-A A - FCBA D HiJackThis exe - - -------- d-----w- C Program Files x Trend Micro - - -------- d-----w- C Program Files Windows Journal... Read more

A:Hijacked? Redirects, tracing cookies and rootkit or Trojan?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/406202/hijacked-redirects-tracing-cookies-and-rootkit-or-trojan/
Relevancy 46.44%

Hi I have exhausted most of my options in deleting these viruses save for temporary relief I suspect it came from Java It has since deleted Google Chrome it rendered it unusable firefox is extremely slow Songbird is also very slow My computer A Usage CPU 100% by SVCHOST Tracking Trojan.Vundo(s), and Cookies, netbook Acer with gig of RAM I have perused sites and more sites Having used a variety of scanners in and out of safe mode The list is populated with VundoFix Malwarebytes Anti-Malware Trojan.Vundo(s), Tracking Cookies, and 100% CPU Usage by SVCHOST Norton Corporate Ad-Aware STOPzilla Spyware Doctor Speedy PC and y computer is slowly being destroyed Please help It is relatively new Here is my Hijack-This log Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Common Files iS Anti-Spyware SZServer exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS Explorer EXE Trojan.Vundo(s), Tracking Cookies, and 100% CPU Usage by SVCHOST C WINDOWS system spoolsv exe C Program Files Spyware Doctor BDT BDTUpdateService exe C Program Files NavNT defwatch exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Java jre bin jqs exe C Program Files NavNT rtvscan exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Acer Acer VCM RS Service exe C Program Files Spyware Doctor pctsAuxs exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C WINDOWS system MsgSys EXE C Program Files Skype Phone Skype exe C Program Files Trojan.Vundo(s), Tracking Cookies, and 100% CPU Usage by SVCHOST Mozilla Firefox firefox exe C Program Files Skype Plugin Manager skypePM exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp m aspire one amp r xph l wuh w m R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp m aspire one amp r xph l wuh w m R - HKLM Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp m aspire one amp r xph l wuh w m R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp m aspire one amp r xph l wuh w m R - URLSearchHook McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll file missing O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dll file missing O - BHO Browser Defender BHO - A F D B- - FF -B - CCE E - C Program Files Spyware Doctor BDT PCTBrowserDefender dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO scriptproxy - DB D A - - E -B D- F C - c PROGRA mcafee VIRUSS scriptsn dll file missing O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll file missing O - BHO Java tm Plug-In SSV Helper ... Read more

A:Trojan.Vundo(s), Tracking Cookies, and 100% CPU Usage by SVCHOST

https://forums.techguy.org/threads/trojan-vundo-s-tracking-cookies-and-100-cpu-usage-by-svchost.916674/
Relevancy 46.44%

Hi Several times a day I am running onto the Blue Screen telling me I have a kernal problem and that my physical memory is dumping Can someone look at my Logfile and possibly help me with this I m getting ready to go to DSL and would really like my computer Screen? Dumping? Screen? Please! Help Blue Kernal? Included.. Blue Log to be in good shape Thank you Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Kernal? Dumping? Blue Screen? Blue Screen? Help Please! Log Included.. Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS Kernal? Dumping? Blue Screen? Blue Screen? Help Please! Log Included.. system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C WINDOWS system drivers KodakCCS exe C WINDOWS System svchost exe C windows system hpsysdrv exe C Program Files VERITAS Software Update Manager sgtray exe C WINDOWS system dla tfswctrl exe C PROGRA Grisoft AVGFRE avgcc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe C WINDOWS system spool drivers w x hpztsb exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Microsoft AntiSpyware gcasDtServ exe C WINDOWS system spoolsv exe C Program Files Internet Explorer iexplore exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp adbe defaults sb http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp adbe defaults sp http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www excite com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www iowatelecom net R - HKLM Software Microsoft Internet Explorer Main Start Page http www excite com R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page C WINDOWS about htm R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS about htm R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www iowatelecom net R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Iowa Telecommunications R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm RoboForm dll O - Toolbar hp toolkit - B E - D D- DEB- B - D BCF F - C HP EXPLOREBAR HPTOOLKT DLL O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm RoboForm dll O - Toolbar Yahoo Companion - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dll O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run NvCplDaemon RUNDLL EXE NvQTwk NvCplDaemon initialize O - HKLM Run StorageGuard quot C Program Files VERITAS Software Update Manager sgtray exe quot r O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXE O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM... Read more

A:Kernal? Dumping? Blue Screen? Blue Screen? Help Please! Log Included..

There is nothing obvious in your scan that would cause your "blue screen" problem.
Have you checked the Windows "Event Viewer" to see what program(s) is causing the problem. To view the event's log go to Start>Control Panel>Administrative Tools and double click "event viewer" and look for error events which are denoted by a red circle with a white cross. You can double click an Item for an explanation of what went wrong.
 

https://forums.techguy.org/threads/kernal-dumping-blue-screen-blue-screen-help-please-log-included.362520/
Relevancy 46.44%

So for the past month I have a issue with my laptop.I keep getting a blue screen with STOP 0x0000001e (0xffffffffc0000005,0xfffff80001c66585,0x0000000000000000, 0xffffffffffffffff I was told to do a system recovery by a friend and now when I restart the blue screen with the STOP still appears and when it doesn't come up! I get to the l get to the user screen and a pop up comes up telling me to reinstall windows vista. Any advice would be greatly appreciated


Spec: hp pavilion dv7 notebook pc
Amd Turion x2 dual core processor
4k+memory

A:Blue screen , system recovery , no vista and blue screen

Hello and welcome to the forum.

Please follow these instructions and we will help you with your problem.

Blue Screen of Death (BSOD) Posting Instructions

http://www.vistax64.com/crashes-debugging/291523-blue-screen-system-recovery-no-vista-blue-screen.html
Relevancy 46.44%

Specs:
Intel® Centrino® processor technology
• Intel® Core™ 2 Duo processor T5450
• 1.67 GHz , Level 2 cache 2 MB
• Intel® PRO/Wireless 3945ABG Network Connection
Genuine Windows Vista® Home Premium 32-bit

Every time I start up, when it reaches the desktop, I get a blue screen, and it has writing in white, and I can't read it because as soon as it appears, it restarts the computer, and it happens again

I shut down the computer, restarted it, took out the battery, let is cool, and still no diffrence

Could it be a virus? I don't think so, because when I open it in Safe Mode, I run SpyBot Search and Destroy, and it can't find any problem

This is my first post here, so please tell me If I'm missing anything

Thank you
 

Relevancy 46.44%

While using my laptop usually when trying to open some quot windows quot application such as task manager wireless networks documents media player windows updater etc my laptop freezes or doesn't allow me to click on anything except the minus button on all my windows and the start button I'll try to shut the laptop down but it freezes once again on the logging off screen and I'm forced to manually shut actual screen up no blue pops Error Screen but Blue it down by holding the power button When I turn my laptop back on I get the black screen that says windows shut down unexpectedly how would you like the start blah blah blah and when I get my laptop turned on again I get this error message Problem signature Problem Event Name BlueScreen OS Version Locale ID Additional information about the problem BCCode f BCP BCP FFFFFA F E BCP FFFFF B C D BCP FFFFFA F FC OS Version Service Pack Product Files that help describe the problem C Windows Minidump - - dmp C Users Alissa AppData Local Temp WER- - sysdata xml After doing some searching online it said that it was probably a compatibility issue and I found that intel control center was incompatible I'm not sure if that was the only program I'm not great with computers and am not sure how to search through EVERY program so I uninstalled it I tried reinstalling it Blue Screen Error but no actual blue screen pops up but it simply wouldn't install and it wouldn't let me cancel and retry either I had to turn my laptop off manually again I haven't seen any additional problems occur from not having the control center not sure how necessary the program is but it definitely did NOT fix the problem Any idea what I could do

A:Blue Screen Error but no actual blue screen pops up

please follow the Blue Screen of Death (BSOD) Posting Instructions

http://www.sevenforums.com/bsod-help-support/282420-blue-screen-error-but-no-actual-blue-screen-pops-up.html
Relevancy 46.44%

Hi This is my first post and hopefully placed into the correct sub-forum I am running Windows XP First and foremost I have become infected with the Windows System Defender trojan I have downloaded Malwarebyte Anti-Malware to help clear it off and have also tried to remove it manually System Windows get Mode, Defender Windows trojan have get & into screen Can't a Safe blue When trying to remove manually the trojan would not let me CTRL-ALT-DEL to kill the processes dll s Also any time I tried to run Malwarebyte Anti-Malware either from my desktop or off a thumb drive it would close the program I was able Can't get into Windows Safe Mode, get a blue screen & have Windows System Defender trojan to kill to Locate and delete Windows System Defender registry entries I was not able to search and unregister Windows System Defender DLL libraries So in that sense I half assed removed stop the trojan but its still there At a loss since I couldn t get Malwarebyte Anti-Malware to run OR able to fully and completely remove the trojan manually since I was unable to get into the Task Manager to remove the dll s associated with the trojan I re-started my computer went back into Windows and went to re-start it in Safe Mode thinking I could run Malwarebyte Anti-Malware in safe mode to solve my problem However this has now lead to a more seriously problem and I get this constant blue screen I can t even get back into the login screen because I get this blue screen now I am able to access the F F and F options when I very first start up Even selecting from F to start windows normally under my last system default gives me the blue screen Re-selecting Safe Mode gives me the blue screen After trying - times and still getting the blue screen I hit F at start up and just said screw it and whats on my HD I need my comp to work correctly so I went in and selected the quot restore system defaults as your computer was when it left the factory quot thinking this would help me I did that re-started and still get this blue screen Long story short I am stuck with the blue screen I can t get back into Windows I have probably and more than likely selected for my computer to go back to the factory settings default still have this Windows System Defender trojan and am at a complete loss of what to do Any help would be appreciated I don t care if I need to wipe my HD clean to fix it I would prefer not to but at this point I may have screwed things up pretty badly anyways

A:Can't get into Windows Safe Mode, get a blue screen & have Windows System Defender trojan

Hi .

System manufacturer and model?

Louis

http://www.bleepingcomputer.com/forums/t/270700/cant-get-into-windows-safe-mode-get-a-blue-screen-have-windows-system-defender-trojan/
Relevancy 46.01%

Hi all I found a trojan horse called java classloader which AVG picked up and apparantly moved to virus vault However since then everytime I run a scan in the last couple of days I get numerous warnings of tracking Found think) java/classloader/removed trojan (i but cookies now endless it cookies which didn t used to happen Is my Found trojan java/classloader/removed it (i think) but now endless cookies computer still infected with something Bare with me because I don t understand computers at all and I rather err on the side of being cautious DDS Ver - - - NTFSx Run by ASUS at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E Found trojan java/classloader/removed it (i think) but now endless cookies C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System ZoneLabs vsmon exeC Program Files ASUS ASUS Data Security Manager ADSMSrv exeC Program Files ATK Hotkey ASLDRSrv exeC Program Files ATKGFNEX GFNEXSrv exeC Program Files CheckPoint ZAForceField IswSvc exeC Windows system taskeng exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC Windows system ifxspmgt exeC Windows system ifxtcs exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Windows system IfxPsdSv exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files ASUS NB Probe SPM spmgr exeC Windows system svchost exe -k imgsvcC Program Files AVG AVG avgnsx exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files AVG AVG avgemc exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Windows system WUDFHost exeC Program Files AVG AVG avgcsrvx exeC Windows system wbem wmiprvse exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Program Files ATK Hotkey Hcontrol exeC Program Files ATKOSD ATKOSD exeC Program Files Wireless Console wcourier exeC Program Files ASUS Splendid ACMON exeC Program Files P G BatteryLife exeC Windows System ACEngSvr exeC Program Files ASUS ASUS Live Update ALU exeC Program Files Motorola SMSERIAL sm hlpr exeC Windows System igfxtray exeC Windows System igfxpers exeC Program Files ATK Hotkey ATKOSD exeC Program Files ASUS ATK Media DMedia exeC Windows RtHDVCpl exeC Program Files ATK Hotkey KBFiltr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files P P P P exeC Windows ASScrPro exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Symantec LiveUpdate ALUNOTIFY EXEC Program Files AVG AVG avgtray exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Java Java Update jusched exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Windows Sidebar sidebar exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Windows ehome ehtray exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Windows system igfxsrvc exeC Windows ehome ehmsas exeC Windows system ifxuagui exeC Program Files Infineon Security Platform Softwa... Read more

A:Found trojan java/classloader/removed it (i think) but now endless cookies

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/342458/found-trojan-javaclassloaderremoved-it-i-think-but-now-endless-cookies/
Relevancy 46.01%

It restarts by itself the system freezes up and I have to restart it my cd dvd drives were MIA for a week until I got them back now I'm getting the I O device error I used to have GB of Memory now it reads or something I Know that nearly bytes are missing my AOL Icon disappears when I try to click on it SUPERSpyware finds too many spyware cookies when I surf the web I can't even run the scan disk program Too Trojan Found, Horses Many Cookies Freezes Spyware Were Computer And My because it freezes up in My Computer Freezes And Trojan Horses Were Found, Too Many Spyware Cookies the middle of the scan I used to get the message NTDLR missing a while back A couple of months ago AVG found two trojan horses on my computer Dropper Agent GCI amp PSW Ldpinch SDK Please tell me what I need to do to get my old computer back before I lose my mind Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system cisvc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system HPZipm exeC WINDOWS System snmp exeC WINDOWS System svchost exeC WINDOWS wanmpsvc exeC WINDOWS system mqsvc exeC WINDOWS system mqtgsvc exeC WINDOWS Explorer EXEC WINDOWS system WgaTray exeC WINDOWS essspk exeC WINDOWS system atiptaxx exeC WINDOWS system RunDll exeC WINDOWS wt updater wcmdmgr exeC PROGRA Grisoft AVG avgcc exeC Program Files Java jre bin jusched exeC Program Files Logitech iTouch iTouch exeC Program Files HP HP Software Update hpwuSchd exeC Program Files QuickTime qttask exeC Program Files Common Files Real Update OB realsched exeC Program Files ISP Bin Bartshel exeC WINDOWS system ctfmon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files AOL waol exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Program Files Common Files AOL Loader aolload exeC Program Files PrevxCSI prevxcsi exeC Program Files Common Files AOL ACS AOLacsd exeC PROGRA ISP bin ppshared exeC WINDOWS system wuauclt exeC Program Files AOL shellmon exeC Program Files Common Files AOL Topspeed aoltpsd exeC WINDOWS system cidaemon exeC WINDOWS system cidaemon exeC Program Files Windows Live Mail wlmail exeC Program Files Internet Explorer IEXPLORE EXEc program files aol aol toolbar AolTbServer exeC Program Files Windows Live Toolbar msn sl exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dllR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO SSVHelper Class - BB-... Read more

A:My Computer Freezes And Trojan Horses Were Found, Too Many Spyware Cookies

Hello anetrev Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience.

http://www.bleepingcomputer.com/forums/t/135508/my-computer-freezes-and-trojan-horses-were-found-too-many-spyware-cookies/
Relevancy 45.58%

Hi All,
 
I am having a problem with loading google on multiple browsers.
 
When i load google it opens up a internal window with a spinning circle. As if its loading something. (see Image below)
 
https://gyazo.com/e59c30a34f846e67d37bb5356ec30dd4
 
The only way to clear this is by deleting all cookies. Which is fine to do that but takes up a lot of time.(Also happens to a few people at work who don't understand how to clear it even after multiple explanations and demonstrations)
 
Does anyone know what this loading screen is? how I can get rid of this perminantly?
 
Any infomation on this would be great.
 
Thank you in advance,
 
Tom

A:Google loading screen (cookies issue)

 It sounds like you might have something corrupted on your system.  I'd run sfc /scannow from an administrative command prompt and see if that finds and fixes anything.  If not, try MalwareBytes.
 
 Good luck.

http://www.bleepingcomputer.com/forums/t/604470/google-loading-screen-cookies-issue/
Relevancy 45.15%

Hi I cannot use the quot remember me quot feature on sites such as Gmail Facebook Yahoo online banking etc When attempting to log into online banking I recieve the message that quot session cookies are not enabled quot I know how to Cookies websites Enabled, recognized by but requiring not session cookies enable cookies and have done so under Internet Options gt Privacy gt Advanced I don't know if it's malware related and nothing I've tried has picked it up or fixed it I've used AVG Symantec Spybot S amp D and a few Cookies Enabled, but not recognized by websites requiring session cookies others in failed attempts to find anything malicious I also have HijackThis and can post a log in the other forum if needed just let me know I've read the quot read before posting quot information and hopefully have included the appropriate info Any help would be greatly appreciated Thank you so much PS - If I click quot remember me quot when logging in to Gmail the page quot redirects quot for a while and then doesn't go anywhere In order to even access the Gmail homepage again I have to clear my cookies Also I have uninstalled any P P software as I am now aware of how dangerous it can be Here are the contents of my DDS txt DDS Version - NTFSx Run by Joe at on Tue Microsoft Windows XP Professional GMT - Running Cookies Enabled, but not recognized by websites requiring session cookies Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system Ati evxx exe svchost exe svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS Explorer EXE C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Symantec AntiVirus DefWatch exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Dell Support Center bin sprtsvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Symantec AntiVirus Rtvscan exe C WINDOWS system wscntfy exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C Program Files Apoint Apoint exe C Program Files Dell QuickSet quickset exe C Cookies Enabled, but not recognized by websites requiring session cookies WINDOWS system WLTRAY exe C WINDOWS SM BG EXE C WINDOWS system dla tfswctrl exe C WINDOWS eHome ehmsas exe C Program Files Apoint Apntex exe C Program Files Java jre bin jusched exe C Program Files Apoint HidFind exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system ctfmon exe C Program Files DellSupport DSAgnt exe C Program Files Digital Line Detect DLG exe C Program Files iPod bin iPodService exe C Program Files Common Files Real Update OB realsched exe C Documents and Settings Joe Desktop gmer exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings Joe Desktop dds scr Psuedo HJT Report uStart Page https www google com accounts Serv t amp ltmplcache uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uDefault Page URL hxxp www google com ig dell hl en amp client dell uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uWindow Title Windows Internet Explorer provided by Comcast mSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mStart Page hxxp www comcast net mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html mWindow Title Windows Internet Ex... Read more

A:Cookies Enabled, but not recognized by websites requiring session cookies

Hello! I accidentally placed my thread in the wrong forum and am wondering if someone in admin would be able to move it to the General Computer Security forum. If not, is it ok if I re-post it there? Thank you!!

http://www.techsupportforum.com/forums/f284/cookies-enabled-but-not-recognized-by-websites-requiring-session-cookies-316086.html
Relevancy 45.15%

i have downloaded x-cart demo version from the website and installed it on my localhost. but when I try to get into the website by providing credentials, I'm getting an error message from the browser saying "Your browser doesn't accept cookies. Cookies are required to use this site".

I have set the Internet options -> privacy settings to low. but still I'm unable to get into the website. whenever i select any item and click on "add to cart" button, I'm facing this error dialog!!!!!

Anyone got an idea what it could be, or how to solve it?

Any suggestions are welcomed....[]

Thanks!!!
Vinit
 

A:Your browser doesn't accept cookies. Cookies are required to use this site

you failed to state what browser you're using. Some websites are not HTML compliant and insist on using IE as a browser. Even then, newer versions of IE don't always work.
 

http://www.techspot.com/community/topics/your-browser-doesnt-accept-cookies-cookies-are-required-to-use-this-site.117278/
Relevancy 45.15%

Hi My computer has been freezing up alot lately sometimes seems like every minutes or so It makes some very loud screeching noise when this Screeching everytime Freezing & Up (Cookies) Sound. freezes up it Computer Trojan to Has reboot happens and it doesn t go away till i turn off the power I have also noticed that my CPU memory is running at most of the time for the very first time ever This has considerably slowed my computer down and i m afraid this might be a trojan I Trojan (Cookies) Computer Freezing Up & Screeching Sound. Has to reboot everytime it freezes up say that because I scanned my machine with Super Antispyware Malwarebytes and AVG and they all picked up on some strange Trojan Dropping Cookies Can Someone please help me with this issue I really Appreciate it DDS txt------ gt gt DDS Ver - - - NTFSx Run by Francis at on Sat Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Updated DDD - FF- F- E B- D D BF FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS Explorer EXEC Program Files AVG AVG avgrsx exeC Program Files AVG AVG avgrsx exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgnsx exeC Program Files Internet Explorer iexplore exeC WINDOWS system ctfmon exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Documents and Settings Francis Local Settings Temporary Internet Files Content IE EJG K RW dds scr Pseudo HJT Report uStart Page hxxp www online-insurance-quote com uDefault Page URL hxxp www truveo comuInternet Connection Wizard ShellNext hxxp www sony com vaiopeopleBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO RoboForm d a - d - d - - e a - c program files siber systems ai roboform roboform dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB amp RoboForm d a - d - d - - e a - c program files siber systems ai roboform roboform dllTB B EAC - D - B E- B -A C A A - No FileTB C E A- F - E-B E- B - No FileTB D C F- A- -A AD- D - No FileuRun ctfmon exe c windows system ctfmon exeuRunOnce TSClientMSIUninstaller cmd exe C quot cscript systemroot Installer TSClientMsiTrans tscuinst vbs quot uRunOnce TSClientAXDisabler cmd exe C quot systemroot Installer TSClientMsiTrans tscdsbl bat quot mRun Apoint c program files apoint Apoint exemRun SonyPowerCfg quot c program files sony vaio power management SPMgr exe quot mRun ISBMgr exe c program files sony isb utility ISBMgr exemRun Switcher exe c program files sony wireless switch setting utility Switcher exemRun AVG TRAY c progra avg avg avgtray exemRun EOUApp quot c program files intel wireless bin EOUWiz exe quot mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRunOnce KB rundll exe apphelp dll ShimFlushCachemRunOnce KB rundll exe apphelp dll ShimFlushCacheStartupFolder c docume alluse startm programs startup blueto lnk - c program files toshiba bluetooth toshiba stack TosBtMng exeIE Customize Menu - file c program files siber systems ai roboform RoboFormComCustomizeIEMenu htmlIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Fill Forms - file c program files siber systems ai roboform RoboFormComFillForms htmlIE RoboForm Toolbar - file c program files siber systems ai roboform RoboFormComShowToolbar htmlIE Save Forms - file c program files siber systems ai roboform RoboFormComSavePass htmlIE AF - - D -ABEE-C DBF F... Read more

A:Trojan (Cookies) Computer Freezing Up & Screeching Sound. Has to reboot everytime it freezes up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/297116/trojan-cookies-computer-freezing-up-screeching-sound-has-to-reboot-everytime-it-freezes-up/
Relevancy 45.15%

I just started a new job and they gave me this computer. Its acting like it is infected though. For instance if I google something, the first 7 or 8 choices will be from www.findstuff.com. And then when I click on a link the address will pop up with " www.romeomeetsjuliet.com " comes up and then I get redirected to the link I was looking for, or it will say "cannot connect to the internet". Also there are alot of tracking cookies and trojan stuff in the AVG virus vault. And my computer is so slow. I hope this is enough information for you. Let me know if I can be more assistance. Thank you.KennyEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Windows XP - Lots of tracking cookies & several trojan horse viruses in AVG Virus Vault

I strongly suggest that you do not jeopardize your new job by attempting to fix it yourself
That is the company and it's IT department responsibilty

http://www.bleepingcomputer.com/forums/t/231179/windows-xp-lots-of-tracking-cookies-several-trojan-horse-viruses-in-avg-virus-vault/
Relevancy 45.15%

I have two separate problems one of which I suspect is malware and the other all my fault I ll describe the malware issue later in the post as it is less pressing I would appreciate any help that you could give me I was an idiot and ran combofix without advice to do so and after it restarted startup Black screen after founctionality), (some cookies undestroyable my computer my desktop will not come up - only a black screen However I can use Control-Alt-Delete to get to the task manager and do stuff from there All my files seem to still be there and I can open simple stuff and access the internet I can access the control panel and some of its sub-panels but things like quot Device Manager quot and quot Taskbar and Start Menu quot will not open I tried to run DDS before posting this but it wouldn t run I also can t get Microsoft Security Essentials Black screen after startup (some founctionality), undestroyable cookies to run and neither it nor my firewall appear to have loaded on startup The original problem was that there were a bunch of cookies that Super Anti-Spyware identified as tracking cookies that seemed to be on my computer and could not be permanently removed - if I got SAS to remove them they d come back the instant firefox started before then the searches would come up clean and if I removed them from the preferences menu in firefox they would immediately reappear They were from sites that I do not remember visiting and all had the same expiry data some time in the year I am running Windows x I don t know what other details are relevant and don t Black screen after startup (some founctionality), undestroyable cookies want to overfill this post Thank you for reading this I hope you can help

A:Black screen after startup (some founctionality), undestroyable cookies

Apparently my comuter can do more than I thought. It did bring up the Device Manager and the game I tried to run, but after quite some time (>30 mins in both cases). The game ran fine, but isn't a system hog or anything (Many Faces of Go) - I was just trying to see what kind of thing could run.

With Device Manager up, I continued with the instructions Microsoft gave for the problem here: http://windows.microsoft.com/en-CA/windows7/why-is-my-screen-black-when-i-start-windows-7 without success.

Note that they instruct to kill explorer.exe then bring it back up with task manager, then use the start menu - this never worked for me, but I was able to do everything through the task manager. The first two solutions (updating graphics drivers and checking a startup registry) didn't help and I am hesitant to do a system restore (the only other thing they suggest).

Advice?

http://www.bleepingcomputer.com/forums/t/443210/black-screen-after-startup-some-founctionality-undestroyable-cookies/
Relevancy 44.72%

Hey Guys I ve been having the blue screen issue today and my comp would spontaneously restart It s happened quite a bit I tried updating drivers on my new monitors and even two restore points but nothing is working I have included the (includes Blue View) Screen Screen Blue blue screen view here Dump File - - dmp Crash Time PM Bug Check String KERNEL MODE EXCEPTION NOT HANDLED Bug Check Code x e Parameter xc Parameter x fde ec Parameter x cb bc Parameter x Caused By Driver win k sys Caused By Address win k sys ce ec File Description Multi-User Win Driver Product Name Microsoft Windows Operating System Company Microsoft Corporation File Version win rtm - Processor Blue Screen (includes Blue Screen View) -bit Computer Name Full Path C Windows Minidump - - dmp Processors Count Major Version Minor Version Dump File - - dmp Crash Time PM Bug Check String IRQL NOT LESS OR EQUAL Bug Check Code x a Parameter x Parameter x Parameter x Parameter x c e Caused By Driver ntkrnlpa exe Caused By Address ntkrnlpa exe b File Description NT Kernel amp System Product Name Microsoft Windows Operating System Company Microsoft Corporation File Version win gdr - Processor -bit Computer Name Full Path C Windows Minidump - - dmp Processors Count Major Version Minor Version Dump File - - dmp Crash Time PM Bug Check String SYSTEM THREAD EXCEPTION NOT HANDLED Bug Check Code x e Parameter xc Parameter x f a Parameter x d c b Parameter x d c Caused By Driver dxgmms sys Caused By Address dxgmms sys a File Description DirectX Graphics MMS Product Name Microsoft Windows Operating System Company Microsoft Corporation File Version win rtm - Processor -bit Computer Name Full Path C Windows Minidump - - dmp Processors Count Major Version Minor Version Dump File - - dmp Crash Time PM Bug Check String REFERENCE BY POINTER Bug Check Code x Parameter x Parameter x e c Parameter x Parameter xffffffff Caused By Driver ntkrnlpa exe Caused By Address ntkrnlpa exe dcd File Description NT Kernel amp System Product Name Microsoft Windows Operating System Company Microsoft Corporation File Version win gdr - Processor -bit Computer Name Full Path C Windows Minidump - - dmp Processors Count Major Version Minor Version

A:Blue Screen (includes Blue Screen View)

Before you got your new monitors did the blue screen happened?

http://www.bleepingcomputer.com/forums/t/368463/blue-screen-includes-blue-screen-view/
Relevancy 44.72%

Hey,I have a big problem,after my computers starts up,the blue screen comes up then disappears,then its starts the automatic repair and disappears again,then the screen goes blue and its stays like that all the time.Cant use the computer anymore,please help thanks

A:Screen satys blue after blue screen of death

Have you tried CTRL+ALT+DEL which should when you get the blue screen should take you to be able to do a factory reset.

http://www.eightforums.com/general-support/70858-screen-satys-blue-after-blue-screen-death.html
Relevancy 43.43%

hey so every time i boot the computer i get that good ol blue screen of death right where windows should open to my desktop instead it light blue "welcome" and screen blue restart after windows screen says quot welcome quot with the light blue background the screen goes black and then comes back with the blue screen the message on the screen says stop x a xe dac xc xbf c x e win k sys - address bf c base at bf datestamp f a beginning windows blue screen and restart after light blue "welcome" screen dump of physical memory dumping physical memory to disk and counts up to then the computer restarts i was able to get into safe mode to try a system restore but when the computer restarted it never finished the install it actually gave me the confirmation that the restore was successful while i was doing a repair install later on i have tried going through the windows install disc repair utility and doing a chkdsk p and a chkdsk r upon doing r it froze at percent and did not move i left it for a good hours windows blue screen and restart after light blue "welcome" screen the first time before restarting it and then over night the second time and both times it never passed percent after this i tried doing a repair installation of windows it completed the installation fine and then restarted the computer and tried to load windows it got to the black screen windows logo quot please wait screen quot and then went to black and froze i restarted the computer and it looked like all was well but upon getting to the light blue welcome screen it blinked and went to the blue screen again any ideas how this can be fixed running windows xp pro gb ram gig western digital sata hardrive amd athalon asus k v se deluxe mobo nbsp

A:windows blue screen and restart after light blue "welcome" screen

See if these links help.

http://support.microsoft.com/kb/130801
http://www.techimo.com/forum/showthread.php?t=112921
 

https://forums.techguy.org/threads/windows-blue-screen-and-restart-after-light-blue-welcome-screen.675862/
Relevancy 43.43%

Hey,

I need some links to some sites that will provide information and also fixes for blue screen errors in Win NT/2000/XP. I will be using them on my website, which in turn will be used at my workplace. Thanks for any help that you can offer.
 

A:BLUE SCREEN SITES (links to sites that have fixes for blue screen errors)

Get it from the source...

http://support.microsoft.com
 

https://forums.techguy.org/threads/blue-screen-sites-links-to-sites-that-have-fixes-for-blue-screen-errors.322096/
Relevancy 43.43%

A few times now I have been in internet explorer and then the screen with go back and forth from black screen back to internet screen and back and forth between the 2 for a few minutes and then will hit me with a blue screen with a bunch of writing on it and then will restart. It seems to run fine after the computer restarts itself but this has happened a few times now!
 

A:Screen flips back and forth from black screen to normal then blue screen

Welcome,
Can you provide a few details [remember we can't see or touch your system] about the hardware and software?
Thanks

http://www.bleepingcomputer.com/forums/t/538659/screen-flips-back-and-forth-from-black-screen-to-normal-then-blue-screen/
Relevancy 43.43%

Hello everyone, I've searched around the internet for a solution to this problem but cant find anything. 
 
My computer is crashing with increasing frequency (now about 5 times a day), but instead of the blue screen, when it crashes (and restarts), there birefly appears tow small blue rectangles in the bottom corners and a red one in one of the top corners.
 
I would hugely appreciate any help with this.
 
Regards, sam
 
 

A:computer crashing; but not with blue screen- small blue + red squares in corners

Good afternoon .
 
Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

http://www.bleepingcomputer.com/forums/t/545189/computer-crashing;-but-not-with-blue-screen-small-blue-red-squares-in-corners/
Relevancy 43%

Well i had my computer on all day since i woke up @ 8 in the morning gaming and what not. It had finally crashed on me while i was playing dirt 2 a couple of mins ago. I had fixed all my previouse blue screen problems by not using any AMD OverDrive Settings for my Radeon HD 4850.


My specs are Phenom x4 9150e, Asus M3N78 Pro, Muskin 4GB DDR2 @ 800MHz Dual Channel, Radeon HD 4850, Segate Barricuda 750gb Refub model, Windows 7 64bit home premium Offical And Activated.


Any assistance would be appreciated

A:Blue Screen out of the Blue, Was working fine for 9+ hours then c...

Quote:
"It's not a true crash, in the sense that the bluescreen was initiated only because the combination of video driver and video hardware was being unresponsive, and not because of any synchronous processing exception".

Since Vista, the "Timeout Detection and Recovery" (TDR) components of the OS video subsystem have been capable of doing some truly impressive things to try to recover from issues which would have caused earlier OSs like XP to crash.

As a last resort, the TDR subsystem sends the video driver a "please restart yourself now!" command and waits a few seconds.

If there's no response, the OS concludes that the video driver/hardware combo has truly collapsed in a heap, and it fires off that stop 0x116 BSOD.

If playing with video driver versions hasn't helped, make sure the box is not overheating.

Try removing a side panel and aiming a big mains fan straight at the motherboard and GPU.

Run it like that for a few hours or days - long enough to ascertain whether cooler temperatures make a difference.

If so, it might be as simple as dust buildup and subsequently inadequate cooling.

I would download cpu-z and gpu-z (both free) and keep an eye on the video temps


STOP 0x116: VIDEO_TDR_ERROR troubleshooting

http://www.sevenforums.com/bsod-help-support/223441-blue-screen-out-blue-working-fine-9-hours-then-c.html
Relevancy 43%

I think someone is tracking me using my IP address. How can I block them or what can I do to stop them if anything?
 

A:Ip Tracker?

Bumping this thread again!
 

https://forums.techguy.org/threads/ip-tracker.573968/
Relevancy 43%

I have an hp mini 5103- how do I turn off the gps tracking thingie?
 

Relevancy 42.57%

Hi all,

Is there a way to completely delete all kind of cookies stored on the machine, including super cookies and any other kind of them?
If not, can reinstalling the OS (Windows 7) with formatting the C: drive, remove all of them?

Thanks.
 

A:Deleting all cookies and super cookies

abbasi said:





If not, can reinstalling the OS (Windows 7) with formatting the C: drive, remove all of them?Click to expand...

That is pretty extreme just to clear cookies.

I can't vouch for all browsers, but IE and Opera can be setup to clear cookies every time you exit the browser. Opera allows you to manage cookies, so that only newer cookies are deleted.

On a personal note:
Once I noticed how many cookies were loaded just by logging into Techspot, I said the hell with trying to manage cookies. There was just to many of them, after viewing so few pages. It made finding cookies, you might want to keep very difficult.
 

http://www.techspot.com/community/topics/deleting-all-cookies-and-super-cookies.196466/
Relevancy 42.14%

NEED E-MAIL TRACKERI'm looking for a FREE site that can track e-mail activity . I don't mean tracking it's ip location in header
or what not , but tracking it's activity as to what sites it's registered , to apart from face book.
I need a FREE site that can give me a list of all or most sites , that the e-mail is registered on .

A:NEED E-MAIL TRACKER

I do not believe this possible...

http://www.bleepingcomputer.com/forums/t/543041/need-e-mail-tracker/
Relevancy 42.14%

I am looking for a Laptop Tracker. there has been many breakin's recently in my area, so I want to get some sort of Tracker for my Laptop, be it hardware or Sodtware. Its strange that they've never put these in Laptops. Could wipe out 90% of Laptop thefts. So I seen a few software, not convinced they any use, because they need to get past windows Security first, so is there any software that will work on load up or is there any Hardware you can get that you can hardware that can be clipped to or hidden in a Laptop that could give out a GPRS signal or Location of a Laptop?

http://h30434.www3.hp.com/t5/Notebook-Software-and-How-To-Questions/Laptop-Tracker/td-p/5791919
Relevancy 42.14%

This seems liek a useful app, but i've never heard of it.. so i thought i would come over here and see if it is legit.

http://www.versiontracker.com/subsc...nt=leftnavlink&utm_campaign=windows+vt+pro+lp
 

https://forums.techguy.org/threads/version-tracker-pro-has-anyone-used-this-before.410117/
Relevancy 42.14%

I think my wife may be cheating on me and I want to record her aol messenger conversations without her knowing. Also, is there any software that would record any of the sites she has logged in, while showing the password she used and username/email account?

thanks. need help please.
 

A:aim logger/ tracker

Hi, Sorry, TechGuy.org does not assist with using keyloggers, or AIM loggers, we have no way to verify the situation, hope you understand.

Nine times out of ten you will make the situation worse- logging software can be detected. Things can get out of hand, and we cannot be part of something like this.

Closing thread.
 

https://forums.techguy.org/threads/aim-logger-tracker.649948/
Relevancy 42.14%

Hello Hope You guys can help I have ran Malwarebyte Spybot McAfee and still having passwords changed Also made the Attach and the DDS files but could not run RootRepeal keeps locking up the computer Its a Alienware Keylogger/tracker Possible computer running Possible Keylogger/tracker windows XP Any help would be greatly appericated Thanks John TendaDDS Ver - - - NTFSx Run by Owner at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exesvchost exeC Program Files Possible Keylogger/tracker Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Bigfoot Networks Killer Driver PortManager exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee MPF MPFSrv exeC WINDOWS Explorer EXEc PROGRA mcafee com agent mcagent exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exec Program Files Microsoft SQL Server Shared sqlwriter exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS system RUNDLL EXEC WINDOWS system ctfmon exeC Program Files Bigfoot Networks Killer Driver KillerTray exeC Program Files Logitech SetPoint SetPoint exeC Program Files Logitech SetPoint II SetpointII exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS system dllhost exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS eHome ehmsas exeC Program Files Lavasoft Ad-Aware AAWTray exeC PROGRA McAfee VIRUSS mcsysmon exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MBK McAfeeDataBackup exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner My Documents Downloads dds scr Pseudo HJT Report mSearchAssistant hxxp www google com iemURLSearchHooks H - No FileBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Windows Live Toolbar Helper bdbd dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllBHO x - No FileTB CCC A -B CA- -B A - F DD - No FileTB Windows Live Toolbar bdad dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllTB A A -BACC- D - - A E E - No FileTB D C F- A- -A AD- D - No FileuRun NVIDIA nTune quot c program files nvidia corporation ntune nTuneCmd exe quot clearuRun ctfmon exe c windows system ctfmon exemRun ehTray c windows ehome ehtray exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun Kernel and Hardware Abstraction Layer KHALMNPR EXEmRun mcagent exe quot c program files mcafee com agent mcagent exe quot runkeymRun McAfee Backup quot c program files mcafee mbk McAfeeDataBackup exe quot mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscriptStartupFolder c docume alluse startm programs startup launch lnk - c prog... Read more

A:Possible Keylogger/tracker

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280790/possible-keyloggertracker/
Relevancy 42.14%

When I'm searching for something on Google and i try to go to the link, it always redirect to search tracker.net Done a search and read to download Malwarebytes, so I downloaded it and change the name from mbam-setup.exe but still wont run. Have no idea what I am doing.
Thanks Eric

A:search-tracker.net

Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/238477/search-trackernet/