Windows Support Forum

Had a virus, removed it quickly, but a few things still aren't right.

Q: Had a virus, removed it quickly, but a few things still aren't right.

Hi guys I was an idiot for minutes and downloaded an iso file from a sketchy website and then -without thinking- simply mounted ran it Instantly got a virus the kind with constant pop-up ads browser tabs opening etc I tried using windows defender but the virus would close it immediately so I had to be a little clever right. it virus, Had removed a but few a quickly, aren't still things and boot into offline safe-mode to address this problem I got it removed using malware-bytes and then I ran CCleaner thinking that I had totally saved myself Sorry I can't give you an exact name of the virus file I simply got Had a virus, removed it quickly, but a few things still aren't right. rid of it too quickly Had a virus, removed it quickly, but a few things still aren't right. and have completely forgotten its origin While the virus did definitely go Had a virus, removed it quickly, but a few things still aren't right. away upon a restart of my computer I was greeted with a completely black screen after logging in Startup would seem normal the windows icon and loading screen stuff showed up then the login screen but right afterwards it was all blank So I googled what this problem could be and figured out it obviously happened due to the virus and that running task manager and starting the process 'explorer exe' would fix things Sure enough that worked OS Windows -bit GB SSD Drive GB RAM GTX i - GHz -------------------------------------------------------------------------------------------------------------------------- There are only issues I still need resolved and am eager for anyone's help After booting up to the login screen and typing in my credentials the loading time is abnormally long Before the virus I would type in my password and then BAM I would be at my desktop but now it takes around - seconds The second issue is I still get the black screen each time I log in Running 'explorer exe' works to fix this every time but I would really like a permanent solution because it is a bit tedious to have to do that every time Other than that I seem to have no other issues whatsoever Everything apart from login works smoothly Again any help or advice is greatly appreciated Thanks a lot

Relevancy 100%
Preferred Solution: Had a virus, removed it quickly, but a few things still aren't right.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Had a virus, removed it quickly, but a few things still aren't right.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] wscript,
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {8F6C2929-EA11-4052-9226-E1D61855E945} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
C:\ProgramData\KMSAutoS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Please post the log and let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/618700/had-a-virus-removed-it-quickly-but-a-few-things-still-arent-right/
Relevancy 68.8%

I had the FBI Moneypsl virus Windows bit Home Professional Was able to boot into my Adminstrator account with password Ran through MANY of the downloads and scans from this site and removed that particular one I do think there are FBI Virus, Had things if not sure lurk! removed other or 7 Windows : other things lurking or did not completely removed I had been having problems with MS services like Firewall and Defender Security Essentials for several week along with SFC scannow only being able to get to But did not think that was a Windows 7 : Had FBI Virus, not sure if removed or other things lurk! virus as all programs worked fine just assumed something wrong with my computer as hard drive is almost full I have now run most of the suggestions on site including ESET SuperAnitSpyware CureIt Housecall Malwarebytes and rootkit version although that seems to get locked up--clue Spybot JRT AWDWcleaner Rkill RogueKiller etc obviously missing something Will post a couple of the logs to help you pinpoint Thanks in advance I appreciate your volunteering to help Here is DDS DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Administrator at on - - Microsoft Windows Professional GMT - AV Microsoft Security Essentials Enabled Updated E - ED- F -A - BCB F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Spybot - Search and Destroy Disabled Outdated BC DF - CCA- D-A -C CA F A B SP Microsoft Security Essentials Enabled Updated DF E - D - BB- B - D E BFDE Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files x Zentimo ZentimoService exe C Windows system svchost exe -k RPCSS c Program Files Microsoft Security Client MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Belkin Router Setup and Monitor BelkinService exe C Windows system svchost exe -k apphost C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Belkin Belkin USB Print and Storage Center BkBackupScheduler exe C Program Files Belkin Belkin USB Print and Storage Center Bkapcs exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software btwdins exe C Windows system CISVC EXE C Program Files x CloudBerryLab CloudBerry Online Backup CloudBerry Backup Scheduler exe C Program Files CrashPlan CrashPlanService exe C Windows system crypserv exe C Program Files x Common Files Nuance dgnsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x FolderSize FolderSizeSvc exe C Program Files Siber Systems GoodSync Gs-Server exe C Program Files x HDD Regenerator hrsrv exe C Windows SysWOW svchost exe -k hpdevmgmt C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Windows System svchost exe -k LPDService C Program Files x Common Files Microsoft Shared VS DEBUG mdm exe C Windows system mqsvc exe C Windows System svchost exe -k HPZ C Windows Microsoft NET Framework v SMSvcHost exe C Program Files x Visioneer OneTouch OtService exe C Program Files x Sony PMB PMBDeviceInfoProvider exe C Windows System svchost exe -k HPZ C Program Files Common Files Intel WirelessCommon RegSrvc exe C Windows system locator exe C Windows System tcpsvcs exe C Windows System snmp exe C Windows system svchost exe -k imgsvc C Program Files Airytec Switch Off swoff exe C Program Files x TeamViewer Version TeamViewer Service exe C Program Files x Intel Intel reg Management Engine Components UNS UNS exe C Program Files x Sony VAI... Read more

A:Windows 7 : Had FBI Virus, not sure if removed or other things lurk!

Here is another log
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-01 14:19:28
-----------------------------
14:19:28.551    OS Version: Windows x64 6.1.7601 Service Pack 1
14:19:28.551    Number of processors: 4 586 0x2502
14:19:28.551    ComputerName: GAIL-PC  UserName:
14:19:31.171    Initialize success
14:21:46.914    AVAST engine defs: 13110100
16:29:34.899    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:29:34.899    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:29:34.899    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000099
16:29:34.899    Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
16:29:34.914    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000009a
16:29:34.914    Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
16:29:35.055    Disk 0 MBR read successfully
16:29:35.055    Disk 0 MBR scan
16:29:35.133    Disk 0 Windows 7 default MBR code
16:29:35.133    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        11830 MB offset 2048
16:29:35.195    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24229888
16:29:35.242    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       465008 MB offset 24434688
16:29:35.476    Disk 0 scanning C:\Windows\system32\drivers
16:30:06.537    Service scanning
16:31:21.813    Modules scanning
16:31:21.813    Disk 0 trace - called modules:
16:31:21.844    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:31:21.860    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800639c060]
16:31:21.860    3 CLASSPNP.SYS[fffff88001cf943f] -> nt!IofCallDriver -> [0xfffffa8004398560]
16:31:21.875    5 ACPI.sys[fffff88000f7b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800439b050]
16:31:25.073    AVAST engine scan C:\Windows
16:32:03.060    AVAST engine scan C:\Windows\system32
16:42:34.516    AVAST engine scan C:\Windows\system32\drivers
16:43:28.217    AVAST engine scan C:\Users\Administrator.Gail-PC
16:44:53.227    Disk 0 MBR has been saved successfully to "C:\Users\Administrator.Gail-PC\Desktop\1 IE worm Google Worm fixers\MBR.dat"
16:44:53.477    The log file has been saved successfully to "C:\Users\Administrator.Gail-PC\Desktop\1 IE worm Google Worm fixers\aswMBR log.txt"

 

http://www.bleepingcomputer.com/forums/t/512625/windows-7-had-fbi-virus-not-sure-if-removed-or-other-things-lurk/
Relevancy 68.8%

Computer infected with I think fake rogue. Ran AVIRA rescue disk, removed virus and computer sort of working. Scan found things in restore. Turned off restore and it is still off. Ran unhide, icons and start menu much better. Finally able to safe mode Malwarebytes-removed some things and AVIRA (only some of it would work). However still having a windows (XP) generic host process for win 32 error box on each boot. AVIRA (upgraded from free to Premium for a trial) is finding 4 hidden objects. Followed their directions and still there.
Notes from AVIRA: A system thread is not visible // A memory modification has been detected.

I am now unsure how to progress!! Can you give me some suggestions?

A:Infected-removed virus-did other things-still having problems!

Hello walker51,as it appears the system may be a bit unstaeble we need to start a new topic and get a deeper look.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

http://www.bleepingcomputer.com/forums/t/459468/infected-removed-virus-did-other-things-still-having-problems/
Relevancy 64.93%

Hi There,

I have a PC. The computer is not operating like it used to. Wierd things are happening.

The following things (are wierd):

- sometimes (not always) it operates slowly,
- can't update Windows Updates (last time the computer was successfful was October 2010).
- opening files (like Word or Excel) by clicking attachments from e-mail files don't work (e-mail program is MS Outlook).
- I sometimes (again, not always) get a message about Tweeter Monkey not loading (not sure of the name but it is something "monkey").

There are at times other weird things too.

Do you have any ideas?

Thanks for your help.

Regards,

Freely

A:Things just aren't right!

Hello,this can ne a few things, but many canbe malware related first so let's run a couple tools. You did not give your operating system so I will start with what we can run now.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste... Read more

http://www.bleepingcomputer.com/forums/t/381171/things-just-arent-right/
Relevancy 64.5%

I recently formatted my hard drive and was in the process of setting up my burner, wireless, and web cam when I got a message saying that they cannot be set up because I needed SP2 or higher.
I went to microsoft/windows and did the download and install. After restarted my PC I can only get 4 bit color and screen resolution can't be set any higher than 600x800.
I did a virus scan and avg found nothing.
Any suggestions?
 

A:Things just aren't right after installing SP2

What are your system specs? Are you running XP? If you are, and only running XP SP1, you are way behind the times... You will have to do a fresh Operating System install all the way to XP Service Pack 3
 

http://www.techspot.com/community/topics/things-just-arent-right-after-installing-sp2.131704/
Relevancy 64.5%

I am very unhappy I ve been trying my best to keep my system from spyware Things just up.. aren't adding malware viruses especially since I just got rid of an infection Ive been battling with for nearly a year Heres the problems I m having My computer has been running unbelievably slow My CPU usage is at Things just aren't adding up.. about while just running Firefox I got a strange error message today about click me exe not being able to initialize or something I did a search on Click me exe and apparently its part of a spam virus while doing a HJT scan on Friday night I was denied access to the hostfile Heres a HJT Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files SiteAdvisor SAService exe C Program Files RealVNC Things just aren't adding up.. VNC WinVNC exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Java jre bin jusched exe C Program Files SiteAdvisor SiteAdv exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C PROGRA ALWILS Avast ashDisp exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Things just aren't adding up.. SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Last fm LastFMHelper exe C Program Files iPod bin iPodService exe C Program Files Last fm LastFM exe C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger usnsvc exe C PROGRA MOZILL FIREFOX EXE C Program Files iTunes iTunes exe C Program Files iLike ilikesidebar exe C Program Files MSN Messenger msnmsgr exe C Program Files LimeWire LimeWire exe C WINDOWS system wuauclt exe C Program Files Common Files Microsoft Shared Source Engine OSE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride lt local gt O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run C-Media Mixer Mixer exe startup O - HKLM Run SiteAdvisor C Program Files SiteAdvisor SiteAdv exe O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe qu... Read more

A:Things just aren't adding up..

The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.

I suggest you go to add/remove programs and remove all P2P programs!
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 update 3.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

 

https://forums.techguy.org/threads/things-just-arent-adding-up.653087/
Relevancy 63.64%

Norton didn t catch the trojan but Housecall did Now that I ve right and still Had HWINDOWS.A trojan things aren't gotten rid of Had HWINDOWS.A trojan and things still aren't right it things still aren t quite right and I suspect some leftovers are still on my pc I m not even sure if Norton or my firewall Zonealarm has Had HWINDOWS.A trojan and things still aren't right been compromised Anyone have suggestions about that Someone told me vial email that the registry entry of quot VNCHooks quot is associated with either a virus or ad-ware spy programs Can someone verify this for me Thanks in advance for your help I just want my PC to run right again Here s the HJT log file Logfile of HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C WINNT System svchost exe C Program Files Norton AntiVirus navapsvc exe C WINNT system nvsvc exe C WINNT system regsvc exe C WINNT system MSTask exe C WINNT system stisvc exe C WINNT System WBEM WinMgmt exe C WINNT System mspmspsv exe C WINNT system svchost exe C WINNT System ZipToA exe C WINNT Explorer EXE C PROGRA MOUSEW SYSTEM EM EXEC EXE C Program Files Common Files Real Update OB evntsvc exe C PROGRA NORTON navapw exe C Program Files Webshots WebshotsTray exe C Hijack This HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENUS SAOS R - HKLM Software Microsoft Internet Explorer Main Start Page http www centurytel net R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer sas se attbb net R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride se attbb net lt local gt O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINNT System msdxm ocx O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run EM EXEC C PROGRA MOUSEW SYSTEM EM EXEC EXE O - HKLM Run Adaptec DirectCD C PROGRA Adaptec DirectCD directcd exe O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run Microsoft Works Portfolio C Program Files Microsoft Works WksSb exe AllUsers O - HKLM Run HP Lamp quot C Program Files Hewlett-Packard HP PrecisionScan PrecisionScan Pro hplamp exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINNT system NvCpl dll NvStartup O - HKLM Run TkBellExe C Program Files Common Files Real Update OB evntsvc exe -osboot O - HKLM Run NAV Agent C PROGRA NORTON navapw exe O - HKLM Run nwiz nwiz exe install O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe O - HKLM Run SSC UserPrompt C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe O - HKLM Run CreateCD C PROGRA Adaptec EASYCD CreateCD createcd exe -r O - Startup Webshots lnk C Program Files Webshots WebshotsTray exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Global Startup Adobe Gamma Loader exe lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Extra context menu item amp Add animation to IncrediMail Style Box - C PROGRA INCRED bin resources WebMenuImg htm O - Extra button Net Phone - B A- B - D - F - F F - C Program Files Net Phone Net fone exe O - Extra Tools menuitem Net Phone - B A- B - D - F - F F - C Program Files Net Phone Net fone exe O - Extra button ICQ Pro - f -cba - -b - cb cd - C Program Files ICQ ICQ exe O - Extra Tools menuitem ICQ - f -cba - -b - cb cd - C Program Files ICQ ICQ exe O - Extra button AIM - AC ... Read more

Relevancy 63.64%

things like videos and games aren't going good...they are kinda choppy. i'm using beta 100.59 of the forceware for vista (i hate it, nothing to do.) games go half what they did in xp, idk if its the drivers or what, or if its dx10 thats making these problems. if it is, can i downgrade to dx9?

A:things aren't going good in vista...

how about useing the none beta vista video drivers? i know nvidia has some. and since you don't have a dx10 vid card, you aren't running dx10, but the hightest your card supports, which should be dx9c. i think setting the game settings lower than you have them at will improve proformance. remember, vista is more of a resorce hog than xp, and the games are not written for vista, but to run well in xp. and because of that, imho, your cpu and ram are alittle on the light side. but what is your vista experience rating (remember that 5.9 is the max. i bet its around 3)?

also, are you using the 32bit or 64bit version of vista? even with a 64bit cpu, the 32bit version is going to run alot better than the 64bit version.

http://www.techsupportforum.com/forums/f217/things-arent-going-good-in-vista-139117.html
Relevancy 63.64%

I've got something strange going on Within the last - days things have stopped working on my computer Notepad calculator task manager - just about anything with manager in it isn't working - update manager lots of things working aren't Things anymore on the control panel - too many to list I did get a couple of strange messages a week or so ago One was something about d screen saver no longer working - or something like that I googled it and couldn't find anything Things aren't working anymore Then I got another one that was csc exe not working but again couldn't find anything I'm running windows professional bit operating system I have run AVG malwarebytes and Emsisoft emergency kit - no viruses found Let me know what other information Things aren't working anymore you need to help fix this problem Thanks Edited to add I was looking around and downloaded the tweaking com windows repair and did the proper power reset When I turned the computer back on I got these messages csc Things aren't working anymore exe application error The application was unable to start correctly xc Click ok to close the application lgfxTray module has stopped working persistence module has stopped working hkcmd module has stopped working Tried to run the windows repair and it won't start I got a cmd exe application error message - same as the csc exe one I'm guessing I've got a virus or malware or something Just thought this extra information might be helpful

A:Things aren't working anymore

 If this happened to me, I'd restore from my last good full system backup.  If you don't have one, I'd consider this a learning experience.  Then save any data you don't want to lose, and try System Restore.  If that doesn't help,
restore your system to factory settings, and reload your software.
 
 Good luck.

http://www.bleepingcomputer.com/forums/t/603108/things-arent-working-anymore/
Relevancy 63.64%

Hello everyone I recently did some driver amp window updates Window XP Pro - Service Pack and since then I have noticed that aren't right things Updated and computer I have no control of Mic volume Line In volume on my Updated computer and things aren't right Realtek HD Audio Input My Internet Email connection is slower then what I m use to I have checked all possibilities my limited experience allows Including running a number of Malware sweeps Periodically I get a quot DeviceIO Notification window when I do a shutdown You all were great the last time and I Updated computer and things aren't right ve been recommending you all to my friends who have had problems Here Is the Hi Jack Log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C WINDOWS RTHDCPL EXE C Program Files Hewlett-Packard Digital Imaging bin hpqtra exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files AVG AVG avgwdsvc exe C WINDOWS system drivers dcfssvc exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C WINDOWS system svchost exe C Program Files Maxtor Sync SyncServices exe C Program Files Common Files Motive McciCMService exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files Hewlett-Packard Digital Imaging bin hpqSTE exe C Program Files Hewlett-Packard Digital Imaging bin hpqbam exe C Program Files Hewlett-Packard Digital Imaging bin hpqgpc exe C Program Files internet explorer iexplore exe C Program Files Hewlett-Packard Digital Imaging Smart Web Printing hpswp clipbook exe C Program Files Outlook Express msimn exe C Documents and Settings Ed My Documents Maintenance HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www foxnews com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - Hosts www winmx com O - BHO no name - D -C F - efb- B - ECA - no file O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files Hewlett-Packard Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files Hewlett-Packard Digital Imaging Smart Web Printing hpswp BHO dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run HP Software Update C Program Files Hewlett-Packard HP S... Read more

Relevancy 62.78%

Trying to get a program FREEPDFXP to work the other day I arrived at point viewing the procedure below It came from a Eudora Help page My question however has to do not with getting FREEPDFXP working but with the reasons behind the instructions in the Help file Re Step If you rename those files how is whichever program that might need them going to find them Also re Step how does renaming a aren't when Renaming things working Files file correct a problem I ve run into this more than once I wish I could specify a particular problem where the solution says quot rename a file quot but I don t have one at the moment -------------------------------------- MAPI is not working Document ID HQ ISSUE MAPI doesn t Renaming Files when things aren't working work I can t install MAPI when I double click on the Renaming Files when things aren't working icon nothing happens If I set Eudora s MAPI options to always nothing happens SOLUTION You may have a few corrupt MAPI files on your computer Your best option is to rename the Windows MAPI dll files NOTE You might need to reinstall any programs you have that are currently using MAPI as Renaming Files when things aren't working well The first thing you need to do is close down all applications Search your hard drive for the following files and rename them mapi dll mapi dll Restart your computer Search your hard drive for the file swmapi exe Double click to install it Open Eudora go to Tools Options MAPI Set quot Use Eudora MAPI server Always quot Reinstall EIS and perform a HotSync NOTE If you cannot see your HotSync Conduit you will need to do the following Close all open windows search your hard drive for the file called win ini Open it and add the following lines MAIL mapi mapix Restart your computer and perform a HotSync again nbsp

Relevancy 62.35%

To combat some missing icons (specifically, MSI Afterburner) I adjusted the system DPI to 125% then back to 100%. Most everything went back to normal, except two things:

1. Firefox's menu and toolbar font size
2. System message font size

Restarting does nothing. I tried changing to 150% then back to see if that'd work, but now it's even smaller! Programs seem fine, I tested Word and Skyrim. 1920x1080 res if it matters.

How do I fix those issues?

Thanks in advance, and sorry if this has been covered. I couldn't find any relevant threads, but I might be searching the wrong terms.

EDIT: Looks like the menus for Media Player Classic are tiny, too.

A:Adjusted system DPI, now certain things aren't scaling back right?

Ok, don't know why I didn't try this before, but the settings are tied to the current theme, so switching it fixes the problem.

http://www.sevenforums.com/general-discussion/210615-adjusted-system-dpi-now-certain-things-arent-scaling-back-right.html
Relevancy 55.47%

I downloaded the newest version of free AVG Anti-Virus software. Along with that they offered a free use of their PC Tuneup product. My computer has been acting up lately, so I thought, hey, why not see if this would help clean things up and speed things up too. So it ran and removed a lot of things and now when I try to do certain things on my system...they don't work. I can no longer open up Turbo Tax 2009 and the document converter on my Word program will no longer convert newer type files so I can read them in Word 2003. I am sure there are other things it can't do either, but I have just not discovered them yet. Is there some way I can restore whatever this program removed?

Thanks!
Mandy

A:AVG PC Tune Up Removed Things I Need

I have been disappointed with AVG ever since they made a decision in April 2010 to partner with LimeWire and promote the use of peer-to-peer (P2P) file sharing, a security risk which can make your system susceptible to a sm?rg?sbord of malware infections, remote attacks, and exposure of personal information.With the release of AVG 2011, there have been numerous complaints about issues and conflicts with other security tools like Malwarebytes' Anti-Malware. Read the related discussions at AVG:AVG 2011 Free vs. MalwarebytesAVG 2011 Resident Shield - File Exclude List Feature RemovedThere have been reports of issues with the computer starting properly on 64-bit Windows sytems for which AVG has had to release these fix instructions.There have also been reported problems with computers after using new features like PC Analyzer and PC Tuneup which purport to fix registry errors in order to make the system more stable and various optimizing tools which can make changes to system settings.I do not recommend the routine use of registry cleaners/optimizers as they are extremely powerful applications that can damage the Windows registry by using aggressive cleaning routines and cause your computer to become unbootable. The registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from booting properly. For routine use, the benefits to your computer are negligible while the potential risks are great.For these reasons, I no longer recommend AVG as a free alternative.If after using PC Tuneup, you experience issues with some programs, be aware that most registry cleaners and optimizers will prompt you to back up the registry BEFORE using them. These backups are usually saved in the program's folder so they can be accessed and used to restore the system in the event you encounter issues after running the registry cleaner. If that is the case, you can open the registry cleaning program which made the changes and look for an 'undo' feature which allows you to restore the registry backup.If no backup was made, you can also try using System Restore or System Restore from a command prompt in Safe Mode. If that does not resolve the problem, then you probably will need to reinstall those programs which were affected and no longer working properly.

http://www.bleepingcomputer.com/forums/t/366527/avg-pc-tune-up-removed-things-i-need/
Relevancy 55.04%

On a Win SE system I am helping a relative remove spyware We have run Adaware Removed Hijack a things. lot. This. some strange Still Spybot ToolBarCop and HijackThis All Current We have eliminated quot WhenUSearch quot among others quot AD Serve AproposClient quot was not completely removed by these programs and we tried to remove the rest manually Now when we restart some odd programs seem to appear in task Hijack This. Removed a lot. Still some strange things. list but they are either being renamed or something as each are not reappearing every time but somewhat randomly This is when we restart repeatedly without running anything or otherwise changing the system in between Qlfvs ylf vdm Hijack This. Removed a lot. Still some strange things. nsuj pryor kjxpex etc I can t find out what these are and I m not even sure they appear in the HijackThis log even though they are in TaskList I think their root is C Windows System In addition the system quot hangs quot when in IE and at restart shut down It does not freeze and quot end task quot of the above items at that point will immediately solve the problem Here is the latest HijackThis Hijack This. Removed a lot. Still some strange things. log Any help or pointers would be appreciated Does anyone know where any of the aboved named items in task list are coming from Logfile of HijackThis v Scan saved at PM on Platform Windows SE Win x A MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MSTASK EXE C PROGRAM FILES DELL OPENMANAGE CLIENT ACTIONAGENT EXE C PROGRAM FILES DELL OPENMANAGE CLIENT EVENTAGT EXE C PROGRAM FILES DELL OPENMANAGE CLIENT DLT EXE C PROGRAM FILES DELL OPENMANAGE CLIENT IAP EXE C DMI WIN BIN WIN SL EXE C DMI WIN BIN DELLDMI EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM COM DMI CDMINIC EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED CCEVTMGR EXE C WINDOWS SYSTEM RPCSS EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C MOUSE SYSTEM EM EXEC EXE C WINDOWS SYSTEM SXGTKBAR EXE C WINDOWS SYSTEM DDHELP EXE C PROGRAM FILES NETROPA MULTIMEDIA KEYBOARD MMKEYBD EXE C PROGRAM FILES VISIONEER PAPERPORT FBDIRECT EXE C WINDOWS SYSTEM HPZTSB EXE C PROGRAM FILES NETROPA MULTIMEDIA KEYBOARD MMUSBKB EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED CCAPP EXE C WINDOWS SYSTEM SPOOL EXE C WINDOWS SYSTEM STIMON EXE C PROGRAM FILES NETROPA ONSCREEN DISPLAY OSD EXE C PROGRAM FILES COMMON FILES ROXIO SHARED PROJECT SELECTOR PROJSELECTOR EXE C WINDOWS SYSTEM PCS PCSVC EXE C PROGRAM FILES MICROSOFT OFFICE OFFICE OSA EXE C PROGRAM FILES SYMANTEC WINFAX WFXCTL EXE C WINDOWS SYSTEM WMIEXE EXE C WINDOWS SYSTEM TAPISRV EXE C WINDOWS SYSTEM VDM NSUJ EXE C WINDOWS SYSTEM QFLVS EXE C PROGRAM FILES SYMANTEC WINFAX WFXMOD EXE C PROGRAM FILES ACCESSORIES SPYWAREFINDERS HIJACKTHIS HIJACKTHIS EXE R - HKCU Software Microsoft Internet Explorer Main Search Bar file C WINDOWS SYSTEM left html R - HKCU Software Microsoft Internet Explorer Main Default Search URL about blank R - HKLM Software Microsoft Internet Explorer Main Search Bar http home netscape com home winsearch html R - HKLM Software Microsoft Internet Explorer Search SearchAssistant about blank R - HKCU Software Microsoft Internet Explorer SearchURL Default http keyword netscape com keyword s R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - HKCU Software Microsoft Internet Explorer Main Start Page bak http google com O - BHO NAV Helper - BDF E -B - AD-A -FADC B - c Program Files Norton AntiVirus NavShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - c Program Files Norton AntiVirus NavShExt dll O - Toolbar msdxmLC dll email protected amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - HKLM Run ScanRegistry c windows scanregw exe autorun O - HKLM Run TaskMonitor c windows taskmon exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run EM EXEC c mouse system em ... Read more

Relevancy 54.18%

Hi
I have a Dell Inspiron 1525 with Vista SP2. She was running McAfee for years with no problems. However, she decided she didn't really need it so she didn't renew it.

There were so many things poping up that I couldn't even get it to a point where I could post even via Safe Mode, which is what I'm in right now.

I did run a few scan so I hope you don't get upset if I post them here.

I'm very interested in learning how to do this for others so any hand-holding/explaining is appreciated.

Oh, does not appear one can attach files on this forum so I'll hold off on those.
Let me know what you'd like me to run.

Much appreciated.
Jim

A:Vista Laptop - many things removed, more left?

Oh, just for a few things that were found and removed -- at least they said they were removed....

trojan.jorik
rootkit.tdss (I was running this)
trojan.fakealert
exploit.drop.2
malware.trace
hijack.exefile
torjan.fakealert
PUM.Bad.Proxy
spyware.passwords.Xgen
Trojan.Ranson.Pgen

Also had this silly thing saying it was a Microsoft Windows Malicious Software Removal Tool (KZB890830) that wanted to run but when it did, it spammed the screan something fierce: C:\windows\system32\mrt.exe /R /RE

Also ahd some chkdsk errors that were fixed on files spwizeng.dll & spwmp.dll & spwizeng.dll

Had a Trojan.win32.Agent.hicv in R198174-1.exe

trojan.zefarch
trojan.gen.2
trojan horse
trojan.adh

Also had some silly TelevisionFanatic bar along with other videoscavenger stuff.

Jim

http://www.bleepingcomputer.com/forums/t/417499/vista-laptop-many-things-removed-more-left/
Relevancy 54.18%

I was infected today Antivirus work but (I think) some don't things still Removed 2009 by the antivirus pro malware I instantly closed it through task manager without clicking anything for scans or installs that it was prompting for I'm fairly savvy with computers so I just googled it and found this page http www bleepingcomputer com virus-remo ivirus-pro- and followed the instructions for manual removal however Antivirus 2009 Removed (I think) but some things still don't work I was unable to unregister the DLLs due to an error I also downloaded Windows Malicious Software Removal Tool and Windows Defender direct from Microsoft At first Windows Defender wouldn't update but once the manual removal instructions were followed it updated and claimed no infections present same with the Malicious Software Removal Tool All seemed well until I tried to update AVG Free only to find that the quot Open AVG User Interface quot and quot Update Now quot were greyed out through the AVG Tray icon When I double click the icon it tells me there are no active components and will not update I also discovered that various links were now broke on my computer including the Google Chrome shortcut in my quick-launch tray which I fixed by just making a new shortcut and Windows Firewall and Security Center links from Control Panel I'm running XP Pro here is my HJT log as DDS SCR doesn't open a dos prompt or notepad Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files AVG AVG avgrsx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS RTHDCPL EXEC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC WINDOWS system nvsvc exeC Program Files Viewpoint Common ViewpointService exeC Documents and Settings Mike Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Mike Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Mike My Documents Downloads HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - D -C F - efb- B - ECA - no file O - BHO Microsoft Online Helper - A A -E D - A - - DC D - SystemRoot system msonlinebb dll file missing O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO FlashFXP Helper for Internet Explorer - E A B-D - -AD - B EE - C PROGRA FlashFXP IEFlash dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run WinSys C WINDOWS System winsys exeO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide... Read more

A:Antivirus 2009 Removed (I think) but some things still don't work

Researching your forums, I've seemed to fix everything except AVG so I'm just going to reinstall it. Thanks.

http://www.bleepingcomputer.com/forums/t/246918/antivirus-2009-removed-i-think-but-some-things-still-dont-work/
Relevancy 52.89%

I had the same experience as described on this thread http www bleepingcomputer com forums topic html So - I followed the same instructions ran defogger dds other Windows redirects among things but Vista google Recovery removed rkunhooker Logs attached Before I tried this I went through the steps of removing the fake Windows Windows Vista Recovery removed but google redirects among other things Vista Recovery program as best I could based on several forums - it seemed to work Steps taken were along the lines of changed settings to view hidden files manually Windows Vista Recovery removed but google redirects among other things removed related files went into regedit to remove added entries installed Windows Security Essentials and ran a full scan which found and removed files and then ran a script to reset all my files and folders to not be hidden anymore After all that I still Windows Vista Recovery removed but google redirects among other things get strange behavior clicking on google search results where the page will re-direct several times and end up back in the google search page before installing Security Essentials - redirects always landed on some ad page Other thing I noticed that seems related is that when I re-installed Adobe Flash for FF IE my Flash Access module isn t able to individualize the computer so I am unable to stream encrypted movies from mSpotmovies I installed Chrome to see if that might work since that uses a different version of Flash but Chrome couldn t even get to the web to display the google search home page FF IE could still browse the web Uninstalled Flash and installed to see if Access individualization might work with that but it didn t non-DRM d streaming video plays fine Would be great if I didn t have to re-install Vista to fix all this Thanks for the help and all the other great info here -beman

A:Windows Vista Recovery removed but google redirects among other things

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth Code, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create a FULL OTL ReportPlea... Read more

http://www.bleepingcomputer.com/forums/t/400334/windows-vista-recovery-removed-but-google-redirects-among-other-things/
Relevancy 52.46%

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all One of the things it did was attack my Hotmail account and send emails out to everyone in my contact Soft. the Thought removed malware had Originally various in and Anti-virus it. had I Trojans last Have week. removed list and my girlfriend Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week. got the something essentials I will post about that later on if I have problems I was going to use the Hirens boot disk Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week. and see if I could finish it off I received an email from her with a couple of pictures of the kids I opened one but not the other The problem is she didn t send me the email Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them So I am hoping you can take a look at my logs and see if you see any discrepancies Thinking I need to reinstall Avast but not sure I have used the basics and quarantined quit a bit of trojans and others I have used Malwarebytes Which I used first and didn t completely remove Anti-virus Soft SuperAntiSpyware HyjackThis Spybot RootKitBuster I wasn t sure how interpret the log and what to do SpyWareBuster Combofix a-squared Free Wish I could delete a squared exe from my start-up list Dr Web I had a warning on Combofix about a possible Varuit but it didn t find one Norman Malware Cleaner CCleaner ATF Cleaner Ran scans with Trend Micro Housecall and Avast I think that s it I have the logs if you wish to see them -------------------------------------------DDS Ver - - - NTFSx Run by Owner at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AntiVir Desktop On-access scanning enabled Outdated AD - F - A-A -FDD C AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS system lxdxcoms exeC WINDOWS System svchost exe -k imgsvcC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS Explorer EXEC PROGRA ALWILS Avast ashDisp exeC Program Files Lexmark - Series lxdxmon exeC WINDOWS system RUNDLL EXEC Program Files Lexmark - Series lxdxMsdMon exeC Program Files Mozilla Firefox firefox exeC Program Files a-squared Free a service exeC Documents and Settings Owner Desktop gmer exeC Documents and Settings Owner My Documents My Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mLocal Page hxxp news google commStart Page hxxp news google comuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q sBHO Control Popups in Internet Explorer f b- ce- a -be - ed d - c progra popupp PopLib dllTB E BD F- B D- E-CCB -B EEDBE C - No FileEB - a - b-a - c a a - No FilemRun avast c progra alwils avast ashDisp exemRun lxdxmon exe quot c program files lexmark - series lxdxmon exe quot mRun lxdxamon quot c program files lexmark - series lxdxamon exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun MSConfig c windows pchealth helpctr binaries MSCONFIG EXE autoDPF BF D - C - B -BC -D ABDDC B - hxxp www apple com qtactivex qtplugin cabDPF CA FB - E E- B -BF - E A CAA CD - hxxp download microsoft com download e e c -dd - c b-a - f a OGAControl cabDPF B BCA- F C- CF- - - hxxp download ma... Read more

A:Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:23:36.06 on Wed 03/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Avira\AntiVir Desktop\avscan.exeC:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mLocal Page = hxxp://news.google.commStart Page = hxxp://news.google.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dllTB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FilemRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {... Read more

http://www.bleepingcomputer.com/forums/t/299514/originally-had-anti-virus-soft-thought-i-had-removed-it-have-removed-various-trojans-and-malware-in-the-last-week/
Relevancy 52.46%

Ok about weeks ago i was infected with the Total Security malware and updated version of the Total Security Well it infected giving me the bogus total security program coming up changing my desktop background crazy on but 2009, having removed Total still things infected it Security with me? originally go saying im infected etc I tried to find a tutorial originally infected with Total Security 2009, removed it but still having things go crazy on me? on how to remove it originally infected with Total Security 2009, removed it but still having things go crazy on me? but everything says to go into the system folder and change the name of taskmrg and run it and end the Total Security process but everytime i tried to run the task manger after renaming got error of Task Manager disabled by administer Also no anti-virus or maleware removal works avast spybot malwarebyets removal i got Spyware docter to run and delete total security along with a couple of other things Then i also got Registry Booster to delete quite a few files something in the registry error range and still getting the problem of when i install an anti-virus For example i install malwarebytes removal and launch it it works for only a couple of minutes then exits randomly then when i click it to restart gives me the error window of quot Windows cannot access the specified device path or file You may not have the appropriate permission to access the item quot I cant get hijack this to work either And also when using a webbrowser firefox or IE i sometimes get redirected to crap websites that are completely random and I have no clue what they are Im at a lost right now because i really need my computer for school so help will be great Thanks

A:originally infected with Total Security 2009, removed it but still having things go crazy on me?

Hello and welcome. Please try this to fix the task manager.This step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp.com/xp_tweaks.htmScroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run. Open task manager and stop this processes. TotalSecurity 2009.exe, tsc.exe, Sc2C21UvvM.exe.Now let's try to run Malwarebytes (MBAM).1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).Now install and run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immedi... Read more

http://www.bleepingcomputer.com/forums/t/261376/originally-infected-with-total-security-2009-removed-it-but-still-having-things-go-crazy-on-me/
Relevancy 52.46%

Ok about weeks ago i was 2009, things but still removed with crazy it Security go Total on me? originally having infected infected with the Total Security malware and updated version of the Total Security Well it infected giving me the bogus total security program coming up changing my desktop background saying im infected etc This is the link to my previous topic that i originally infected with Total Security 2009, removed it but still having things go crazy on me? got help with to run a log it has originally infected with Total Security 2009, removed it but still having things go crazy on me? more info on whats going on http www bleepingcomputer com forums index php showtopic amp st amp gopid amp entry I ran Win kdiag exe and here is the log below Running from C Documents and SettingsSparklesDesktopWin kDiag exe Log file at C Documents and SettingsSparklesDesktopWin kDiag txt WARNING Could not get backup originally infected with Total Security 2009, removed it but still having things go crazy on me? privileges Searching 'C WINDOWS' Found mount point C WINDOWS hf mig KB KB Mount point destination Device max gt Found mount point C WINDOWSASSEMBLYNativeImages v TempZAP E tmpZAP E tmp Mount point destination Device max gt Found mount point C WINDOWSASSEMBLYNativeImages v TempZAP DF tmpZAP DF tmp Mount point destination Device max gt Found mount point C WINDOWSASSEMBLYTMPTMP Mount point destination Device max gt Found mount point C WINDOWSConfigConfig Mount point destination Device max gt Found mount point C WINDOWSConnection WizardConnection Wizard Mount point destination Device max gt Found mount point C WINDOWSDebugUserModeUserMode Mount point destination Device max gt Found mount point C WINDOWSHelpSBSITrainingWXPPerCbzCbz Mount point destination Device max gt Found mount point C WINDOWSHelpSBSITrainingWXPPerLibLib Mount point destination Device max gt Found mount point C WINDOWSHelpSBSITrainingWXPPerWaveWave Mount point destination Device max gt Found mount point C WINDOWSIMECHSIMEAPPLETSAPPLETS Mount point destination Device max gt Found mount point C WINDOWSIMECHTIMEAppletsApplets Mount point destination Device max gt Found mount point C WINDOWSIMEIMEJPAPPLETSAPPLETS Mount point destination Device max gt Found mount point C WINDOWSIMEIMEJP IMEJP Mount point destination Device max gt Found mount point C WINDOWSIMEIMJP APPLETSAPPLETS Mount point destination Device max gt Found mount point C WINDOWSIMEIMKR APPLETSAPPLETS Mount point destination Device max gt Found mount point C WINDOWSIMEIMKR DICTSDICTS Mount point destination Device max gt Found mount point C WINDOWSIMESHAREDRESRES Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed B F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F A C F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed F C F FEC Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache Managed DC A F AD BCDDC E F C Mount point destination Device max gt Found mount point C WINDOWSInstaller PatchCache ManagedDC BF CC D D F A A D F F Mount point destination Device max gt Found mount point C WINDOWSJAVACLASSESCLASSES Mount point destination Device max gt Found mount point C WINDOWSJAVATRUSTLIBTRUSTLIB Mount point destination Device max gt Found mount point C WINDOWSMicrosoft NETFrameworkv Temporary ASP NET FilesBind LogsBind Logs Mount point destinatio... Read more

A:originally infected with Total Security 2009, removed it but still having things go crazy on me?

Hi,

Looks like you didn't let win32kdiag run long enough. Please run it again and this time give some more time for it to finish.

http://www.bleepingcomputer.com/forums/t/262471/originally-infected-with-total-security-2009-removed-it-but-still-having-things-go-crazy-on-me/
Relevancy 51.17%

Hello I m hoping you can assist me to resolve my computer problem I know I have a virus because my computer is suddenly extremely slow At first I thought I could not open up any browsers it was taking so long to load but finally I went on Safe Mode and scanners virus virus, aren't it my have catching I a but a few minutes after I double clicked I have a virus, but my virus scanners aren't catching it on the Firefox icon the browser opened up I know my computer and it s never been half this slow before and it s generally extremely slow to begin with must have lots of bad malware or other things on it but never enough to make me do something about it But now I just can t use my computer at all anymore practically speaking I m typing this from another computer I did manage to download Hijackthis and I have the log I ll post that in a second First more info to help your diagnosis -note The other day I went to a website that said it was hacked that is the hackers removed the page and left a message that said they were there they said they were from Turkey I think I can get more info it s my mother s computer really and she would know the site address this was about two days ago and the computer became so slow about one day ago maybe a coincidence maybe not specs Windows Vista Home Premium Build Service Pack Intel Pentium Dual CPU GHz GB -bit Operating System I have on my computer and scan regularly with Bell Internet Security Services paid anti-virus and anti-spyware program that comes with my internet package from Sympatico SuperAntiSpaware free edition Spybot SecureIT free edition Firewall and live protection all enabled Security level set to medium or high I m not sure which but definitely not low Earlier today I scanned with all those anti-virus and anti-spyware programs but the problem remains - a few small things were picked up including one trojan by Spybot but I didn t keep a record of it because I assumed the problem would go away after all the scans were completed Here is the log file I took just a few hours ago and hijackthis is freshly installed Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network support Running processes C Windows Explorer EXE C Program Files Windows Media Player wmpnscfg exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - Default URLSearchHook is missing O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Pop-Up Blocker BHO - C EA -E A - E -A -D B C A - C Program Files Bell Bell Internet Security Services pkR dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO SecurityCoverage Popup Blocker - C AE C - - DDC-B -C AFB F AE - C Program Files SecureIT P... Read more

https://forums.techguy.org/threads/i-have-a-virus-but-my-virus-scanners-arent-catching-it.891522/
Relevancy 50.74%

Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user account listed. Any help would be appreciated.

BTW, I cannot login to windows AT ALL!

A:Login name removed after ransom virus removed

I wouldn't trust a used computer without reinstalling Windows.
No telling what is on it or what has been done to it.
If the PC has a valid COA with a readable license you can do a clean install at no cost.
This tutorial has everything needed for a clean install.
Clean Reinstall - Factory OEM Windows 7

http://www.sevenforums.com/general-discussion/296672-login-name-removed-after-ransom-virus-removed.html
Relevancy 50.74%

Hello folks Well I think I have another virus It HAS been awhile but I think we got nailed this week Interesting thing about it is if I even to a clean new install of hjt or avg those programs do not run The second time I try to access them I get a path not found error After reboot I noticed two items in the running programs loginui exe runs then disappears Im not familiar with it nor do I know it involves a virus There is another one that runs -- keeps running for awhile then allows the rest of the services etc to load It is called exe -- Some symptoms include a screensaver coming on when none should and when you leave the screensaver the computer freezes with the background showing no icons Occasionally the icons return Any chance someone can help me to at least get a hjt log to show you if not cure it directly I m running WindowsXP up to date with IE on a dell box I m posting from a different computer so there is no tsg sysinfo Thanks TBF nbsp

A:hjt and avg aren't recognized - VIRUS!

Update: I can download but cannot run any anti-virus programs.

I now have "Open Cloud Security" which I assume is a farce.

I cannot run any utilities like dds. or the like.

Any suggestions, please?
 

https://forums.techguy.org/threads/hjt-and-avg-arent-recognized-virus.1019329/
Relevancy 50.31%

The virus opens many pop-ups and turns off my firewall SpyWare Doctor and avast antiviurus are both able to detect the virus but not delete it Hopefully something in my hijack log will be able to help deal with the problem Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal a fast virus computer Please is and taking quickly over help my Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS Please help quickly a virus is taking over my computer and fast system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Please help quickly a virus is taking over my computer and fast system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files SONY sHotKey sHotKey exe C Program Files QuickTime QTTask exe C WINDOWS System ezSP Px exe C program files support com client bin tgcmd exe C WINDOWS AGRSMMSG exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Spyware Doctor pctsTray exe C Program Files AIM AIM Pro aimpro exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Windows Live Messenger MsnMsgr Exe C WINDOWS EncryptorControl exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Sony Sony TV Tuner Library RM SV exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINDOWS System alg exe C WINDOWS ehome ehmsas exe C Program Files Windows Live Messenger usnsvc exe C Program Files Java jre bin jucheck exe C Program Files Adobe Reader Reader AcroRd exe c program files Mozilla Firefox firefox exe C DOCUME ALEXAN LOCALS Temp stf tmp C WINDOWS system rundll exe C WINDOWS system wscntfy exe C WINDOWS system mshta exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS System wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page www google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie ... Read more

A:Please help quickly a virus is taking over my computer and fast

Hiya

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.

Click Close to exit the program.
Please include the MBAM log, SAS log and a fresh HijackThis log in your next reply

Regards

eddie
 

https://forums.techguy.org/threads/please-help-quickly-a-virus-is-taking-over-my-computer-and-fast.782593/
Relevancy 49.88%

I believe i got a virus from playing 3d games or any online games recently and my computer crashes after 15-30 minutes please help me while i can still get on for assistance
 

https://forums.techguy.org/threads/new-here-have-virus-from-online-games-computer-freezes-quickly.1052906/
Relevancy 49.02%

DDS Ver - - - NTFSx Run by Dolemite at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Windows Live OneCare On-access scanning enabled Outdated FW Windows Live OneCare Firewall disabled Running Processes C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C Program Files Microsoft Windows OneCare Live Antivirus MsMpEng exe C WINDOWS System svchost exe -k netsvcs H Program Files szntsvc exe C WINDOWS system svchost exe -k LocalService C WINDOWS Explorer EXE C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Linksys WMP gtwpssrv exe C Program Files Intel Intel Application Accelerator iaantmon exe C WINDOWS system nvsvc exe C Program Files Microsoft Windows OneCare Live OcHealthMon exe C PROGRA Dantz RETROS retrorun exe C WINDOWS system svchost exe -k imgsvc C Program Files Intel virus, , quickly too autorun.inf appears Computer Freees. out of memory Intel Application Accelerator iaanotif exe C Program Files Common Files Real Update OB realsched exe C Program Files Linksys WMP WLSngS exe C Program Files Microsoft Windows OneCare Live winssnotify exe C Program Files Linksys WMP WMP exe C Program Files iTunes iTunesHelper exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Microsoft Windows OneCare Live winss exe C Program Files PIXELA ImageMixer SE CameraMonitor exe C Program Files Panasonic PHOTOfunSTUDIO -viewer- PhAutoRun exe C Program Files Canon CAL CALMAIN exe C Program Files MagicDisc MagicDisc exe C Program Files iPod bin iPodService exe C WINDOWS System alg autorun.inf virus, Computer Freees. , out of memory appears too quickly exe C WINDOWS system wbem wmiprvse autorun.inf virus, Computer Freees. , out of memory appears too quickly exe C Program Files Mozilla Firefox firefox exe C Program Files Azureus Azureus exe C Program Files Spybot - Search amp Destroy SpybotSD exe H FIRFOX dds scr C WINDOWS system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp us mc mail yahoo com mc showMessage ylt AlkG i dLTVVccQJN NQeqxjk X fid Inbox amp mid AHN v EAAMl BSOvkpQ KrguM FQk amp prevMid AHN v EAAE SOv yARz U DQTk amp sort date amp order down amp startMid amp rand amp da amp m AHZ v EAAWKhSOwFBgpRRWsRRd C AHN v EAAE SOv yARz U DQTk C AHN v EAAMl BSOvkpQ KrguM FQk C AHR v EAABD SOvYnwCYtX wmBw C AHJ v EAAV WSOvYiAdo Bn ZDTo C AHR v EAADJmSOu PA S i U WfY C uSearch Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie mURLSearchHooks H - No File mWinlogon System kdtea exe BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO CInterceptor Object d fe - d - f -bb e-c a a a - c program files pando networks pando PandoIEPlugin dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO F D -DCC - CCF- - B F F - No File BHO A - CDE- A- C -AF BD E DC - No File BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO STOPzilla Browser Helper Object e f - - d - f b- d b d - c windows system StopzillaBHO dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll... Read more

A:autorun.inf virus, Computer Freees. , out of memory appears too quickly

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan: * Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif * Double click on the DDS icon, allow it to run. * A small box will open, with an explaination about the tool. No input is needed, the scan is running. * Notepad will open with the results, click no to the Optional_Scan * Follow the instructions that pop up for posting the results. * Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HEREPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Not... Read more

http://www.bleepingcomputer.com/forums/t/195014/autoruninf-virus-computer-freees-out-of-memory-appears-too-quickly/
Relevancy 49.02%

Hello I used google to search for this virus virus be SMART infected me now cant and found drive quickly hard and found multiple ways of deleting it All the original posts SMART virus infected me quickly and now hard drive cant be found state the same thing happening to them After the infection started I quickly moved to my SMART virus infected me quickly and now hard drive cant be found browser window and google searched a SMART virus infected me quickly and now hard drive cant be found removal guide and the first page that popped up stated I first needed to re-boot in safe mode with networking Easy enough few second later I was rebooting and got a dreaded blue screen of death before the OS got to boot that quickly restarted my computer again asking me how i would like to boot I started to go through every boot method until it started giving me only options start normally and a system restore one I clicked on the system restore and upon loading the screen freezes I left it there for over hours Even though I am using Windows I have an old Windows XP disc and was willing to temporarily downgrade to fix the problem and erase my entire hard drive I inserted the disc and booted from the CD and upon loading it gave me another blue screen During and in between all my attempts to fix this I have been on google and bleepingcomputer reading endless amounts of cases and not once have I found one where they could not boot up from any mode If needed I can post the blue screen error messages just ask if you want me to The farthest I can boot to is the windows loading screen after that the computer automatically restarts itself Never had any viruses prior on this computer anyways nor any warning signs but I am POORLY protected I can get a CD-RW if its needed I am currently on a year old computer just have to share the monitor I am on a DELL Inspiron and using Windows I already check the connections on the drive and it was okay Okay I will post exactly what this virus did to me I was browsing google images to get a template image to use for a website all the sudden my windows navigation bars changed shape They became much bigger and seconds later I got about error messages saying my computer was infected I started closing these windows and the actual quot VIRUS REMOVAL quot popped up It was titled S M A R T and started scanning my computer I tried closing it and as far as i remember it didnt stop it and I even tried closing out of everything I had opened except my browser My desktop then turned black and everything was removed from my desktop I clicked the start button and everything was removed from there too Thats when I google searched the only thing I remembered vividly quot SMART quot and added virus to it I got multiple pages giving instructions on how to fix it so the first step was to reboot but that ended up in catastrophe What im getting from the other articles on this virus is it hides files but does not delete them from you Now I wish i didn t panic and hit system restore before rebooting can t help to feel like it would of had a completely different outcome I highly appreciate everyones help in advance and not only in this thread but in all the others I have read multiple things in this forum in just the few hours I absorbed a great amount of knowledge about what I am dealing with If im missing something that is needed and is highly important feel free to ask

A:SMART virus infected me quickly and now hard drive cant be found

Important:Do not turn off System restore until we finish our cleaning processBoot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your replyDownloadUNHIDERun the tool as administrator,it should unhide your files

http://www.bleepingcomputer.com/forums/t/456464/smart-virus-infected-me-quickly-and-now-hard-drive-cant-be-found/
Relevancy 49.02%

My friend some how got a link and now everytime he goes new quickly! virus string? messenger on msn win32.randex.1.gen! HELP HELP! spreading on msn it automatically sends a link to everyone whos online and i think an email also it got very infectious and sending random emails to everyone and he signed off but i am worried other people on msn already clicked it I had bitdefender so it bloced it but i have not been able to find anything helpful information on what type of virus it is but its very infectious over msn its called win randex gen on msn its been sending links to random people like this one Invisibl Skratch Piklz says http email protected NOTE I CHANGED THE EMAIL ADDRESS BUT THE LINK STILL MIGHT BE HAZARDOUS DO NOT HELP! new virus string? win32.randex.1.gen! spreading on msn messenger quickly! HELP CLICK THE LINK some times when you click the link it says page cannot be displayed but on the fourth or fith try it would say page found waiting for reply and it will ask you to save or run this file an even if you click cancel the virus trys to get on I am not sure how he got it but i told him to log off before it got sent to more people I need help pronto nbsp

A:HELP! new virus string? win32.randex.1.gen! spreading on msn messenger quickly! HELP

A friend is having the same problem. I was told that there is no specific fix for it but to run the spyware & antivirus programs on the computer. Don't know if it's fixed the problem yet though.

Can anyone else enlighten us?
 

https://forums.techguy.org/threads/help-new-virus-string-win32-randex-1-gen-spreading-on-msn-messenger-quickly-help.355795/
Relevancy 49.02%

I have found that when I go to one particular website, which is for Channel 5 in Nashville TN, that it won't go to newschannel5, but to a bunch of ad sites. I run mal-warebytes, etc., and it's not being detected at all. This is annoying as can be. I don't know what to do to get rid of this problem.

A:My mal-ware programs aren't finding the redirect virus

I just went to http://www.newschannel5.com/ and it shows up just fine
 
Since you said you go to one particular website, I imagine you do not have issues with any other website

http://www.bleepingcomputer.com/forums/t/533960/my-mal-ware-programs-arent-finding-the-redirect-virus/
Relevancy 49.02%

Greetings all I've been trying to fix my computer for a month Unfortunately it hasn't been going great at first I thought it was the port that wasn't the case then I figured it was the ssd but upon receiving a new one I was not able to download websites to my ssd Instead a blank drive takes forever to load gets to one percent copied and stops Subsequent attempts are much faster but the drive will sometimes show up working. rescue motherboard discs virus, aren't or won't This leads me to believe the virus downloads itself to new drives before it will let any Windows programs run I only managed to get hiren's boot disc running but the mini Windows portion doesn't have any anti virus programs on it and I can't get external drives to show up via the port on the front Kaspersky anti-virus will not work as I don't have a non usb keyboard to use and bitdefender is motherboard virus, rescue discs aren't working. giving me graphical glitches upon start and won't update The images seem to be inverted motherboard virus, rescue discs aren't working. in color and I think my graphics card might be broken The only thing I got to work is parted magic which is fine to delete the data from the drive but freezes the first time trying to do it It may still be infected The only thing I can think of doing is blanking the drive using parted magic then using a flash drive with ny bios to flash my bios Don't even know if that'll work as I have dual bios with no physical switcher Can't use my friends computer anymore as I gave him a virus trying to get the iso files for the boot disk The ssd is a adata gig ssd The mother board is a megabyte There's also a terabyte drive I want to disinfect without killing And the initial problem was a select proper boot device Any help would be appreciated especially how to make a usb bios flasher I don't even know where to get the bios fit my board

A:motherboard virus, rescue discs aren't working.

This in the right place? I have no idea, do much is going on in this thing.

http://www.bleepingcomputer.com/forums/t/533065/motherboard-virus-rescue-discs-arent-working/
Relevancy 48.59%

So I downloaded a random ftp uploader today and opening. aren't New Computer super virus. and Help! programs is slow, now my computer is running like crap I ran adaware and it removed items but it s still exactly the same Super slow and certain programs won t open Here is my Hijack This log Any assistance would be greatly appreciated Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Roxio Easy CD Creator DirectCD DirectCD exe C Program Files Common Files AOL ACS AOLDial exe C WINDOWS BCMSMMSG exe C Program Files Common Files Real Update OB realsched exe C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe Help! New virus. Computer is super slow, and programs aren't opening. C WINDOWS SM BG EXE C WINDOWS System hkcmd exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Adobe Acrobat Distillr Acrotray exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Adobe Reader Reader Reader sl exe C Program Files Internet Explorer iexplore exe C WINDOWS avp exe C WINDOWS mgrs exe C Program Files Messenger msmsgs exe C WINDOWS System ctfmon exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System svchost exe C Program Files Webroot Spy Sweeper WRSSSDK exe C WINDOWS wanmpsvc exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Main Start Page http www comcast net Help! New virus. Computer is super slow, and programs aren't opening. R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Comcast R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run AdaptecDirectCD quot C Program Files Roxio Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exe O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run MMTray C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe O - HKLM Run SM BG C WINDOWS SM BG EXE O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeper exe quot startintray O - HKLM Run HostManager Help! New virus. Computer is super slow, and programs aren't opening. C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run CTDrive rundll exe C WINDOWS System drvtar dll startup O - HKLM Run avp C WINDOWS avp exe O -... Read more

A:Help! New virus. Computer is super slow, and programs aren't opening.

https://forums.techguy.org/threads/help-new-virus-computer-is-super-slow-and-programs-arent-opening.638144/
Relevancy 48.59%

Last week, we found a virus on some of our servers. There were files, including one called MyPorno.avi, sitting on the servers. The virus appeared to be dropping files into any shared folders. Since then, I have been having problems on my PC. Things are slow, I have trouble hitting some servers and SQL servers at times, and my browser (I use Firefox) is crazy slow. I can see at the bottom that no matter what site I am going to, it seems to be hitting sites like pubmatic.com and other ad-sounding things. Just now, for the first time, I found myself being redirected to a site for some kind of registry cleaner thing. I have run scans with eTrust and with MalwareBytes, and also Spybot S&D. No luck.

Any assistance would be appreciated!

A:Virus/adware on work PC that MalWareBytes and eTrust aren't fixing

try clearing all cookies and history from firefox and run some decent anti-virus program. Do you have any anti-virus program with real-time scanning installed when it occurred. unless you bought the pro version, the free version of malwareBytes doesn't provide real-time scanning.

http://www.bleepingcomputer.com/forums/t/399774/virusadware-on-work-pc-that-malwarebytes-and-etrust-arent-fixing/
Relevancy 47.73%

My computer has been having an insane amount of pop ups even though I have the pop up blockers ups, don't Pop work aren't scanners slowdowns, random helping certain virus sites and on and I don t have it set so only certain sites have pop ups also certain sites don t work like facebook and sometimes the comp slows almost to a complete halt I need help cause I think it s a virus Spybot and AVG don t work Here is my Hijack This Log Logfile Pop ups, certain sites don't work and random slowdowns, virus scanners aren't helping of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C Pop ups, certain sites don't work and random slowdowns, virus scanners aren't helping WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C WINDOWS system CTsvcCDA EXE C Program Files ewido security suite ewidoctrl exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS Explorer EXE C Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files UltraVNC WinVNC exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system MsPMSPSv exe C Program Files Mozilla Firefox Beta firefox exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Internet Explorer Main Start Page http www netflix com MemberHome R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO no name - b - b c- ceb- a - ec fe e - C WINDOWS system wegahuwe dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dll O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run CTSysVol quot C Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exe quot r O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run WinPatrol quot C Program Files BillP Studios WinPatrol WinPatrol exe quot O - HKLM Run CPMf bfcc Rundll exe quot c windows system fatopoze dll quot a O... Read more

A:Pop ups, certain sites don't work and random slowdowns, virus scanners aren't helping

My computer has been having an insane amount of pop ups even though I have the pop up blockers on and I don't have it set so only certain sites have pop ups, also certain sites don't work like facebook and sometimes the comp slows almost to a complete halt, I need help cause I think it's a virus, Spybot and AVG don't work. Here is my Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:20 AM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {72637b08-9b5c-4ceb-93a6-68ec4fe13e74} - C:\WINDOWS\system32\wegahuwe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program F... Read more

https://forums.techguy.org/threads/pop-ups-certain-sites-dont-work-and-random-slowdowns-virus-scanners-arent-helping.782566/
Relevancy 45.15%

Hey everyone,

I am having a problem with my computer. I am running windows xp and recently had the vundo virus. This was, I believe, successful deleted by Malware Bytes. After removal I was having problems with a missing registry file (an error message after start-up stated file hutudoki.dll was not found. And did find the registry file that was trying to start this deleted program. The only problem I am still having is my google/yahoo keeps re-directing and I believe I have some registry files that need repair and have not tried this after removal but was unable to do a system restore. And I want to make sure this virus is complete gone. If anyone could please help me I would appreciate it very much. I have done everything I can... Thank you!!! Jen

A:Vundo Virus Removed but browser hijacked and virus scanners not finding anything

Hello and welcome.Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please read and follow all these instructions very carefully.Please download GooredFix and save it to your Desktop.Double-click GooredFix.exe to run it.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

http://www.bleepingcomputer.com/forums/t/274410/vundo-virus-removed-but-browser-hijacked-and-virus-scanners-not-finding-anything/
Relevancy 44.72%

A few months ago I was attacked with the FBI Virus which completely shut down my computer It edited my registry keys disabling my ability to edit registry keys and disabling task manager Finally I was able to remove it as far as I know the Virus my removed I FBI computer after attacking Self-replicating is Virus by installing and running Malwarebytes in safemode and manually removing some files Now however every time I log on to my computer I am assaulted with obviously malicious download prompts popping up on my screen Self-replicating Virus is attacking my computer after I removed the FBI Virus Run Save Cancel They have generic names and I am not activating them in any way There is a file named 'Fysyucdy' under Computer gt Users gt Username gt Appdata gt Roaming gt Fysyucdy Inside this folder is an executable file labled 'fanioqm' and supposedly it is by 'oPerA sOFTwaRe' This 'Fanioqm' exe file is constantly running in my task manager in multiple instances - If I end the task it disapears and comes back a moment later sometimes with more instances of the same file Trying to delete the 'fanioqm' file or 'Fysyucdy' folder gives me the error message You do not have permission to perform this action I WAS able to delete them both at once by ending the tasks in my task manager and then quickly deleting the files which worked but they reappeared in the same place a moment later Any help would be appreciated My PC seems to be pretty badly infected I am running Vista Home Premium and the computer is a couple years old

A:Self-replicating Virus is attacking my computer after I removed the FBI Virus

Since you removed a difficult virus it is best to repost and get a deeper look.Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

http://www.bleepingcomputer.com/forums/t/493167/self-replicating-virus-is-attacking-my-computer-after-i-removed-the-fbi-virus/
Relevancy 44.72%

Hi AVG recently th Jan detected amp removed the following Trojan horse clicker VZM c windows AVG & after bestantivirusscanner removed popups virus virus Monder system prunnet exe Trojan horse generic AQDY c windows system cbXQiFya dll random name The following day I started getting popups trying to lure me to bestantivirusscanner com Kaspersky also report Monder virus I have other PCs in my home that dont seem to be affected but I am concerned to make sure I make those PCs secure too All our PCs have current antivirus software amp run windows update automaticaly Some on XP and some on Vista Thank you for you time reading this -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday January Operating System Microsoft Windows bestantivirusscanner popups & Monder virus after AVG removed virus XP Home Edition Service Pack build Kaspersky Online Scanner version Program database last update Sunday January Records in database -------------------------------------------------------------------------------- Scan settings Scan using bestantivirusscanner popups & Monder virus after AVG removed virus the following database extended Scan archives yes Scan mail databases yes Scan area - Critical Areas C Documents and Settings All Users Start Menu Programs Startup C Documents and Settings Hinson Start Menu Programs Startup C Program Files C WINDOWS Scan statistics Files scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats count C WINDOWS system iiffFuRk dll Infected Trojan Win Monder alpv The selected area was scanned DDS Ver - - - NTFSx Run by Hinson at on Internet Explorer Microsoft Windows XP Home Edition GMT AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system Ati evxx exe svchost exe svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C WINDOWS system ctfmon exe C Program Files Common Files Logitech LComMgr LVComSX exe C Program Files Logitech QuickCam QuickCam exe C Program Files Common Files Logitech LComMgr Communications Helper exe C WINDOWS CTHELPER EXE C Program Files lg fwupdate fwupdate exe C PROGRA AVG AVG avgtray exe C PROGRA AVG AVG avgwdsvc exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system svchost exe -k imgsvc C Program Files Logitech QuickCam COCIManager exe C PROGRA AVG AVG avgrsx exe C WINDOWS system rundll exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Microsoft Office Office OUTLOOK EXE C Temp dds scr Pseudo HJT Report uStart Page hxxp www google co uk uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext iexplore mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO be -f a - - - b cdb - c windows system mezinoma dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files projectx jre bin ssv dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files projectx jre bin jp ssv dll TB AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL TB amp Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe ... Read more

A:bestantivirusscanner popups & Monder virus after AVG removed virus

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/194256/bestantivirusscanner-popups-monder-virus-after-avg-removed-virus/
Relevancy 43.86%

Hi my pc is infected with different viruses from august after downloaded a virus from p p I ve tried to remove some virus but my WinXP is still slow and unstable freeze after - hours In safe mode is super-slow and infected. Some virus mbr but virus rootkit removed or still resolution is only x driver video problem i m using a non standard video driver In safe mode i can t see for resolution problem the save button of gmer My Avast Antivirus detected viruses i ve attached the complete avast report -avast-report txtI ve used HiJackThis Attached report -hijackthis logand fixed if i remember Some virus removed but still infected. rootkit or mbr virus correctely F - REG win ini load C WINDOWS System drivers cmstp exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKLM Policies Explorer Run ClipSrv C DOCUME betty DATIAP MICROS clipsrv exe waitserviceO - HKLM Policies Explorer Run DllHst C WINDOWS dllhst g exe waitserviceO - HKLM Policies Explorer Run rsvp C Documents and Settings betty LOCALS APPLIC rsvp exe waitserviceO - HKLM Policies Explorer Run ComRepl C WINDOWS System drivers comrepl exe waitserviceO - HKCU Policies Explorer Run Mstsc C DOCUME betty IMPOST Temp mstsc exe waitserviceO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User SYSTEM O - HKUS S- - - Policies Explorer Run MstInit C DOCUME betty DATIAP mstinit exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run ClipSrv C Documents and Settings betty LOCALS APPLIC clipsrv exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run IEudinit C WINDOWS System ieudinit exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run ComRepl C DOCUME betty DATIAP MICROS comrepl exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run Spool C WINDOWS System spoolsv exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run SessMgr C DOCUME betty IMPOST Temp sessmgr exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run Cisvc C Documents and Settings betty LOCALS APPLIC cisvc exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run CmSTP C WINDOWS System cmstp exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run Mstsc C DOCUME betty DATIAP mstsc exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run DllHst C DOCUME betty IMPOST Temp dllhst g exe waitservice User SYSTEM O - HKUS S- - - Policies Explorer Run MqtgSVC C WINDOWS mqtgsvc exe waitservice User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User Default user O - HKUS DEFAULT Policies Explorer Run MstInit C DOCUME betty DATIAP mstinit exe waitservice User Default user O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA FILECO Skype SKYPE DLLDownloaded Installed Updated and run Malwarebytes Anti-Malware Attached report -mbam-log- - - - - txtDownloaded Installed Updated and run SUPERAntiSpyware Attached report -SUPERAntiSpyware Scan Log - - - - - - logI ve found some strange files in temp folder C DOCUME betty IMPOST Temp uploaded some file on virustotal and was virus then Downloaded Installed Updated and run PrevX I remember file removed but i ve installer Prevx and i don t found the reportDownloaded Installed Updated and run BitDefender Free Antivirus Full Scan Attached report -BitDefender xml txtHijackthis nothing fixed Attached report -hijackthis logDownloaded Installed and run Stealth MBR rootkit Mebroot Sinowal detector by Gmer Virus found here But i don t know how this tool and i don t have fixed it I ve grub in mbr this tool delete my grub Report -mbr logDownloaded Installed and run TDSSKiller but no virus found Report -TDSSKiller log txtDisabled CD Emulation programs with DeFoggerI ve tried gmer times but my system freeze with lsass exe at of cputhe rd time gmer finished with wuauclt exe at of CPU but system not freezed Attached report gmer logDownloaded and run DDS but i can t save the report wi... Read more

A:Some virus removed but still infected. rootkit or mbr virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigdrivers32 /all%systemroot%\system32\*.dll /lockedfiles%systemroot%\system32\*.sys /90%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %SYSTEMDRIVE%\*.*%systemroot%\system32\Spool\prtprocs\w32x86\*.dll%systemroot%\*. /mp /s/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sysuser32.dllws2_32.dll/md5stop%systemroot%\*. /mp /sHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs in your reply.We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logIn your reply, please post both OTL logs and the GMER log.

http://www.bleepingcomputer.com/forums/t/339653/some-virus-removed-but-still-infected-rootkit-or-mbr-virus/
Relevancy 43.86%

Hi there! First and foremost, I am somewhat of a noob... but I am hoping that my own actions didn't further my computer's trouble. My computer was entirely unprotected when it was infected with the Windows Recovery Virus a few days ago. I attempted to download Avast, but the virus blocked it. So I ran RKill, which seemed to have worked, then I downloaded both Malwarebytes and Avast and ran them both, which moved the viruses to my "chest", but when the chest was full began deleting the infected files. I am able to get on the internet and other typical functions (albeit veeeeeeeeery slowly) but my files can only be found when I run them by name. Is there anything I can do to fully restore my computer?

Thank you so much for any help you can offer!!

A:Windows Recovery Virus - Virus Removed, but...

And also... now, several days later, scour.com has started hijacking google searches again. *sigh*

http://www.bleepingcomputer.com/forums/t/403832/windows-recovery-virus-virus-removed-but/
Relevancy 43%

Hey BleepingComputer! I have made a topic in the past (months ago) but I got caught up in other affairs.

Anyhow, I have an issue on trying to click any search results from google. Also I am suffering from quite a few peformance slow downs. Thanks for your time, effort, and help!

A:Redirect virus among other things

Hello,,, as you didn't provide any system info we'll try this.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, inst... Read more

http://www.bleepingcomputer.com/forums/t/409131/redirect-virus-among-other-things/
Relevancy 43%

I ve Virus.32.Zaccess things? other among done quite a few things before ultimately giving up and asking for help as I m Virus.32.Zaccess among other things? still a newbie The computer was plagued with functionality issues such as DHCP not working and all the system restore points being corrupted there was also a black desktop with only a mouse cursor upon each normal boot Any virus scans didn t yield any infections and restoring the computer to factory defaults has proven impossible TDSSkiller found virus Zaccess but it can t remove it as it always pops up and the ability to set up a firewall has been disabled by the virus Any help you can give me will be greatly appreciated DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Renecito at on - - Microsoft Windows Vista Home Premium GMT - SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system WUDFHost exe C Windows system WUDFHost exe C Windows System spoolsv exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Microsoft Xbox Accessories XBoxStat exe C Program Files Winamp winampa exe C Program Files Common Files Java Java Update jusched exe C Windows RtHDVCpl exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Sony Content Transfer ContentTransferWMDetector exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Digital Line Detect DLG exe C Users Renecito AppData Roaming Dropbox bin Dropbox exe C Program Files MagicDisc MagicDisc exe C Program Files Logitech GamePanel Software Applets LCDCountdown exe C Program Files Logitech GamePanel Software Applets LCDPop exe C Program Files Logitech GamePanel Software Applets LCDClock exe C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files Logitech GamePanel Software Applets LCDRSS exe C Program Files Windows Media Player WMPSideShowGadget exe C Program Files Windows Media Player wmplayer exe C Program Files SUPERAntiSpyware SASCORE EXE C Windows System svchost exe -k Akamai C Windows system svchost exe -k NetworkService C Windows System svchost exe -k LocalServiceNoNetwork C Windows system libusbd-nt exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system WUDFHost exe C Windows system svchost exe -k WindowsMobile C Windows system taskeng exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Windows Media Player wmpnscfg exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Users Renecito AppData Local Google Chrome Application chrome exe C Users Renecito AppData Local Google Chrome Application chrome exe C Users Renecito AppData Local Google Chrome Application chrome exe C Users Renecito AppData Local Google Chrome Application chrome exe C Program Files Steam Steam exe C Users Renecito AppData Local Google Chrome Application chrome exe C Users Renecito AppData Local Google Chrome Application chrome exe C Windows system wbem wmiprvse exe Pseudo HJT Report ... Read more

A:Virus.32.Zaccess among other things?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Did you set this proxy?uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421You may also ask your Internet Provided if you need it.If not required remove it.In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:9421 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".===If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlp.s.If ComboFix hangs for more than one hour stop the process using the Task Manager.Run the ComboFix again and post the log if you can.

http://www.bleepingcomputer.com/forums/t/442184/virus32zaccess-among-other-things/
Relevancy 43%

Hello, I've been having major problems since Tuesday night. First, I got attacked with the fake alert virus and my unknowing partner clicked "heal". Although he didn't go further than that, it opened the door for more attacks and ultimately, I was unable to open any exe files. After a bunch of work in safe mode, i was able to get malwarebytes to scan, which eliminated enough of the problem for me to be able to get in and run an avg scan. once i thought i got everything cleaned up, google started to redirect. Now, it's redirecting pretty frequently and none of my scans are picking up anything! Help!

A:Redirect virus...among other things

Hello..First run RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot your computer after running rkill as the malware programs will start again.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Follow with TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkNow an SAS scan:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the ... Read more

http://www.bleepingcomputer.com/forums/t/308501/redirect-virusamong-other-things/
Relevancy 43%

My computer has a virus on it that none of my software can find I have run Norton and Xoftspy multiple times and made sure that both of them were current I am getting the following messages and having the following problems Any time I open a new window hit enter click ok pretty much any time I do any thing I get a message that says- System Error Your computer was infected and things virus-89.149.227.195 with other a Problems by unknown trojan It's dangerous for your system critical files can be lost Click OK to download the antispyware program to clean your system Recommended Then it has OK Problems with a virus-89.149.227.195 and other things and Cancel buttons If I hit cancel it lets me go to whatever it was that I asked for If I click OK I get a file download security warning that asks if I want to run or save the file The name is setup exe Type Application MB and the From I have not run this If I try to do a search I get a message at the top of my search results that says Error Your browser was hijacked Some results was changed by porn advertising You need to clean your system immediately to prevent it Download the newest antispyware software The word error is red and underlined and it is clickable but I havent clicked on it Also if I click on a search result it send me to some porn address widget-porn or stable but nothing displays except a red screen search bar and it says no results How can I get rid of this Thanks Jill

A:Problems with a virus-89.149.227.195 and other things

I apologize for not attaching the logs earlier, here they are. I have done steps 1-5, but Panda will not run all the way. It scans a few thousand files then shuts itself off and exits every window I have open. I have tried it a few times and the same thing happens.

Deckard's System Scanner v20071014.68
Run by Jill on 2008-03-25 11:00:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-03-25 18:01:10 UTC - RP316 - Deckard's System Scanner Restore Point
29: 2008-03-25 17:54:22 UTC - RP315 - Installed Java(TM) 6 Update 5
28: 2008-03-25 09:14:25 UTC - RP314 - Software Distribution Service 3.0
27: 2008-03-25 06:40:10 UTC - RP313 - Restore Operation
26: 2008-03-25 05:49:01 UTC - RP312 - Installed Symantec Technical Support Web Controls


-- First Restore Point --
1: 2007-12-31 00:52:28 UTC - RP287 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Jill.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:39 AM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\FRU\Remind32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\WHQ8ZANS\dss[1].exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jill.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ... Read more

http://www.techsupportforum.com/forums/f284/problems-with-a-virus-89-149-227-195-and-other-things-233549.html
Relevancy 43%

Some time ago i wanted to download a program. I accidentally downloaded a virus. It deleted all my shortcuts from menu start and i cant run programs like "Run" etc

A:Virus deleted many things

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties) Run FRST.Don´t change one of the checkboxes and hit Scan.Logfiles are created on your desktop.Poste the FRST.txt and (after the first scan only!) the Addition.txt.  Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.In the right panel, you will see several boxes that have been checked. Uncheck the following ...
SectionsIAT/EATShow All ( should be unchecked by default )Leave everything else as it is.Close all other running programs as well as your Browser.Click the Scan button & wait for it to finish.Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop.Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. 

http://www.bleepingcomputer.com/forums/t/562257/virus-deleted-many-things/
Relevancy 43%

Hi everyone here is WinAble things and virus other my HJT log I have been trying to fix my girlfriends computer for a few hours now but I cant seem to get rid of WinAble and some other things that I believe are lurking on her laptop WinAble virus and other things Any help would be appreciated Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system WLTRAY exe C WINDOWS ehome ehtray exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS eHome ehRecvr exe C PROGRA mcafee com agent McAgent exe C WINDOWS eHome ehSched exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe c PROGRA mcafee com vso OasClnt exe c program files mcafee com vso mcvsshld exe c progra mcafee com vso mcvsescn exe C PROGRA McAfee SPAMKI MSKSrvr exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www gateway com g startpage h s PTB amp M MX R - HKLM Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run Broadcom Wireless Manager UI C WINDOWS system WLTRAY O - HKLM Run AtiPTA atiptaxx exe O - HKLM Run MCUpdateExe C PROGRA mcafee com agent McUpdate exe O - HKLM Run MCAgentExe c PROGRA mcafee com agent McAgent exe O - HKLM Run MSKAGENTEXE C PROGRA McAfee SPAMKI MSKAGE EXE O - HKUS S- - - Run Power GoExpress NA User 'SYSTEM' O - HKUS S- - - Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'SYSTEM' O - HKUS DEFAULT Run Power GoExpress NA User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - FD BF-D F - b -BB - CCF E - c program files mcafee spamkiller mcapfbho dll O - Extra 'Tools' menuitem McAfee Anti-Phishing Filter - FD BF-D F - b -BB - CCF E - c program files mcafee spamkiller mcapfbho dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exe O - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS system Shdocvw dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsu O - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsof O - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS system Ati evxx exe O - S... Read more

A:WinAble virus and other things

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall have a proper set of logs for us after that. Someone will be along shortly

http://www.techsupportforum.com/forums/f284/winable-virus-and-other-things-205241.html
Relevancy 43%

Hello there
What ways or software you know to move huge folders quicker than the time Windows Vista takes to do this task?
What ways or software you know to erase huge folders quicker than the time Windows Vista takes to do this task?
Also, you might know these software programs:
Teracopy for moving huge folders and
Mass directory eraser to erase huge folders
Do you know whether they are reliable? Would you suggest them as a good choice? Do they have any drawbacks agains using just Windows Vista for these tasks?
Thanks in advance for your opinion.

A:quickly erase huge folders | quickly move huge folders

Teracopy (free here: www.codesector.com/teracopy.php )

http://www.techsupportforum.com/forums/f217/quickly-erase-huge-folders-quickly-move-huge-folders-451899.html
Relevancy 42.57%

If anybody would be so kind and help me this freaking redirect virus is so annoying everytime I try to serach something. I need a lot of help seeing as I am a beginner and things.

A:Need alot of help Please getting rid of a redirect Virus and many more things

Hi HalJordan22, to BleepingComputer! Sorry for the delay. Let's try rebooting into Safe Mode.This can be done tapping the F8 key as soon as you start your computerYou will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details. Once in Safe Mode with Networking, download Rkill Run Rkill (renamed iExplore.exe).Please be patient while the Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.Do not reboot your computer after running RKill as the malware programs will start again! Still in Safe Mode with Networking, Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware Reboot into Normal mode. Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAnt... Read more

http://www.bleepingcomputer.com/forums/t/405264/need-alot-of-help-please-getting-rid-of-a-redirect-virus-and-many-more-things/
Relevancy 42.57%

I have a virus i Slow A Virus...things I Have Are Must Tooo think I must have one Things are tooo slow I have DSL and opening web pages takes forever I know my ISP is ok because i also have a PSP and things open up immediately on that I have wireless DSL with a Belkin Router Anyway here is a HijackThis log from tonight Hope someone can see a problem in the log so i can fix things Thanks in advance for any help you can give me Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS system svchost exeC WINDOWS System StkASv K exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC PROGRA SPEEDB VideoAcceleratorService exeC WINDOWS system wscntfy exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS V Mon exeC Program Files Common Files Real I Must Have A Virus...things Are Tooo Slow Update OB realsched exeC Program Files ScreenPrint v ScreenPrint exeC Program Files Messenger msmsgs exeC WINDOWS system wuauclt exeC Program Files Orbitdownloader orbitdm exeC Program Files WinZip WZQKPICK EXEC Program Files Orbitdownloader orbitnet exeC Program Files internet explorer iexplore I Must Have A Virus...things Are Tooo Slow exeC Program Files Orbitdownloader Grab exeC Program Files Internet Explorer IEXPLORE EXEC PROGRA SPEEDB VideoAcceleratorEngine exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer SearchURL http internetsearchservice comR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook Winamp Search Class - BCA FA- DBB- a -B - C F B - C Program Files Winamp Toolbar winamptb dllR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllR - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO btorbit com - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO Ask Search Assistant BHO - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Winamp Toolbar Loader - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO DealioBHO Class - A B -A F- -AE - D C BF - C Program Files Dealio kb Dealio dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Burn Free Toolbar Helper - D A B-A F- CBE- D - FC BAE - C Program Files Burn Free Toolbar v Burn Free Toolbar dllO - BHO Ask Toolbar BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLLO - Toolbar Dealio - E C F -A A- F C- FEC-FD DC A F - C Program Files Dealio kb Dealio dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO... Read more

A:I Must Have A Virus...things Are Tooo Slow

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

http://www.bleepingcomputer.com/forums/t/168075/i-must-have-a-virusthings-are-tooo-slow/
Relevancy 42.57%

I would really appreciate the help Here is my hijack this log Logfile of Trend Micro HijackThis v with computer, wrong Please have I virus. a my think going I help! many things So Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS So many things going wrong with my computer, I think I have a virus. Please help! system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS So many things going wrong with my computer, I think I have a virus. Please help! arservice exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS eHome ehRecvr exe C WINDOWS system Ati evxx exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS Explorer EXE C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS ehome ehtray exe C WINDOWS ARPWRMSG EXE C WINDOWS RTHDCPL EXE C Program Files Spyware Doctor pctsTray exe C Program Files Internet Explorer iexplore exe C Program Files BitDefender BitDefender bdagent exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Updates from HP Program Updates from HP exe C Program Files Yahoo Yahoo Music Jukebox ymetray exe C Program Files Greetings Workshop GWREMIND EXE C Program Files Internet Explorer iexplore exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Common Files BitDefender BitDefender Communicator xcommsvr exe C Program Files Common Files BitDefender BitDefender Update Service livesrv exe C WINDOWS ehome mcrdsvc exe C Program Files BitDefender BitDefender vsserv exe c Program Files HP Digital Imaging bin hpqSTE exe C WINDOWS system dllhost exe C WINDOWS System alg exe C WINDOWS System svchost exe C WINDOWS eHome ehmsas exe C Program Files Windows Live Messenger usnsvc exe C Program Files BitDefender BitDefender seccenter exe C Program Files BitDefender BitDefender uiscan exe C Program Files Webroot Spy Sweeper SSU EXE C PROGRA Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Internet Explorer Main Start Page http ca yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY rm seconduser R - HKLM Software Microsoft Internet Explorer Main Search Bar http ca red clientapps yahoo com c search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http ca red clientapps yahoo com c www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY rm seconduser R - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLL file missing R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C PROGRA Yahoo Common yiesrvc dll O - BHO no ... Read more

A:So many things going wrong with my computer, I think I have a virus. Please help!

Hello and welcome to TSF.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Thanks for your patience.

http://www.techsupportforum.com/forums/f284/so-many-things-going-wrong-with-my-computer-i-think-i-have-a-virus-please-help-221728.html
Relevancy 42.57%

Hi I am in a desperate need of help I have gotten the quot random sounds virus quot on my Windows Vista computer It plays random things every now and then which I know is not good I things Virus;among other Random Sounds also have this thing with a X on my start-up bar that told me I had a virus like an idiot I did one of their checks which led to the random sounds And now I get pop ups every few minutes telling me to check for virus's and the x will NOT go away It says quot Security System quot has detected a virus even thought I know that its a virus its self ALSO my computer has slowed down so much that I can't even type everything without seeing it right away IT IS VERY BAD PLEASE HELP MY DAD WILL KILL ME DDS Ver - - - NTFSx Run by nikola at on Sat Internet Explorer Microsoft Windows Vista Home Basic GMT - AV Avira AntiVir PersonalEdition On-access scanning enabled Updated Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe Random Sounds Virus;among other things -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k Random Sounds Virus;among other things LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files Avira AntiVir PersonalEdition Classic sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C Windows system svchost exe -k bthsvcs C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files Search Settings SearchSettings exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Windows RtHDVCpl exe C Windows WindowsMobile wmdSync exe C Users nikola Program Files DNA btdna exe C Users nikola AppData Local Temp a exe C Windows system svchost exe -k WindowsMobile C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Users nikola AppData Local Temp tmpd exe C Program Files iPod bin iPodService exe C Windows system taskeng exe C Windows system ctfmon exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Windows system F fYgG exe C Program Files Windows Live Messenger usnsvc exe C Program Files Mozilla Firefox firefox exe C Users nikola AppData Local Temp Low E tmp C Windows system wbem wmiprvse exe C Windows system DllHost exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Program Files Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users nikola AppData Local Temp tmpa exe C Windows system DllHost exe C Windows system DllHost exe C Users nikola Desktop dds pif Pseudo HJT Report uStart Page hxxp www ask com o mStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd Presario amp pf desktop mDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd Presario amp pf desktop uURLSearchHooks SearchSettings Class e e- - f - dab-fcdd b e d - c program files search settings kb SearchSettings dll uURLSearchHooks N A b b - - d -b d- ebb ba f a - c program files asksbar srchastt bin A SRCHAS DLL mURLSearchHooks N A b b - - d -b d- ebb ba f a - c program files asksbar srchastt bin A SRCHAS DLL BHO D -C F - EFB- B - ECA - No File BHO NoExplorer - No File BHO Ask Search Assistant BHO b b - - d... Read more

A:Random Sounds Virus;among other things

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears you didn't attach the gmer log to your last reply.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here for running gmer:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Please attach the log as instructed.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/random-sounds-virus-among-other-things-338574.html
Relevancy 42.57%

Dear Forum Hidden Virus? down? Slowing things OK I just read the advice in here about the Hidden Virus? Slowing things down? procedure I should follow and I see I have not folloed it SORRY OK Here is some more info This is a Sony laptop with XP home service pack The original problem started with the CPU going all the time Services or processes showed an HP Imaging quick start running I researched it and saw that it could be a virus but it apeared to be OK I uninstalled the HP imaging software because it was not needed The computer seemed fine A day later when turning it on showed the wireless activity icon lit up most the time and that is where I am now I am hoping someone here can help before I decide to do a full re-install of the OS The rest of this post is from before I read all the procedures requested ------------------------------------------------------------------------------------- My laptop is constantly busy with internet communications of some sort The icon for wireless in the sys tray is lit up most the time TCPView shows that there is constant activity with services exe on to or more lines coming and going in vrious states of activity and they first appear try to establish themselves then many send something and then they close I have run combofix exe malewarebytes AVG AVAST and have some log files to present here I do not know what to do next -------------------------------------------------------------------------------------

A:Hidden Virus? Slowing things down?

Hi All.... Well.... I know everyone is busy, and it is New Years Eve.... but I have to get something done with this computer and I can't wait a long time to do it. So rather than figure out why a program or process is using services.exe and exercising my internet connection with 20-70 [who knows] connections at the same time, I will re-install XP to be able to get productive. I ran Process Explorer and it looks like svhost.exe is a sub event under services. When I have the wireless disabled, there is no "services.exe." It looks like this:

alg.exe:2468 TCP 127.0.0.1:1115 0.0.0.0:0 LISTENING
AppleMobileDeviceService.exe:180 TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
lsass.exe:776 UDP 0.0.0.0:500 *:*
lsass.exe:776 UDP 0.0.0.0:4500 *:*
spoolsv.exe:1720 UDP 0.0.0.0:1028 *:*
svchost.exe:1032 UDP 127.0.0.1:123 *:*
svchost.exe:1032 UDP 127.0.0.1:1117 *:*
svchost.exe:1032 UDP 0.0.0.0:1116 *:*
svchost.exe:1032 UDP 127.0.0.1:35226 *:*
svchost.exe:1496 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
svchost.exe:1496 UDP 127.0.0.1:1900 *:*
svchost.exe:992 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
System:4 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
System:4 UDP 0.0.0.0:445 *:*
VCSW.exe:688 TCP 0.0.0.0:51493 0.0.0.0:0 LISTENING
VCSW.exe:688 UDP 0.0.0.0:51493 *:*

And, immediately after connecting the internet, this is what TCPView looks like. I wonder what the SYN_SENT means?

[System Process]:0 TCP 127.0.0.1:34377 127.0.0.1:2869 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34383 65.254.254.50:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34408 75.180.132.244:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34396 206.222.171.20:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34426 193.252.22.142:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34424 146.201.3.232:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34445 208.44.232.46:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34476 167.230.105.46:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34412 67.28.113.136:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34419 212.114.171.19:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34466 162.112.41.112:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34487 199.64.220.25:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34493 115.118.161.115:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34477 130.154.3.161:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34557 67.231.144.29:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34547 200.76.98.76:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34575 75.180.133.40:25 TIME_WAIT
alg.exe:2468 TCP 127.0.0.1:1115 0.0.0.0:0 LISTENING
AppleMobileDeviceService.exe:180 TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
lsass.exe:776 UDP 0.0.0.0:500 *:*
lsass.exe:776 UDP 0.0.0.0:4500 *:*
services.exe:764 TCP 192.168.0.12:34388 68.250.79.131:25 CLOSING
services.exe:764 TCP 192.168.0.12:34380 194.61.230.128:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34413 209.85.222.8:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34410 74.55.2.34:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34390 216.75.196.129:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34440 78.159.112.62:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34465 206.239.166.13:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34474 203.83.193.135:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34473 87.236.241.204:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34453 207.191.226.16:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34454 207.191.226.16:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34464 208.84.64.201:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34478 96.56.145.170:25 FIN_WAIT1
services.exe:764 TCP 192.168.0.12:34488 85.33.2.53:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34489 85.33.2.53:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34490 65.91.51.163:25 CLOSING
services.exe:764 TCP 192.168.0.12:34492 80.90.80.91:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:3449... Read more

http://www.bleepingcomputer.com/forums/t/283167/hidden-virus-slowing-things-down/
Relevancy 42.57%

My computer is actnig very strange.Programs are just dissapearing and some will not work.Certain programs are giving me this error message when i click them..."The drive or network connection that the shortcut "Limewire 4.9.17.Ink"(just an example) refers to is unavailable. Make sure the disk is properly inserted or the network resource is available." The message just started popping up and pops up for almost every program i try to run...also my EZ Antivirus software also magically dissapeared off the computer as well as a whole folder of downloaded music...seems like it could be a virus so if someone could help that would be great..
 

Relevancy 42.57%

Hello I m having issues with my computer My antivirus claims that my svchost exe is infected but after doing numerous scans and such no problems have been found Also regardless of what browser I use when I try to go to legitimate quot tech help quot websites such as bleepingcomputer com through Google I get redirected with spam and pop ups Also my start bar will randomly change from the standard XP design to with Having things) virus. svchost.exe (among issues other the older Windows settings Hopefully my DDS log can tell you more than I can thanks in advance for any help DDS Ver - - - NTFSx NETWORK Internet Explorer BrowserJavaVersion Run by Administrator at on - - Microsoft Windows XP Professional GMT Having issues with svchost.exe virus. (among other things) - AV avast Antivirus Having issues with svchost.exe virus. (among other things) Enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe svchost exe svchost exe C WINDOWS Explorer EXE C Program Files LogMeIn Hamachi hamachi- exe C Program Files Internet Explorer iexplore exe C WINDOWS System svchost exe -k netsvcs Pseudo HJT Report uStart Page www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Page hxxp www google com hws sb dell-usuk en side html channel us uSearch Bar hxxp www google com hws sb dell-usuk en side html channel us mDefault Page URL hxxp www dell com mDefault Search URL hxxp www google com ie mSearch Page hxxp www google com mStart Page hxxp www dell com mSearch Bar hxxp www google com ie uInternet Connection Wizard ShellNext hxxp www dell com mSearchAssistant hxxp www google com hws sb dell-usuk en side html channel us BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Skype Browser Helper ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c program files dell bae BAE dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun NVIDIA nTune c program files nvidia corporation ntune nTuneCmd exe resetprofile uRun Security Protection c documents and settings all users application data defender exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NVRaidService c windows system nvraidservice exe mRun Alcmtr ALCMTR EXE mRun PDVDDXSrv quot c program files cyberlink powerdvd dx PDVDDXSrv exe quot mRun Tarantula c program files razer tarantula razerhid exe mRun razer c program files razer copperhead razerhid exe mRun XboxStat quot c program files microsoft xbox accessories XboxStat exe quot silentrun mRun LELA quot c program files linksys linksys easylink advisor Linksys EasyLink Advisor exe quot minimized mRun nmctxth quot c program files common files pure networks shared platform nmctxth exe quot mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exe mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes anti-malware mbam exe quot runcleanupscript mRun CtaMon Rundll CtaMon dll RunMonitor mRun avast quot c program files alwil software avast avastUI exe quot nogui mRun LogMeIn Hamachi Ui quot c program files logmein hamachi hamachi- -ui exe quot --auto-start mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot dRun DWQueuedReporting quot c progra common micros dw dwtr... Read more

A:Having issues with svchost.exe virus. (among other things)

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

http://www.bleepingcomputer.com/forums/t/405506/having-issues-with-svchostexe-virus-among-other-things/
Relevancy 42.57%

Hi I am in a desperate need of help!!!

I have gotten the "random sounds virus" on my Windows Vista computer. It plays random things every now and then which I know is not good. I also have this thing with a X on my start-up bar that told me I had a virus, like an idiot I did one of their checks, which led to the random sounds. And now I get pop ups every few minutes telling me to check for virus's and the x will NOT go away. It says "Security System" has detected a virus even thought I know that its a virus its self. ALSO, my computer has slowed down so much that I can't even type everything without seeing it right away IT IS VERY BAD.

PLEASE HELP, MY DAD WILL KILL ME!!!!!

A:Random Sounds Virus; among other things

Hello crnaruka313

Oh dear. Well, I`ll send you to the best place for help with that

Please read ?Virus/Trojan/Spyware Help ? and follow the instructions very carefully; then, post all the requested logs and information in the Virus Help Forum
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

.

http://www.techsupportforum.com/forums/f217/random-sounds-virus-among-other-things-338418.html
Relevancy 42.57%

Hello A couple weeks ago I turned on Weird since virus happening things bad my computer and one of those fake virus scanner viruses started and it disabled all my exe's couldn't open task manager etc I managed to end the viruses's process one time found it's folder and deleted it so I could actually use the computer After I deleted Weird things happening since bad virus it Avira and Malware Bytes never found anything after running multiple scans Spybot keeps finding things but only cookies from different sites Strange things have been happening since I thought I got rid of the virus Here's some ones I constantly notice My power management will have a plan selected that I never made in the first place I delete the plan then later on it will switch to this random plan again not a plan that was there when I first got this laptop I use dial-up half the time yes it still exists and since getting the virus it will randomly disconnect and when I try to reconnect it will say no modem is installed Another computer using the same line never has any problems Both my dial-up and g connection have been going slower and my frame rates in games have been choppy Every now and then clicking on a link will pop up various windows that lead to advertisement sites or porn sites I do not have a windows install disc or boot CD anymore Note My gmer scan kept having a program freeze or a blue screen error so I had to run it having only Selections and the C drive selected Here's my DDS txt DDS Ver - - - NTFSx Run by Dan at on Fri Internet Explorer Microsoft Windows Vista Home Premium GMT - AV AntiVir Desktop Disabled Outdated F C - CE- C F- C- B A B SP COMODO Defense Disabled Updated DC D F D-B -AAAA- - EB C SP AntiVir Desktop Disabled Outdated B E DCD- F - E - D C- CF DCF A FW COMODO Firewall Disabled F F C-DD D-A C- D -C C EE Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Program Files COMODO COMODO Internet Security cmdagent exe C Windows system svchost exe -k NetworkService C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system atieclxx exe C Windows system svchost exe -k LocalService C Windows system WLANExt exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Avira AntiVir Desktop avguard exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe D Program Files IObit Game Booster gbtray exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files COMODO COMODO Internet Security cfp exe C Program Files QSpeed Accel slipcore exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Windows system taskeng exe C Windows system mshta exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system SearchIndexer exe C Windows system mshta exe C Windows System alg exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Real RealPlayer Update realsched exe C Windows system wbem wmiprvse exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Users Dan Desktop dds scr Pseudo HJT Report uWindow Title QIS net uDefault Search URL hxxp www google com uSearch Bar hxxp www google com uStart Page hxxp www google com webhp hl en uDefault Page URL hxxp my qis net mStart Page hxxp my qis net mDefault Page URL hxxp my qis net mDefault Search URL hxxp www google com mWindow Title QIS net mSearch Bar hxxp www google com BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c progra... Read more

A:Weird things happening since bad virus

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
When finished, it will produce a report for you.
.
Please include the following in your next post:ComboFix log

http://www.techsupportforum.com/forums/f100/weird-things-happening-since-bad-virus-555782.html
Relevancy 42.57%

look i don t know what this virus is but its blocked my Task Manager cleared most of the functions from my Start Menu on start menu it took out like my help menu please took my on virus start all almost need this out things control panel and please need help this virus took out almost all my things on start menu my computer and my documents that please need help this virus took out almost all my things on start menu stuff my all programs too and in my desktop background this big background says anti-spyware system criticial i want to take that away every time i turn on my computer it please need help this virus took out almost all my things on start menu always shows up It disabled my properties too i m really worried because it says it can take my personal information I was going to try the combofix guide but it was to risky so i didn t try it Logfile of Trend Micro HijackThis v Scan saved at VIRUS ALERT on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Nexon Mabinogi npkcmsvc exe C WINDOWS system PnkBstrA exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS AGRSMMSG exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C WINDOWS system RunDLL exe C Program Files DAEMON Tools daemon exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Java jre bin jusched exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Yahoo Search Protection SearchProtection exe C WINDOWS system ctfmon exe C Program Files AIM aim exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Broderbund Mavis Beacon Teaches Typing Deluxe minimavis exe C Program Files Reality Fusion Reality Fusion GameCam SE Program RFTray exe C Program Files iPod bin iPodService exe C Program Files AIM aolsoftware exe C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http softwarereferral com jump php wmid amp mid MjI Ojg amp lid R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar ... Read more

A:please need help this virus took out almost all my things on start menu

https://forums.techguy.org/threads/please-need-help-this-virus-took-out-almost-all-my-things-on-start-menu.759250/
Relevancy 42.57%

For a couple of days now Possible Weird happening. things virus? weird things are happening to my computer For example the font on my browser changes or the white start on the start menu dissapears Possible virus? Weird things happening. with only the green bar and the windows logo on it Windows Live Messenger is also showing contacts names all over the place and on top of each other tried opening windows live messenger and it says quot c program files windows live messenger msnmgr exe is not a valis Win application clicked ok then clicked Possible virus? Weird things happening. on the icon again Possible virus? Weird things happening. and this time it worked when viewing pages some words are also dissapearing and the name of the application such as word at the top of the document is no longer there sometimes songs in itunes wont play but closing and opening itunes fixes the problem for a while i restarted my computer and everything was fixed for a while but a day later the same thing happened again also when i try to save my word document it says quot the save failed due to out of memory or disk space quot but i have over GB of space on the hard drive i also have kaspersky internet security installed with the latest updates and i have run a full computer scan and it hasnt detected anything i am using windows xp home edition nbsp

A:Possible virus? Weird things happening.

I'm kindof a newbie so this might not help a lot, but have you tried clearing out your browser's cache? (when online, go to Tools / Internet Options / Browsing history - do a "delete all" including all offline content)? Or maybe also try cleaning out Temp files? Also, have you heard of services like PlumChoice who get rid of viruses and spyware and such? Not sure any of this helps, but it never hurts to just dive in when learning new subjects...
--Emma
 

https://forums.techguy.org/threads/possible-virus-weird-things-happening.705924/
Relevancy 42.57%

Hello virtual heroes I have contracted the google redirect virus I downloaded spybot and malwarebytes anti-malware software run scans on both and quot fixed quot any errors but they didn t get rid of the virus I then tried a system restore back to June and it seemed like it was working but when I went to restart my computer I received an error message stating the restore could not be completed I am things Virus, among Pesky other Redirect also experiencing other weird things- today when I was downloading the Hijack this I started getting error messages about Microsoft Outlook not being able to open at this time I received or of these messages and it interrupted all other processes on my computer I went into the task manager and ended the outlook exe processes and it went away I never tried opening Outlook though Yesterday Pesky Redirect Virus, among other things I went into my C tools and clicked on quot fix errors quot Pesky Redirect Virus, among other things It seemed like it was going through the process took about an hour and then asked me to restart When I clicked on restart the computer stalled and the screen went blank blue I waited for another hour to see if it would shut itself off but it didn t I had to manually shut down the computer Also the computer occasionally makes a quot ding quot sound out of nowhere even when no programs are running Also anytime I try to upload a document my computer freezes up and I have to do a manual shutdown Is my computer doomed Any suggestions you can offer would be most appreciated Thanks for your time Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe c Program Files Microsoft Security Client Antimalware MsMpEng exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG mdm exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files SigmaTel C-Major Audio WDM stsystra exe C WINDOWS system WLTRAY exe C Program Files Common Files Real Update OB realsched exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files Java Java Update jusched exe C Program Files Microsoft Security Client msseces exe C WINDOWS system ctfmon exe C WINDOWS system igfxsrvc exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system SearchIndexer exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files HP Digital Imaging bin hpqgpc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C WINDOWS system SearchProtocolHost exe C Program Files Internet Explorer iexplore exe C Documents and Settings cthomure Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext ftp email protected O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Documents and ... Read more

A:Pesky Redirect Virus, among other things

Hi there- I posted this message a few weeks ago and still no replies. Is there anyone out there who can help? Thanks!
 

https://forums.techguy.org/threads/pesky-redirect-virus-among-other-things.1017688/
Relevancy 42.57%

Today I got a virus It crashed my browser firefox and it deleted all of my shortcuts then I got a notification saying Norton blocked the attempt to compromise my computer or something I happened Solved: I things got Virus but a only few a tried opening up Norton but the shortcut stopped working I tried making a new shortcut but that wouldn t work either I tried opening a Norton uninstaller program from their site but that wouldn t open either because it said I needed to do something with a set associations panel for the file type The file type is exe I don t really know what I should do right now but I hope that you can help Also system restore doesn t work I set it to a month before but I still can t open my shortcuts and Solved: I got a Virus but only a few things happened apparently Microsoft Office doesn t exist anymore and I m concerned for my computer and if I need to take it to some repair center in best buy cause I don t have the CDs for reinstalling Vista nbsp

A:Solved: I got a Virus but only a few things happened

Try this fix: EXEFIX​
Unzip the fix and extract the .REG file to the Desktop. Right-click the .REG file and choose Merge. Note that you need to be an Administrator to apply this fix.

Reboot the computer.

If the fix only opens as a text file, right-click it and select Open With > Choose Program... Then, select the Registry Editor.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit.
 

https://forums.techguy.org/threads/solved-i-got-a-virus-but-only-a-few-things-happened.913413/
Relevancy 42.57%

I went through my computer deleting a bunch of files Virus Security other (among Tool things) over gb worth in c I come back about minute s later and theres about popups and Security tabs running Obviously they were fake so I knew it was a Virus I deleted the Processes then ran MalwareBytes x and SpyBot x I was recommended to also try avast but at the time I was throwing up every minutes I logged back on the other day and my taskbar is gone windows shell file they disabled my rpc server kinda I can access the internet by going through windows explorer Can t do a avast scan because the rpc server Can t do a bootscan on it either it basically Security Tool Virus (among other things) will shut all programs but MSN that are trying to logon Virus It will still cause popups but very rarely It blocks my RPCWon t let me run malwarebytes or avast only spybot I ve ended spybots processes and tried It also disabled System RestoreCannot drag anything or copy filesalso Lags my computer horribly right after the windows xp black window at startup to until it starts up There are explorer exe s running and something called IEXPLORER exe I ve ended all and restarted explorer exe with newtask but didn t fix anything Ran a registry cleanup also I cannot go into manage and systems to change RPC but it is set to automatically start Can t even post a HIJack log of this because of it sorry any advice would help Thanks

A:Security Tool Virus (among other things)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/346630/security-tool-virus-among-other-things/
Relevancy 42.14%

Hi I am running xp pro I know something s not right just cant sort HijackThis things correct Log working not and virus it my self and any help would be grateful When I click the link to open e mail on msn it doesn t open my e mail page and when I run more than one scan in tune up utilities the seconded scan wont run and my cpu usage goes up to Have not been able to update ad-adware se personal so I tried to uninstall it and it said something like cant find file or access denied so I download HijackThis Log virus and things not working correct a new version from download HijackThis Log virus and things not working correct com and when I was installing it my anti virus popped up and said something can not remember now but I think said virus I guess that there is some type of parasite or virus I use AntiVir PE Classic for virus protection I would be grateful if I could post a HijackThis log for someone to look at or any other HijackThis Log virus and things not working correct suggestions I would be grateful of too Followed the instructions before posting mcafee online found gamespy related files I think they are not that important but I will uninstall game spy and rescan later Symantec didn t find anything but kicked off my virus scanner and it said virus at C docume shared locals v bkr a and said bds virkel a backdoor server programs Ahh when I turn computer on it quite often it does a scan disk for errors Hope i done this correct as it has taken me hours lol Thanks for your time DOJ Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Sygate SPF smc exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files AntiVir PersonalEdition Classic sched exe C Program Files AntiVir PersonalEdition Classic avguard exe C WINDOWS system CTsvcCDA exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS system MsPMSPSv exe C WINDOWS System alg exe C WINDOWS system WgaTray exe C WINDOWS Explorer EXE C Program Files ASUS Probe AsusProb exe C PROGRA Maxtor OneTouch Utils OneTouch exe C WINDOWS MXOALDR EXE C WINDOWS System spool DRIVERS W X E S I S EXE C Documents and Settings shared Desktop shazar downloads Aero windows Glass k exe C WINDOWS SOUNDMAN EXE C PROGRA BILLPS WINPAT winpatrol exe C Program Files AntiVir PersonalEdition Classic avgnt exe C WINDOWS system rundll exe C program files topthemesxp txp exe C Program Files Common Files Real Update OB realsched exe C Program Files Thomson SpeedTouch USB Dragdiag exe C PROGRA Dantz RETROS RetroExpress exe C Program Files CyberLink DVD Solution PowerDVD PDVDServ exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files CyberLink DVD Solution Power Go Power GoExpress exe C Program Files Spyware Doctor swdoctor exe C Program Files Skype Phone Skype exe C Program Files Messenger msmsgs exe C Program Files Yahoo Messenger ymsgr tray exe C WINDOWS system wuauclt exe C PROGRA Dantz RETROS retrospect exe C PROGRA Dantz RETROS retrorun exe C Documents and Settings shared Desktop New Folder HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Start Page http www google co uk R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR TOOLS iesdsg dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Comm... Read more

A:HijackThis Log virus and things not working correct

Hello and welcome to TSF

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-MalwareInstall Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it?s checked.
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:Panda Activescan Log
Ewido Log
A new Hijackthis! Log

http://www.techsupportforum.com/forums/f100/hijackthis-log-virus-and-things-not-working-correct-109846.html
Relevancy 42.14%

Ever since this morning I got onto my computer and started playing music and I downloaded one thing that was totally LEGIT which was eclipse from hxxttp://eclipse.org/ and I guess my computer got infectedafter I downloaded it... I saw processes named iexplorer.exe or iexplore.exe running as the user ANONYMOUS LOGON which I guess those virus creators used as a backdoor, and I can't open anything, I had chrome open before it happened so I'm attempting to not close ANYTHING. I can't really open anything, and I don't have an antivirus. I should get one soon. Thanks,       FNCPro

A:Some sort of virus that prevents me from opening things.

someone i noticed this said LOGS so move it to respective category plz thx!

http://www.bleepingcomputer.com/forums/t/503792/some-sort-of-virus-that-prevents-me-from-opening-things/
Relevancy 42.14%

I have a virus or viruses on my laptop more downloader Trojan virus-maybe things-HJT here logfile HP Pavillion running Windows Vista Have downloaded Hijack this My logfile appears below Trojan Trojan downloader virus-maybe more things-HJT logfile here dowloader win virus is what this is I m finding Symptoms include Self opening internet explorer browser pages from the desktop to random sites Popups I have a trial version of Kaspesky running started after the virus was already in place which is detecting a downloader Mislead app virus but it can t get rid of it or at least not all of it Also I m not sure if this is the only virus or trojan or if it is just one of many thanks in advance P S I have seen other similar posts but want to be sure I am specifically doing what I need to do because I am not good at extrapolating direction from somebody else s post -Clockworkhammer Logfile of HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Motorola SMSERIAL sm hlpr exe C Program Files Synaptics SynTP SynTPEnh exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Common Files Symantec Shared ccApp exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP HP Software Update hpwuSchd exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files Adobe Acrobat Acrobat acrotray exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Windows System rundll exe C Program Files Logitech SetPoint SetPoint exe C Program Files Microsoft Office Office ONENOTEM EXE C Program Files Hewlett-Packard Shared HpqToaster exe C Program Files Vongo Tray exe C Windows ehome ehmsas exe C Windows System rundll exe C Program Files Microsoft Office Office EXCEL EXE C PROGRA MOZILL FIREFOX EXE C Users Rimhel Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - c Program Files Common Files Symantec Shared coShared Browser UIBHO dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run SMSERIAL C Program Files Motorola SMSERIAL sm hlpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe O - HKLM Run ccApp quot c Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run QlbCtrl ProgramFiles Hewlett-Packard HP Quick Laun... Read more

Relevancy 42.14%

My Dell Inspiron running bit Vista got a virus that prevents it from starting when it starts the OS the initial with starting, from success. PC things tried no prevents Virus many green bar appears but then the system restarts When automatic restart upon system failure is disabled it says fatal system error First off the quot repair your computer quot option from the BIOS screen literally does nothing it was like that as long as I can remember go figure so I have no way of using that Also I have no OS disks except a vista repair disk which cannot reinstall the OS The vista recovery disk did not work I tried using auto-repair which didn't work then I tried system restore which dosen't work it runs for a very long time and then says it failed due to a file not being found I also tried every option using bootrec in CMD prompt didn't work Then Virus prevents PC from starting, tried many things with no success. I tried bootable antivirus programs using Kaspersky and one other they both found viruses but the problem was not resolved Are there any other tools out there that may be able to solve my problem Or do I have to go and buy a disk from Dell Also if that is the case is there any risk the problem Virus prevents PC from starting, tried many things with no success. may not even be solved after wiping the OS Thanks in advance

A:Virus prevents PC from starting, tried many things with no success.

Hi see here Tech Support Forum - Announcements in Forum : Microsoft Support
for a list of links to order recovery discs

http://www.techsupportforum.com/forums/f217/virus-prevents-pc-from-starting-tried-many-things-with-no-success-595524.html
Relevancy 42.14%

So I have come to the conclusion I likely have some kind of zero access rootkit problem I Some run on before this.. other of virus have things Access PC, Zero coming form to don't see much Some form of Zero Access virus on PC, have run other things before coming to this.. immediate effect on my web browsing experience as it seems some others do but it's there doing who knows what Below I have tried to give a good picture of where I'm at I know your instructions rules say not to Some form of Zero Access virus on PC, have run other things before coming to this.. run anything til told to do so but what happened is I searched around for information about the problem and have already tried various scans yes I know it was at somewhat of a risk A different site somewhere had told me to run DSS by sUBs and then when it mentioned forum posting I looked into it and found this site I have files from that when I ran it I've also run Malwarebytes anti-malware with some success it still cannot remove a remaining files of the ones it found The others were minor registry entires for a bogus web plugin that appears to have been resolved I remember of the remaining files specifically referred to rootkit and the files were all in the same folder a mysterious hidden one with files all very similar in it I had deleted these and restarted and sure enough they came back I've run TDSSKiller from Kapersky and have oops tried to cure it as well ask skipping it other times It does not succeed in curing it and lists the file as Virus Win ZAccess a in C Windows system services exe I have logs from running this Before I get into more details my system is a Win Pro SP and it is a copy thru my educational institution I do have access I think to my USB drive boot up I used to install However I would need to do something to be able to re-use the same activation code I built this PC myself so there is no simple model brand to describe it I also am decently sure where this virus came from I downloaded and ran an exe that I knew was a risky choice but I was desperate to try to finish an assignment and figured if I did get some kind of virus it wouldn't be as difficult to get rid of My Mcafee software will not run gets the Wsock dll error that I've seen other places around the web I ran a Kapersky virus scan that I no longer have the results from I ran the ESET online scan as well Do understand that many of these things were run over the course of the day and trying not to have multiple anti malware virus etc programs around at once as it seems this is inadvisable they are now uninstalled and I don't have all the results saved I do have a txt saved where I copied and pasted the so called quot suspicious files quot from one of these scans These are from the mysterious hidden folder I referred to earlier C Windows Installer b dcd -cd c- bc - - c d fa U Win Conedex C trojan C Windows Installer b dcd -cd c- bc - - c d fa U Win Agent BA trojan C Windows Installer b dcd -cd c- bc - - c d fa U cb Win Conedex B trojan C Windows Installer b dcd -cd c- bc - - c d fa U Win Sirefef AP trojan C Windows Installer b dcd -cd c- bc - - c d fa U a variant of Win Sirefef FD trojan Operating memory multiple threats I will post any log I have or re-run any test you ask From reading the forum rules it seems you don't want to see much information til it is asked for however I've unfortunately already run a bunch of stuff Any assistance much appreciated and I will provide as many details as I can that you may think useful I am reasonably versed in this stuff but I don't know what to do from here

A:Some form of Zero Access virus on PC, have run other things before coming to this..

Hello and welcome to TSF.

Thanks for explaining clearly what you've done before coming to the forum, although we prefer nothing is done as some tools may knock out parts of the infection and making it difficult for our tools to work.


Quote:




figured if I did get some kind of virus it wouldn't be as difficult to get rid of.




From what you've posted so far, it's pretty clear the system is infected with what's commonly known as ZeroAccess Rootkit, which can sometimes be very difficult to remove.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

Please have your important data backed up before proceeding.

For this infection, formatting and reinstalling may be the only way to to ensure that the system is 100% clean.

If you would like to continue with the cleaning, please continue with the following instructions.

================================


Quote:




I've run TDSSKiller from Kapersky




Please post the logs from this tool. The logs should be saved at the root drive which is typically C:\
For example, C:\TDSSKiller.2.5.3.0_date_time_log.txt . I'd like to see the log before and after "cure" option.

================================

I'd also like to see the present state of the system before we begin cleaning.


here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:Contents of the DDS.txt posted as text in your reply
Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

http://www.techsupportforum.com/forums/f100/some-form-of-zero-access-virus-on-pc-have-run-other-things-before-coming-to-this-666543.html
Relevancy 42.14%

Hi Recently my PC is being killed by a virus It closes the following programs when I try to open them MalwareBytes antimalware Trend-Micro Hijack This MalwareBytes closing HijackThis, things... and keep Virus other Killbox Also it keeps sending an URL direction to a exe file to all my msn contacts The process of the virus is quot Ztytrh Virus keep closing HijackThis, MalwareBytes and other things... exe quot when I kill it using windows process manager keeps reapearing and when I try to change priority it says I am not allowed Also appeared quot r h exe quot but I was able to sucefully kill this process Also I went to quot C Windows Prefech quot and sucefully deleted a file related with r h exe but when I try to delete a file related to quot Ztytrh exe quot it keeps re-appearing I tried to run RegEdit double clicking the icon in C Windows but it says I m not allowed to modify the registry This PC only have one account and that s mine Please help me get rid of this virus also start gt Run dissapeared Edit R h exe came back nbsp

A:Virus keep closing HijackThis, MalwareBytes and other things...

Bump, please help.
 

https://forums.techguy.org/threads/virus-keep-closing-hijackthis-malwarebytes-and-other-things.868963/
Relevancy 42.14%

Hi all I've had days of trying to save Many Tried Attached Hjt Virus I Definite Things. Spyware Help Please And my PC Definite Spyware And Virus Please Help I Tried Many Things. Hjt Attached from what i think may have been Gomyhit I've thrown everything at it including kitchen sink I don'tknow how to rid my pc of this virus or this spyware From the off My control panel disappeared both Adaware and Definite Spyware And Virus Please Help I Tried Many Things. Hjt Attached Antispyware were disabled including Comodo Firewall I get Bad Image masseage on start up tmp Office keeps try to install when i acces internet and tries to access net through several different source files Every time it won't cancel outright but is persistant on thrying to install When i leave it tells me cab files are missing I have removed some virus and some other risks but cannot completely stablise my PC some things i've removed or repaired i think jkhfd exe spoolvs printer exe findfast exe agrsmmg exe shell exe these amonst many other things Any help greatly appreciated My HJT file below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Comodo Firewall cmdagent exeC Program Files Common Files EPSON EBAPI SAgent exeC WINDOWS system WgaTray exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS Explorer EXEC WINDOWS System nvsvc exeC WINDOWS SOUNDMAN EXEC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files Comodo Firewall cfp exeC WINDOWS system rundll exeC WINDOWS system taskmgr exeC PROGRA MOZILL FIREFOX EXEC Program Files internet explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Comodo Firewall cfpupdat exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www ebay co uk R - HKLM Software Microsoft Internet Explorer Main Search Page http www ebay co ukR - HKLM Software Microsoft Internet Explorer Main Start Page http www ebay co ukR - URLSearchHook SweetIM For Internet Explorer - BC FFE -DE F- fa-B -AAD B F - C Program Files Macrogaming SweetIMBarForIE toolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar SweetIM For Internet Explorer - BC FFE -DE F- fa-B -AAD B F - C Program Files Macrogaming SweetIMBarForIE toolbar dllO - HKLM Run TPSODDCtl TPSODDCtl exeO - HKLM Run TPSMain TPSMain exeO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run StTHK StTHK exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run TFncKy TFncKy exeO - HKLM Run nwiz nwiz exe installquiet keeploaded nodetectO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run SweetIM C Program Files Macrogaming SweetIM SweetIM exeO - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run Winupdate Engine C WINDOWS system wupeng exeO - HKLM Run COMODO Firewall Pro quot C Program Files Comodo Firewall cfp exe quot -sO - HKCU Run TOSCDSPD C Program Files TOSHIBA TOSCDSPD toscdspd exeO - HKCU Run MSMSGS C Program Files Messenger msmsgs exe backgroundO - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exeO - HKCU Run kdx C WINDOWS kdx KHost exe -allO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run SweetIM C Program Files Macrogaming SweetIM SweetIM exeO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Extra button no name -... Read more

A:Definite Spyware And Virus Please Help I Tried Many Things. Hjt Attached

Hello Sil3ntdr3am Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. ===== I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience. Stelios

http://www.bleepingcomputer.com/forums/t/125956/definite-spyware-and-virus-please-help-i-tried-many-things-hjt-attached/
Relevancy 42.14%

Yesterday, I found W32.Parite.A on my computer. So after 7 hours of curing over and over again (since it gets infected over and over again -_-), I formatted.

Here I am with the same problem, with a slight twist:

I don't have the MSBlast worm, but I did. I removed it, and still I can't do $hit (copy, paste, drag, remove programs.. nothing!)

and now, im confused even more if possible because I found a 35.5 KB svchost.exe in my WINNT folder. I go into the system32, and I find a 7.something KB svchost.exe.... which one happens to be the correct one doesn't matter to me because I still cant fix the Parite.A virus!

AHH!! For the love of God!

Got any ideas?.......
 

A:W32.Parite.A virus driving me nuts.. (plus other things)

So now, I can't run any programs. (Yes, ANY at all..)
 

https://forums.techguy.org/threads/w32-parite-a-virus-driving-me-nuts-plus-other-things.154823/
Relevancy 42.14%

A friend of mine's teenage son had - virus things preventer amongst Netflix other Unknown installed what appears to be a trojan that prevents Netflix from running saying it is blocked Originally it prevented all antivirus related sites from coming up When went to firefox home page it would indicate it had the latest version at the same time say it was out of date with a generic looking screen with no pictures or graphics just text Tried a system restore from before the trojan was downloaded no change in behavior I can boot in safe mode with networking support and appears to act normal Tried msconfig and turning off all the start up items in normal boot no change Ran Eset virus scan it found a few items and removed them but then nothing When I booted clamwin in safe mode it found things related to real downloader and Nvidia but after cleaning everything same problem Ran Ccleaner in safe mode gained the abillity of normal screen for firefox nothing else Tried Malwarebytes clean - nothing found I'm getting ready to call it a loss for my friend and just format the computer an reinstall but I thought i would see if anyone could come up with what this is as I have never seen anything like it before Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by installation administrator on PALS - - Running from C Users installation Downloads Loaded Profiles installation Available Profiles Larry amp Carrie Unknown virus - Netflix preventer amongst other things amp installation amp Test for Antivirus amp User amp Mama's Mix profile amp Joel amp Administrator amp Guest Platform Windows Ultimate Service Pack X Language English United States Internet Explorer Version Default browser FF Boot Mode Safe Mode with Networking Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Microsoft Corporation C Windows System dllhost exe Mozilla Corporation C Program Files x Mozilla Firefox firefox exe Farbar C Users installation Downloads FRST exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run XboxStat gt C Program Files Microsoft Xbox Accessories XboxStat exe - - Microsoft Corporation HKLM Run NvBackend gt C Program Files x NVIDIA Corporation Update Core NvBackend exe - - NVIDIA Corporation HKLM Run ShadowPlay gt C Windows system rundll exe C Windows system nvspcap dll ShadowPlayOnSystemStart HKLM-x Run HP Software Update gt C Program Files x Hp HP Software Update HPWuSchd exe - - Hewlett-Packard HKLM-x Run gt X HKLM-x Run ProductUpdater gt C Program Files x Common Files Freemake Shared ProductUpdater ProductUpdater exe - - HKLM-x Run SunJavaUpdateSched gt C Program Files x Common Files Java Java Update jusched exe - - Oracle Corporation HKLM-x Run Syncios device service gt C Program Files x Syncios SynciosDeviceService exe - - HKLM-x Run iTunesHelper gt C Program Files x iTunes iTunesHelper exe - - Apple Inc HKLM-x Run APSDaemon gt C Program Files x Common Files Apple Apple Application Support APSDaemon exe - - Apple Inc HKLM Group Policy restriction on software LocalAppData exe lt ATTENTION HKLM Group Policy restriction on software LocalAppData Temp zip exe lt ATTENTION HKLM Group Policy restriction on software LocalAppData Temp z exe lt ATTENTION HKLM Group Policy restriction on software Path AppData exe lt ATTENTION HKLM Group Policy restriction on software LocalAppData exe lt ATTENTION HKLM Group Policy restriction on software LocalAppData Temp wz exe lt ATTENTION HKLM Group Policy restriction on software LocalAppData Temp Rar exe lt ATTENTION HKLM Group Policy restriction on software AppData exe lt ATTENTION HKLM Group Policy restriction on software HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion SystemRoot lt ATTENTION HKLM Group Polic... Read more

A:Unknown virus - Netflix preventer amongst other things

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset

HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: Path: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-11-08] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 cpuz136; \??\C:\Users\INSTAL~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tpacketv; system32\DRIVERS\tpacketv.sys [X]
S3 TpacketvMP; system32\DRIVERS\tpacketv.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U2 V2iMount; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Administrator\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
C:\Users\Administrator\AppData\Local\Temp\hmpalert_update.exe
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\$browser$.update.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel1.exe
C:\Users\Carrie\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Guest\AppData\Local\Temp\i4jdel0.exe
C:\Users\installati... Read more

http://www.bleepingcomputer.com/forums/t/600824/unknown-virus-netflix-preventer-amongst-other-things/
Relevancy 42.14%

I have cleaned up the majority of things but there is still a P rn dialer on here and it is a persistant thing As near as i can tell it is some form of WebSiteViewer I have tried the manual removal instructions but they dont work for me I have run various anti-spyware tools ie Adaware SE w vx addon Spybot latest defs also used cwshredder Also used Xclean and MS Antispyware beta each of these programs found various things which I have then removed also have deleted the temp files prefetch cookies and such that I by hijacked various bho's dialers, porn etc. virus's, PC things, could find I had some strange services listed that were like quot cqywirhgkshdfgut quot etc I had about of those which I have removed each one was a different file located in C windows system VARIOUSDIR Filename I still get some popups and this dialer is still on here somewhere if someone can browse my HiJack this log and or provide me with some addition instructions or removal tips THanks MIke PS Something also keeps modifying my hosts file even though its marked read only here is a copy of my hijack this log Logfile of HijackThis PC hijacked by various things, porn dialers, virus's, bho's etc. v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Windows Explorer EXE C PROGRA BILLPS WINPAT winpatrol exe C Program Files Analog Devices SoundMAX Smtray exe C Program Files Network Associates VirusScan PC hijacked by various things, porn dialers, virus's, bho's etc. SHSTAT PC hijacked by various things, porn dialers, virus's, bho's etc. EXE C Program Files Network Associates Common Framework UpdaterUI exe C Windows System igfxtray exe C Windows System spool drivers w x hpztsb exe C Windows System hkcmd exe C Program Files COMPAQ Easy Access Button Support StartEAK exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Intuit QuickBooks Pro Components QBAgent qbdagent exe C Windows System mrtMngr EXE C Program Files Compaq Easy Access Button Support CPQEADM EXE C Compaq EAKDRV EAUSBKBD EXE C PROGRA Compaq EASYAC BttnServ exe C agencysupport HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar about blank R - HKCU Software Microsoft Internet Explorer SearchURL Default about blank R - Default URLSearchHook is missing O - HKLM Run WinPatrol C PROGRA BILLPS WINPAT winpatrol exe O - HKLM Run Smapp C Program Files Analog Devices SoundMAX Smtray exe O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UpdaterUI exe quot StartedFromRunKey O - HKLM Run IgfxTray C Windows System igfxtray exe O - HKLM Run HPDJ Taskbar Utility C Windows System spool drivers w x hpztsb exe O - HKLM Run HotKeysCmds C Windows System hkcmd exe O - HKLM Run CSISetup S PCSetup disk setup exe -fdailysetup ins O - HKLM Run CPQEASYACC C Program Files COMPAQ Easy Access Button Support StartEAK exe O - HKLM RunServices CPQDFWAG C Windows Cpqdiag CpqDfwAg exe O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - Global Startup QuickBooks Delivery Agent lnk C Program Files Intuit QuickBooks Pro Components QBAgent qbdagent exe O - Trusted Zone com this is my local intranet O - HKLM System CCS Services Tcpip AE -E - A -AAC - C CE D Domain com O - HKLM System CCS Services Tcpip AE -E - A -AAC - C CE D NameServer O - Service Compaq Local Alerter - Compaq Computer Corporation - C Program Files Compaq Compaq Management Agents cpqalert exe O - Service Compaq Remote Diagnostics Enabling Agent - Compaq Computer Corporation - C Windows Cpqdiag Cpqdfwag exe O - Service cpqdmi - Compaq Computer Corporation - C PROGRA Compaq COMPAQ cpqdmi exe O - Service Compaq DMI Web Agent - Compaq Computer Corporation - C PROGRA Compaq COMPAQ CPQWEB WebDmi exe O - Service McAfee Framework Service - Network Associates Inc - C Program Files Network Associates Common Framew... Read more

A:PC hijacked by various things, porn dialers, virus's, bho's etc.

Hello, and welcome to TSF!

Let's see if this doesn't help, a little.


We'll need to unload Spybot's Teatimer before we begin. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - Default URLSearchHook is missing

O17 - HKLM\System\CCS\Services\Tcpip\..\{690AE506-E142-4A46-AAC0-47C45963CE9D}: NameServer = *.*.*.*
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Post back a new log, and let me know how everything goes.

http://www.techsupportforum.com/forums/f100/pc-hijacked-by-various-things-porn-dialers-viruss-bhos-etc-50032.html
Relevancy 42.14%

Hey guys I hope you can help me I ve tried running various mallware and spyware software use a firewall have system redirect some things... svchost and google virus, other updates and protection and clean up my registries etc but nothing seems to work I don t svchost virus, google redirect and some other things... know if the following are interrelated but here goes It svchost virus, google redirect and some other things... looks like I m infected by svchost exe virus I keep getting a quot Memory could not be read at xxxxxx quot type message with the svchost name attached to the top Every time I try to do a Google search I m redirected and then mousetrapped into a commercial site Going to quot My computer quot always gives me pop up boxes like quot Search engines will have to close all instances of internet explorer before continuing Click continue to proceed quot I m also getting a lot of quot Search Setting v error messages and various Windows installations messages Following are the GMER and DDS txt logs GMER - http www gmer net Rootkit quick scan - - Windows Service Pack Harddisk DR - gt Device Ide IdePort WDC WD JD- MUA rev E Running gmer exe Driver C DOCUME Owner LOCALS Temp pxldapod sys ---- Disk sectors - GMER ---- Disk Device Harddisk DR sectors rootkit-like behavior ---- System - GMER ---- Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software ZwCreateProcessEx x BAE Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software ZwCreateSection x D Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software ZwLoadDriver x B C Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software NtCreateSection Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software ObInsertObject Code SystemRoot System Drivers aswSP SYS avast self protection module AVAST Software ObMakeTemporaryObject ---- Devices - GMER ---- Device Driver atapi - gt DriverStartIo Device Ide IdePort B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdePort B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdePort B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdeDeviceP T L -c B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdePort B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdeDeviceP T L - b B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdeDeviceP T L - B FEAEA Device Driver atapi - gt DriverStartIo Device Ide IdeDeviceP T L - B FEAEA Device FileSystem Ntfs Ntfs aswSP SYS avast self protection module AVAST Software AttachedDevice FileSystem Ntfs Ntfs AVGIDSFilter sys IDS Application Activity Monitor Filter Driver AVG Technologies CZ s r o AttachedDevice FileSystem Ntfs Ntfs aswMon SYS avast File System Filter Driver for Windows XP AVAST Software AttachedDevice Driver Tcpip Device Ip aswTdi SYS avast TDI Filter Driver AVAST Software AttachedDevice Driver Tcpip Device Ip avgtdix sys AVG Network connection watcher AVG Technologies CZ s r o AttachedDevice Driver Tcpip Device Tcp aswTdi SYS avast TDI Filter Driver AVAST Software AttachedDevice Driver Tcpip Device Tcp avgtdix sys AVG Network connection watcher AVG Technologies CZ s r o AttachedDevice Driver Tcpip Device Tcp aswRdr SYS avast TDI RDR Driver AVAST Software AttachedDevice Driver Tcpip Device Udp aswTdi SYS avast TDI Filter Driver AVAST Software AttachedDevice Driver Tcpip Device Udp avgtdix sys AVG Network connection watcher AVG Technologies CZ s r o AttachedDevice Driver Tcpip Device Udp aswRdr SYS avast TDI RDR Driver AVAST Software AttachedDevice Driver Tcpip Device RawIp avgtdix sys AVG Network connection watcher AVG Technologies CZ s r o AttachedDevice Driver Tcpip Device RawIp aswRdr SYS avast TDI RDR Driver AVAST Software AttachedDevice Driver Tcpip Device RawIp aswTdi SYS avast TDI Filter Driver AVAST Software Device Device Ide IdeDeviceP T L - - gt IDE DiskWDC WD JD- MUA E amp ea e amp amp f -b bf- d -... Read more

A:svchost virus, google redirect and some other things...

Hi Steve,Looks like you have the infamous tdl4 rootkit. Let's fix it. Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

http://www.bleepingcomputer.com/forums/t/363379/svchost-virus-google-redirect-and-some-other-things/
Relevancy 42.14%

I got some virus/trogen that took over my desktop saying "Warning, spyware threat detected on your PC." It wants me to click on some link which I won't but I tried to run combo fix and doesn't do anything. So I went to msconfig stop all the startup programs and still the same thing. Started the PC in safe mode and tried both combofix and mbam and nothing. I even tried sdfix and got the same results.

Any sugguestions???
 

Relevancy 42.14%

I'm hoping I can get help with a problem that start off a few days ago with my computer shutting off after it was idle for about 20 mins. I guess. It never did that before I when I check the power settings, under hybernation, it said NEVER. I tried to start it in selective mode and things really went wacky. The computer hung up really badly and when I went back to normal, my graphics changed and lots of drivers missing. I checked the device driver and nothing was even showing up. My aol wont even load. It's just possessed. I do have Avira software and scanned yesterday and nothing showed up. Thank you!

A:[SOLVED] Possible Virus - Wacky Things are Happening

Oh, also, it went let me system restore to a previous point!

http://www.techsupportforum.com/forums/f10/solved-possible-virus-wacky-things-are-happening-602460.html
Relevancy 42.14%

Hi there,

I got a virus yesterday which I thought had been removed by AVG (I deleted the files from the vault at any rate). I was checking my local settings/temp folder (where AVG found the files) today and there are loads of lilo files and others, so I just wanted to make sure that these are not part of the virus. Can anyone help? It says not to post logs, but I can send a HijackThis log which I've just made. I don't see an option in AVG for a log file. Many thanks for your help.

Michael.

A:Not sure if virus has been removed

Hallo mikeindidginus Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/391388/not-sure-if-virus-has-been-removed/
Relevancy 42.14%

This is my Aunt s laptop and is often used by my younger brother I do not know where the virus came from I used this page as reference to remove the problem and wanted to see if there were any traces left behind http www bleepingcomputer com virus-removal remove-win- -antispyware- One thing to point out was that the laptop got a blue screen error when I ran a fullscan on Malwarebytes Anti-Malware I ran another fullscan on safemode and had no problems no infected files or blue screen DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Ann at on - - Microsoft Windows Vista Home Premium GMT - SP Windows Defender Enabled Updated removed virus Just D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted Just removed virus C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system taskeng exe C Windows system Dwm Just removed virus exe C Windows Explorer EXE C Windows System igfxtray exe C Windows Just removed virus system igfxsrvc exe C Windows system agrsmsvc exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows RtHDVCpl exe C TOSHIBA IVP ISM pinger exe C Program Files Synaptics SynTP SynTPStart exe C Windows V Mon exe C Program Files PC Tools Security pctsAuxs exe C Program Files Common Files Java Java Update jusched exe C Program Files PC Tools Security pctsSvc exe C Program Files real realplayer Update realsched exe C Program Files Toshiba TOSCDSPD TOSCDSPD exe C Program Files Pando Networks Media Booster PMB exe C Program Files PC Tools Security pctsGui exe C Windows system svchost exe -k imgsvc C Program Files Toshiba TOSHIBA DVD PLAYER TNaviSrv exe C Windows system TODDSrv exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtSrv exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Windows system taskeng exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Synaptics SynTP SynTPEnh exe C Program Files Synaptics SynTP SynToshiba exe C Program Files Mozilla Firefox plugin-container exe C Windows system SearchProtocolHost exe C Windows System ping exe C Users Ann Desktop Defogger exe C Windows system SearchFilterHost exe C Windows system taskeng exe C Windows system DllHost exe C Windows system DllHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google com ig uSearch Bar Preserve mDefault Page URL hxxp www toshibadirect com dpdstart mSearchAssistant BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c programdata real realplayer browserrecordplugin ie rpbrowserrecordplugin dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll uRun TOSCDSPD c program files toshiba toscdspd TOSCDSPD exe uRun Pando Media Booster c program files pando networks media booster PMB exe uRun Facebook Update quot c users ann appdata local facebook update FacebookUpdate exe quot c nocrashserver uRun Google Update quot c users ann appdata local google update GoogleUpdate exe quot c mRun I... Read more

A:Just removed virus

Sorry, was having problems attaching files from the laptop, brought the text files over via flashdrive to my computer. Hope it doesn't affect anything.

http://www.bleepingcomputer.com/forums/t/432698/just-removed-virus/
Relevancy 42.14%

Hi,

I have been having a few virus problems with my computer for a few days. At the moment I can only use my computer in safe mode as there is an antivus scan virus but it doesnt have 2010 on it. I have had a few browswer redirect problems I have run Malware and it hasnt removed these problems, I have used a few other programs and its removed a few files but I am still having problems and I cant use my computer normal, I have no idea what virus I have, if you can please help me that would be much appreciated.
Thanks

A:I have a few virus that cant be removed

Sorry I didnt attach the files, I will attach the gmer file later when its finished running. Thanks
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by at 2:50:06.84 on Thu 23/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2038.1490 [GMT 11:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sharon\Desktop\paint shop pro tubes\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.telstra.com/
uWindow Title = Telstra BigPond Home Internet Explorer
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin2.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uWinlogon: Shell=explorer.exe,c:\documents and settings\sharon\application data\microsoft\windows\shell.exe
uWindows: Load=c:\docume~1\sharon\locals~1\temp\dwm.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.11.9.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: AIM T... Read more

http://www.bleepingcomputer.com/forums/t/368682/i-have-a-few-virus-that-cant-be-removed/
Relevancy 42.14%

Hello We own a small internet shop and we ve been experiencing a problem for the past few days You see a virus has entered our computers and is wreaking havoc in it The virus shows cannot be removed Virus porn sites and disables the services quot Windows Audio quot and quot Server quot When we scanned the computers with Malwarebytes Anti Malware MBAM it shows that there are about virus files but when Virus cannot be removed we remove it and reboot the computer will no longer open because it s blank no explorer exe Even if explorer exe is started using new task from the Task Manager it makes no difference This happened Virus cannot be removed to of our units one got salvaged through a system restore What should we do Here s a HiJackThis log from one of our computers Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files Faronics Deep Freeze Install C- DF Serv exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C PROGRA CAFEMA CafeClient exe C WINDOWS system ctfmon exe C Program Files Faronics Deep Freeze Install C- Df FrzState k exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Documents and Settings user Desktop HijackThis exe C WINDOWS System svchost exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - HKLM Run avast C PROGRA ALWILS Avast avastUI exe nogui O - HKLM Run CafeClient C PROGRA CAFEMA CafeClient exe normal O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Software Policies Microsoft Internet Explorer Restrictions present O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - HKLM Software Policies Microsoft Internet Explorer Restrictions present O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra button Skype add-on for Internet Explorer - EA C -E FF- B- -AEC B E - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Extra Tools menuitem Skype add-on for Internet Explorer - EA C -E FF- B- -AEC B E - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - HKLM System CCS Services Tcpip F D - E E- EE- BC - DE C CD NameServer O - Protocol grooveLocalGWS - FED C-F CA- -A - CB B CD - C PROGRA MICROS Office GR D DLL O - Protocol skype-ie-addon-data - -D - E -B - B B A - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Winlogon Notify DfLogon - LogonDll dll file missing O - SharedTaskScheduler Browseui preloader - C -A BA- D -B B- A C E - C WINDOWS system browseui dll O - SharedTaskScheduler Component Categories cache daemon - C EF- B - d -BE - C - C WINDOWS system browseui dll O - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast AvastSvc exe O - Service avast Mail Scanner - ALWIL Software - C Program Files ... Read more

A:Virus cannot be removed

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410839 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/410839/virus-cannot-be-removed/
Relevancy 42.14%

I had a nasty little virus that blocked the internet, malwarebytes and everything else. I removed the virus using rkill then malwarebytes. When my comp reboots I get a rundll error and when I try to click in techsupportfoums internet explorer gets redirected. I attached a scan from combofix so hopefully someone can help me finish getting my computer back to normal.
Almost forgot, malwarebytes scan comes back clean.

A:Removed Virus, Need some help

ComboFix 10-08-11.04 - Family 08/11/2010 20:27:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1580 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ii.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Family\Local Settings\Application Data\{1E55DF10-37C9-401D-A14E-1B894F1D9DD7}
c:\documents and settings\Family\Local Settings\Application Data\{1E55DF10-37C9-401D-A14E-1B894F1D9DD7}\chrome.manifest
c:\documents and settings\Family\Local Settings\Application Data\{1E55DF10-37C9-401D-A14E-1B894F1D9DD7}\chrome\content\_cfg.js
c:\documents and settings\Family\Local Settings\Application Data\{1E55DF10-37C9-401D-A14E-1B894F1D9DD7}\chrome\content\overlay.xul
c:\documents and settings\Family\Local Settings\Application Data\{1E55DF10-37C9-401D-A14E-1B894F1D9DD7}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\hdstsp.dll
c:\windows\settings.reg

Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-12 00:23 . 2008-04-13 18:36 37248 -c--a-w- c:\windows\system32\dllcache\isapnp.sys
2010-08-12 00:23 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-08-11 23:38 . 2010-08-11 23:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\cmycoegoj
2010-08-11 23:38 . 2010-08-11 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-10 14:10 . 2010-08-10 14:10 57344 ----a-w- c:\windows\system32\advpacki.dll
2010-08-10 14:05 . 2010-08-11 23:38 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\ujuhvkoxe
2010-08-10 14:05 . 2010-08-11 23:38 -------- d-----w- c:\documents and settings\Family\Application Data\ujuhvkoxe
2010-08-10 14:05 . 2010-08-12 00:38 782848 ----a-w- c:\windows\system32\drivers\ehympxjr.sys
2010-08-10 14:04 . 2010-08-11 23:38 -------- d-----w- c:\documents and settings\Family\Application Data\7DE5CB1C27936FEA956E01D679B0B885
2010-08-06 16:42 . 2010-08-06 16:43 -------- d-----w- C:\TSO
2010-07-13 22:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 00:38 . 2008-08-25 01:08 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-12 00:19 . 2009-02-27 13:27 -------- d-----w- c:\documents and settings\Family\Application Data\uTorrent
2010-08-12 00:17 . 2008-08-28 15:19 -------- d-----w- c:\documents and settings\Family\Application Data\HPAppData
2010-08-11 22:24 . 2009-03-17 22:15 117760 -c--a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-11 21:27 . 2010-08-10 16:30 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-10 17:29 . 2008-10-15 20:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-06 16:42 . 2008-08-11 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 01:10 . 2009-10-04 19:35 -------- d-----w- c:\program files\DVD Complete
2010-07-17 02:01 . 2008-08-11 13:37 54608 -c--a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 14:17 . 2008-10-15 22:49 -------- d-----w- c:\program files\MSECACHE
2010-06-14 14:31 . 2008-08-11 13:05 744448 ----a-w- c:... Read more

http://www.techsupportforum.com/forums/f50/removed-virus-need-some-help-505507.html
Relevancy 42.14%

After many cleans and reboots, the redirect (Happili) seems to love hanging out on my system and showing me wonderful sales sites as I search in Yahoo. I posted my log last night. After running more cleaners this morning to no avail, I am leaning to reinstalling WIN7 and programs. At what point do you give up on trying to remove a redirect virus? Is there a best way to start over?
Thanks for your thoughts.

A:What To Do if Virus Can't be Removed?

Since you are being helped here this topic will be closed.

http://www.bleepingcomputer.com/forums/topic470811.html/page__pid__2861400#entry2861400

nasdaq

http://www.bleepingcomputer.com/forums/t/470841/what-to-do-if-virus-cant-be-removed/
Relevancy 42.14%

I have a Gateway computer DX X with XP Pro MCE I have McAfee antivirus I ve found many items in the services msc not started even though they were removed? virus my Is set to start automatically Attached is the HJT file ran today I think there is still a virus in it Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Is my virus removed? WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Digital Media Reader readericon G exeC WINDOWS zHotkey exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files ScanSoft OmniPageSE OpwareSE exeC Program Files Java Is my virus removed? jre bin jusched exeC Program Files QuickTime qttask exeC Program Files McAfee com Agent mcagent exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system ctfmon exeC Program Files Microsoft Office Office OSA EXEC Program Files Common Files Mcafee McSvcHost McSvHost exeC Program Files Common Files McAfee SystemCore mfevtps exeC Program Files McAfee Online Backup MOBKbackup exeC Program Files Netscape Internet Service ncupdatesvc exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exeC Program Files Common Files McAfee SystemCore mcshield exeC Program Files Common Files McAfee SystemCore mfefire exeC Program Files Canon CAL CALMAIN exeC WINDOWS system cmd exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c progra mcafee msk mskapbho dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files Common Files McAfee SystemCore ScriptSn dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c progra mcafee sitead mcieplg dllO - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dllO - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dllO - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dllO - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dllO - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c progra mcafee sitead mcieplg dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run igfxpers C WINDOWS system igfxpers exeO - HKLM Run Gateway Extended Warranty quot C Program Files Gateway GWCares GWCares exe quot O - HKLM Run readericon C Program Files Digital Media Reader readericon G exeO - HKLM Run CHotkey zHotkey exeO - HKLM Run ShowWnd ShowWnd exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run Reminder WINDIR Creator Remind XP exeO - HKLM Run Recguard WINDIR SMINST RECGUARD EXEO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run SigmatelSysTrayApp sttray exeO - HKLM Run IntelAudioStudio quot C Program Files Intel Audio Studio IntelAudioStudio exe quot BOOTO - HKLM Run OpwareSE qu... Read more

A:Is my virus removed?

It wasn't fixed. I ran combofix in safe mode and removed the virus just now. Thanks regardless!

http://www.bleepingcomputer.com/forums/t/320230/is-my-virus-removed/
Relevancy 42.14%

can someone halp me remove the following virus from my system; Worm/autorun.FG it is on file
c:autorun inf. i am using windows vista and i have avg on my system, not the free one.

 

https://forums.techguy.org/threads/virus-to-be-removed.973564/
Relevancy 42.14%

I removed a nasty little bugger off my computer. The openme.exe was loading up porn pop ups and web dialers until I finally found the file and deleted it. Now I have the problem when I start winxp pro (my OS) it says cannot find openme.exe yada yada. I have deleted everything out of my registry ( i think) and have removed the actuall file also. I also ran msconfig and looked in the start up but didn't find it. Unless it's listed as something I am not aware of. But I read that it may be starting with shell=internet explorer.exe openme.exe. It said to find this in the system.ini and delete it. I may not understand the system.ini well but I cannot find these things in XP's file. So again my problem is at startup I get the cannot find error for openme.exe.
 

Relevancy 42.14%

My virus protection keeps finding something what they call greyware, and says they cant remove. It is called A0020514.EXE A search in Google shows in French and Turkish (nothing in English) something about this Virus. Can you tell me how to get this virus from my computer?Thanks,BertEdit: Moved topic to the more appropriate forum. ~ Animal

A:Virus What Can't Be Removed?

All the google results point to C:\System Volume Information\_restore... Is this where the infection is on your system? If so, it's safe to ignore as long as you don't use System Restore. If you use System Restore you'll install the file back onto your system.

To get rid of it, you'll have to turn off System Restore (I recommend rebooting) and then turn it back on - that will delete all the System Restore points in the C:\System Volume Information folder.

If it's not in the C:\System Volume Information folder, then please let us know where it's located.

http://www.bleepingcomputer.com/forums/t/139805/virus-what-cant-be-removed/
Relevancy 42.14%

DDS Ver - - - NTFSx Run by Danni at on HAVE REMOVED I VIRUS? THE Internet Explorer Microsoft Windows XP Home Edition GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx HAVE I REMOVED THE VIRUS? exesvchost exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exesvchost exeC Program Files Common Files HAVE I REMOVED THE VIRUS? Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC HAVE I REMOVED THE VIRUS? Program Files Bonjour mDNSResponder exeC WINDOWS system cisvc exeC Program Files Intel Intel Matrix Storage Manager IAANTMon exeC Program Files Java jre bin jqs exeC Program Files Acer Acer VCM RS Service exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exe -k imgsvcC Program Files AVG AVG avgemc exeC Program Files AVG AVG avgnsx exeC Program Files Intel Intel Matrix Storage Manager iaanotif exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system igfxsrvc exeC Program Files AVG AVG avgcsrvx exeC PROGRA LAUNCH LManager exeC Program Files Google Google Desktop Search GoogleDesktop exeC PROGRA AVG AVG avgtray exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Acer Acer VCM AcerVCM exeC WINDOWS system igfxext exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Trend Micro HijackThis HijackThis exeC Documents and Settings Danni Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Danni Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Danni Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Danni My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp homepage acer com rdr aspx b ACAW amp l amp s amp o xph amp d amp m aspire oneuDefault Page URL hxxp homepage acer com rdr aspx b ACAW amp l amp s amp o xph amp d amp m aspire oneuInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO C C A-E - b - D - CECB - No FileBHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO Windows Live Toolbar Helper e a dc - - a - ea-dc ec acf - c program files windows live toolbar wltcore dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dllTB amp Windows Live Toolbar fa ef- d- d - b f- a d - c program files windows live toolbar wltcore dllTB AVG Security Toolbar ... Read more

A:HAVE I REMOVED THE VIRUS?

ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2010/01/26 17:41Program Version: Version 1.3.5.0Windows Version: Windows Vista SP2==================================================Drivers-------------------Name: dump_dumpata.sysImage Path: C:\Windows\System32\Drivers\dump_dumpata.sysAddress: 0x90C6F000 Size: 45056 File Visible: No Signed: -Status: -Name: dump_msahci.sysImage Path: C:\Windows\System32\Drivers\dump_msahci.sysAddress: 0x90C7A000 Size: 40960 File Visible: No Signed: -Status: -Name: rootrepeal.sysImage Path: C:\Windows\system32\drivers\rootrepeal.sysAddress: 0xAEBD7000 Size: 49152 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: C:\ProgramData\FavoritesStatus: Locked to the Windows API!Path: C:\System Volume Information\{07307d8b-093f-11df-92d1-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{07307da2-093f-11df-92d1-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{07307da6-093f-11df-92d1-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{07307dac-093f-11df-92d1-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc58496-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc584a9-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc584ad-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc584b1-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc584b7-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{beaa1cde-0a35-11df-9ccd-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{0e71f01c-07ae-11df-b97a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{215773f7-09b2-11df-b8da-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2157746e-09b2-11df-b8da-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2157747d-09b2-11df-b8da-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{21577499-09b2-11df-b8da-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{215774a6-09b2-11df-b8da-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bbc58492-0803-11df-815a-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{beaa1ce2-0a35-11df-9ccd-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{beaa1ce7-0a35-11df-9ccd-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{beaa1d49-0a35-11df-9ccd-001d72ec9786}{3808876b-c176-4e48-b7ae-04046e6cc752... Read more

http://www.bleepingcomputer.com/forums/t/290587/have-i-removed-the-virus/
Relevancy 42.14%

Hello,

I've tried about 20 times using Malware Bytes to remove the HDD Low infection from my laptop. Malware bytes finds the infection, quarantines the virus, and deletes it. However, every time I reboot my laptop, it pops back up.

Any other ideas to help me remove this? It's very annoying.

Regards

A:HDD Low Virus does not get removed

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

http://www.bleepingcomputer.com/forums/t/369965/hdd-low-virus-does-not-get-removed/
Relevancy 42.14%

I have a virus in my computer. My virus remover program could not remove all the files. How do I delete a dll file. When I search I cannot find them to remove them.My computer runs extremely slow now.

A:virus can't be removed

Lets see what we can find.1: Download & run Unhidehttp://www.bleepingcomputer.com/for...http://download.bleepingcomputer.co...To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.2: Reboot 3: Run RogueKillerhttp://www.softpedia.com/get/Securi...http://www.softpedia.com/progScreen...http://majorgeeks.com/RogueKiller_d...http://www.geekstogo.com/forum/file...http://tigzy.geekstogo.com/roguekil...http://www.sur-la-toile.com/RogueKi...Official tutorial http://tigzyrk.blogspot.fr/2012/11/...Download & SAVE to your Desktop. Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start" For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished" click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and Copy & Paste the content of the Notepad into your next reply. The log should be found in RKreport[1].txt on your Desktop Exit/Close RogueKiller.

http://www.computing.net/answers/windows-vista/virus-cant-be-removed/13416.html
Relevancy 42.14%

i just removed a virus from my laptop and i cant log onto the internet,my internet connection is fine because i can use it with my pc....plus the laptop is not mine and ive never connected it to my modem if that helps...please help me!

http://www.bleepingcomputer.com/forums/t/113832/cant-log-onto-netjust-removed-a-virus/
Relevancy 42.14%

Work computer that someone got a virus on. Have run Norton, AGV, registry fix....all give us a blue screen of death. Seems to give us the blue screen when it starts scanning the cookies. Any suggestions?
 

A:Virus that can't be removed

And you can also try the 4 online scanners listed in the sticky "security help tools"
 

https://forums.techguy.org/threads/virus-that-cant-be-removed.696917/
Relevancy 42.14%

I started working with Microsoft support about the end of August Computer was running slow They had me download SuperAntiSpyWare and run it then made recommendations which i did removed I virus need a Then i did a HiJackThis download and sent them the logs for both Nothing is changing except for my being able to use my computer without problems It has changed my Desktop by taking away anything to do with IE It won t let me play an app on Myspace Green Spot without freezing up or shutting it down completely I have done a system restore today I need a virus removed because it went to a blank black screen I installed Firefox as an alternative browser errors occur with it also I have done ComboFix and that didn t help either I keep getting quot low virtual memory quot errors constantly Earlier today I opened IE and instead of bringing up my MSN homepage it brought up Newsweek It won t allow me to get into Internet Options or go to links I am running Windows XP and have Road Runner Internet I can hear my processor running a lot in the background I would format but I don t have an XP disc Is there hope It has taken away my bar that has file edit view favorites tools also Thanks for helping me Debbie I have a HiJackThis log I can send maybe

A:I need a virus removed

Welcome to BCPlease hold off on the HJT log for the time beingTry this scanWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

http://www.bleepingcomputer.com/forums/t/262675/i-need-a-virus-removed/
Relevancy 42.14%

hello removed virus never be will guys i have this virus on my computer when opening any application or exe file getting some files called srvsrvsrvsrv something like file also mgrmgrmgrmgr too and Its opening at the Task Manager too and slowing the pc very muchthis is the virus will never be removed ddsDDS Ver - - - NTFS x Internet Explorer BrowserJavaVersion Run by Deadly at on - - Microsoft Windows Ultimate GMT AV avast Antivirus Enabled Updated AD D -BA - C - - A AD B SP Windows Defender Enabled Outdated D DDC A- F- fae- E -DA C ACF SP avast Antivirus Enabled Updated ACCC CA - C - C - B -AFE D E Running Processes C Windows system wininit exeC Program Files Internet Explorer IEXPLORE EXEC Windows system lsm exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google virus will never be removed Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome virus will never be removed exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Windows system atiesrxx exeC Windows system atieclxx exeC Program Files AVAST Software Avast AvastSvc exeC Windows System spoolsv exeC Program Files Skype Toolbars AutoUpdate SkypeC CAutoUpdateSvc exeC Program Files Skype Toolbars PNRSvc SkypeC CPNRSvc exeC Program Files TeamViewer Version TeamViewer Service exeC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Windows system wbem wmiprvse exeC Windows system Dwm exeC Windows Explorer EXEC Program Files TeamViewer Version TeamViewer exeC Windows system taskhost exeC Program Files TeamViewer Version tv w exeC Program Files Realtek Audio HDA RtHDVCpl exeC Program Files AVAST Software Avast AvastUI exeC Program Files Common Files Research In Motion USB Drivers RIMBBLaunchAgent exeC Program Files Real RealPlayer Update realsched exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files Common Files Java Java Update jusched exeC Program Files Skype Phone Skype exeC Program Files CCleaner CCleaner exeC Program Files Clownfish Clownfish exeC Windows system SearchIndexer exeC Program Files Ela-Salaty Salaty exeC Program Files Wonderful wonderfl exeC Program Files Internet Download Manager IEMonitor exeC Windows system wbem unsecapp exeC Program Files Windows Media Player wmpnetwk exeC Program Files ATI Technologies ATI ACE Core-Static CCC exeC Windows Microsoft Net Framework v WPF PresentationFontCache exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Windows system ping exeC Windows system conhost exeC Program Files Google Chrome Application chrome exeC Program Files Internet Explorer iexplore exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Program Files Google Chrome Application chrome exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC... Read more

A:virus will never be removed

Hi Belal and Welcome to BleepingComputer !
I am currently looking though your logs and will advice you on what to do in my next reply.

http://www.bleepingcomputer.com/forums/t/553891/virus-will-never-be-removed/
Relevancy 42.14%

I removed a virus and now the pc keeps resetting.

I reset cmos and still nothing.
I tried safemode and still nothing.

any thoughts from anyone?

please help
Michael

A:removed a virus

How to perform a Repair Installation of Windows? XP.

Two things are needed here, just a bit of old technology, an ink pen and a piece of paper to write down any special settings that might have to be changed back after the repair-installation is completed.

Please Note: Performing a "Repair Installation" in this manner should not delete any Personal Files, it should 'repair' the core of the installation but to be safe with your data you should follow the next two paragraphs.

If you still have access to the computer thru normal operation you can use this procedure:

Emergency Backup Procedure from TSF :

http://www.techsupportforum.com/secu...procedure.html

You might have to remove the hard drive from this computer and install it in another computer as a slave drive and after it is able to be accessed by Windows on that computer you will have to manually backup all of your important data that you have to another media like CD-R's, DVD or external hard drive. Then when this is done return it to the original computer as a master drive on the primary IDE cable. and do the following:

REGISTRY WARNING :

The details that follow require an above-average understanding of the technical topics involved. If you do not understand the Registry material presented here, either find a technically knowledgeable friend or do not attempt to repair your system Registry yourself. Improper changes in the System Registry can render all data on your hard disk inaccessible. :

Here is a link to a registry backup program that is absolutely fantastic it is called ERUNT and you would use this to backup the registry after running the repair-install procedure successfully.

http://www.larshederer.homepage.t-online.de/erunt/

(Remember to always keep a backup of two things: Your registry, and your data. You will never be sorry. ]

(The Windows? XP CD WILL be required for this procedure.)
( Recovery discs are NOT recommended with this procedure.)

A good set of instructions for doing a Repair-Installation are found on the following page and print out the pages of the site for reference further instructions on Slipstreaming Windows XP Home or Pro with any of the service packs are provided also other additional links that might be needed.

Please read the whole page on this web site to familiarize yourself with the procedure and all of the Warnings

http://www.michaelstevenstech.com/XPrepairinstall.htm

The following links are provided for reference incase they are needed.

How to perform a repair installation of Windows XP if Internet Explorer 7 is installed. ]

http://support.microsoft.com/default.aspx/kb/917964

(How to Perform a Windows XP Repair Install with IE6 Installed. ]

http://www.michaelstevenstech.com/XPrepairinstall.htm

Just be attentive and follow all of the on-screen prompts.

Just let it do its thing...now when you finally are at the Windows Desktop, power down the computer and re-enter the BIOS and change the Boot Configuration Order back to its original configuration.

I hope that this cures your woes.

Post back with the results, and if there are any other queries/concerns.

Cheers


If this does not work try a clean install of windows....

http://www.techsupportforum.com/forums/f10/removed-a-virus-308433.html