Bleeping Computer: octobre 2013

jeudi 31 octobre 2013

Computer infected with unknown malware

I'm working with another computer that I believe is infected with malware of some sort, though what malware specifically I cannot identify. My reasons for this belief are that the computer cannot shut down properly (it will take about 5 minutes to get out of the logging out screen, and will remain on the shutting down screen indefinitely unless force booted), cannot access existing antivirus programs that it claims are running, states that conflicting firewalls that have not been installed are both turned off while the installed firewall is working, and dds.com fails to complete its analysis outside of safe mode (<40 minutes stalling out at 2/3rds mark). In safe mode the computer works fine, and so the dds log here is from safe mode. DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2 Run by S at 6:14:22 on 2013-10-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.3152 [GMT -7:00] . AV: EarthLink Protection Control Center *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: EarthLink Protection Control Center *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=273612093906l0328z1i5t4711w114 uProxyOverride = *.dimdimsecure.com;*.local uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll uURLSearchHooks: : {00A6FAF6-072E-44cf-8957-5838F569A31D} - mURLSearchHooks: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe uRun: [Google Update] "C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [RMAlert] "C:\Program Files (x86)\Registry Mechanic\Alert.exe" /PRODUCT=RM /R mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" mRun: [BounceBack Setup] "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\S\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOUNCE~1.LNK - C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Dimdim.lnk - C:\Program Files (x86)\Dimdim\Plugin\Application\Dimdim.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &Search - IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{9BE9164A-2FA7-45A1-AD41-5DEE849DE6F0} : NameServer = 86.51.35.24 86.51.34.24 TCP: Interfaces\{D9B80372-5867-4349-875E-38EA57F2D0CA} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\1414347457563747 : DHCPNameServer = 68.94.156.1 68.94.157.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\14D696E616D235169646 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\2456C6B696E6F5E4B2F5446333144334 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\25F6467656277237D27657563747 : DHCPNameServer = 10.82.228.80 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\84F4D454D293335423 : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - . ============= SERVICES / DRIVERS =============== . R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2013-7-22 49752] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-25 844320] S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-1-12 517632] S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592] S2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe [2010-7-30 28762] S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-9-16 583640] S2 Protection Control Center Task Manager;Protection Control Center Task Manager;C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe -Service --> C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe -Service [?] S2 SBAMSvc;Protection Control Center;C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080] S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-11-3 243200] S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-11-3 114304] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-25 138752] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480] S3 KFilter;KFilter;C:\PROGRA~2\EARTHL~1\PROTEC~1\KFilter.sys [2013-7-22 48352] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-25 5435904] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432] S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-21 216064] S3 TFilter;TFilter;C:\PROGRA~2\EARTHL~1\PROTEC~1\TFilter.sys [2013-7-22 40112] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736] . =============== File Associations =============== . FileExt: .txt: txt_auto_file="C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde [default=edit - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-10-17 15:42:06 -------- d-sh--w- C:\found.001 2013-10-17 04:37:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-17 02:34:49 -------- d-sh--w- C:\found.000 2013-10-16 21:08:25 -------- d-----w- C:\Users\S\AppData\Roaming\Malwarebytes 2013-10-16 21:08:18 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-16 21:08:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-14 21:11:19 -------- d-----w- C:\Users\S\AppData\Local\QuickenWindow 2013-10-11 10:17:53 -------- d-----w- C:\81da3572ca147f76028d 2013-10-10 17:49:34 -------- d-----w- C:\Program Files\McAfee Security Scan 2013-10-08 05:21:34 -------- d-----w- C:\Users\S\AppData\Local\Intuit 2013-10-08 05:19:02 -------- d-----w- C:\Users\S\AppData\Local\IsolatedStorage 2013-10-08 04:19:17 4200744 ----a-w- C:\Windows\SysWow64\cdintf400.dll 2013-09-28 07:35:43 -------- d-----w- C:\Program Files (x86)\AnyMeeting Plug-in . ==================== Find3M ==================== . 2013-10-09 02:18:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 02:18:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL . ============= FINISH: 6:16:57.04 ===============

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511408/computer-infected-with-unknown-malware/

psactive.exe

Avast has been constantly detecting win/sys32/psactive as part of some sort of rootkit Win32 evo-gen which is their default “I dunno” generic.The psactive.exe file in my sys32 is (on right click) a legitimate windows file and in the right place.

Coincidentally (or is it) a persistent boot call error for the non existent pschmdrf.dll that has been plaguing me forever, and apparently unsolvable as covered extensively without result in the following thread, has now miraculously disappeared::

http://www.bleepingcomputer.com/forums/t/393472/win-xpcannot-find-fictitious-dll/page-2?hl=%2Bpsactive#entry2238805

Maybe Avast has been the problem all along? It keeps requesting to delete psactive.exe, doesn’t actually delete the file when it says it did, won’t place it in the virus chest when that action is selected and it says it has, then performs a pointless boot scan that finds nothing. Now I feel like a bit of a twit for complaining about free software.

Here is a further clusterbomb of ambiguous conflicting results from metascan:

AegisLab

No threat detected

Agnitum

No threat detected

Ahnlab

Win-Trojan/Agent.8192.Z

Antiy

No threat detected

AVG

Generic7_c.AGFB

Avira

TR/Drop.Yoader.A.22

BitDefender

Trojan.Generic.7219697

ByteHero

No threat detected

ClamWin

Win.Trojan.Agent-27809

Commtouch

No threat detected

Emsisoft

Win32.SuspectCrc!E2

ESET

No threat detected

F-prot

No threat detected

F-secure

Trojan.Generic.7219697

Filseclab

TrojanDrop.Agent.cck.yxgo

Fortinet

No threat detected

Hauri

Backdoor.Win32.A.Agent.3584

Ikarus

Win32.SuspectCrc

Jiangmin

TrojanDropper.Microjoin.anl

No threat detected

Kaspersky

No threat detected

Kingsoft

No threat detected

Lavasoft

Trojan.Generic.7219697

Malwarebytes

No threat detected

McAfee

Artemis!55F52BA64E49 trojan

Microsoft

Unknown Threat

NANO

Trojan.Win32.Microjoin.frsfp

NetGate

No threat detected

Norman

winpe/Suspicious_Gen4.BKRYJ

nProtect

Trojan/W32.Agent.5120.CU

Preventon

No threat detected

QuickHeal

TrojanDropper.Microjoin.hfg

STOPzilla

No threat detected

SUPERAntiSpyware

No threat detected

Symantec

No threat detected

Systweak

trojan.agent

ThreatTrack

Trojan.Win32.Generic!BT

TotalDefense

No threat detected

TrendMicro

No threat detected

TrendMicroHouseCall

No threat detected

VirIT

No threat detected

VirusBlokAda

��virus_nameTrojanDropper.Microjoin

Zillya!

No threat detected

The computer exhibits no other suspicious activity whatsoever apart from the daily avast alert. I lean towards trusting Kapersky + Malwarebytes + Fprot. Any thoughts?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511902/psactiveexe/

Any alternatives to MacKeeper?

For mac user, is there any alternative to MacKeeper?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512083/any-alternatives-to-mackeeper/

Computer Virus

My computer is doing strange things on me.. I think that I have a virus.. What is the first thing I should do to try and elimanate it.. What files do you need.. I would also like to clean my computer.. I would very much appreciate your help.. where do we start

tks rick

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512088/computer-virus/

Corrupted Harddrive(I think)

So the other day I closed my laptop and then left it for a few hours. I came back and it was showing a Can't boot windows "0xc00000f" error, that it couldn't load up windows. It said it had to be reformated. I can't reformat it because I have tons of important files on the harddrive. So I brought the harddrive to my desktop computer and checked it out through a few programs. I found no traces of my other files, but I found traces of $Boot, $UpCase $MFT $Extend $RECYCLE.BIN and a few other things of that variety. Nothing else, though. I can't find any of my files.. they're just gone.. Is there any way to salvage any of my files from it? Or can you explain what happened?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512548/corrupted-harddrivei-think/

Windows 8 BSOD

Alright, I know people on here are pretty knowledgable about BSOD causes and I need help fiquring this out. My PC is only two months old and I have been getting BSOD most of them point to Graphics Card Drivers and system files ( I assume they are related) and only happen when I play games.

System Specs:

CPU: Intel 4700mq

GPU: Nvidia GTX 780M

RAM: 32 GB

OS: Windows 8 (have not upgraded to 8.1)

Model: MSI GT70 20D 039US

Dump Files:

https://skydrive.live.com/?cid=04cc7e0751f39897&id=4CC7E0751F39897!115

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512067/windows-8-bsod/

Installing Through USB

I recently formatted windows without having my recover disc. Big no no expecting windows to just reinstall itself...Now I'm trying to reinstall it through a bootable usb whcih I made sure to create through the Windows 7 USB/DVD download tool. Now I'm trying to install through the USB and there is no option in the UEFI to do so, and I can't install through an external drive as its not an option in the recovery environment I'm getting looped in.

Some please help?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511395/installing-through-usb/

Viruses removed and now, no boot.

Using TDSSKiller, Alureon.gen!A and boot.pihar.b were removed. Now the computer won't boot, not even in safe mode. I have downloaded on my thumb drive frst64 and ran it from command prompt after trying to boot from disk. What can I do now?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512305/viruses-removed-and-now-no-boot/

Mouse Jamming

Hi,

I notice that these day my mouse is having a issue. I thought it was a hardware but I don't think it's the hardware because it works perfectly fine most of the time. Sometimes, it scolls down a little by itself randomly. and sometimes it moves random position or gets lock for few seconds. When it gets lock, I click and move around the mouse then, I have my controll back that makes me feel that all these behaviours are from some virus maybe?

Please help.

Thanks

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511511/mouse-jamming/

Viruses removed and now, no boot.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512305/viruses-removed-and-now-no-boot/

HRUPPROG.DIE.NOW in Users folder

Whilst playing around with maps trying to get a Source game server to work earlier I accidently opened my Users folder and inside were only 2 files. HRUPPROG.DIE.NOW and a similarly named file that was .txt instead. I did a bit of digging and came across a similar issue here but I am unsure if that particular fix would work for me and that the chap was constantly warned not to proceed without assistance. I'm not too sure when this would've made it's way into my system as I on occasions run servers from this box so the machine is never off so I never had the containing folder pop up as seems to be a normal symptom. I can't delete the files without first giving the non txt file administrator access, something I am hesitant to do given the circumstances.

AVG Free 2014 and Malware Bytes failed to detect an issue although MB did remove about 35 PUP's but it's not fixed the issue. A system restore also failed to do the trick.

Following the advice given to someone with a similar issue by nasdaq I've compiled the following logs: DDS, AdwCleaner, RogueKiller and ComboFix. After having run combofix the folder AppData returned to my Users folder but HRUPPROG is still there, unable to be removed. To avoid useless posting I shall hang onto these logs until requested.

Here is a link to destraction9's similar topic in which he was aided by nasdaq: http://www.bleepingcomputer.com/forums/t/493111/hrupprogdienow-on-startup/

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512543/hrupprogdienow-in-users-folder/

Infected with Trojan:win32/sirefef.AB

Do not know how to remove.

DDS scan files attached.

Thank you!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/510348/infected-with-trojanwin32sirefefab/

Best Baby Halloween Costume Ever

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512541/best-baby-halloween-costume-ever/

Antivirus Security Pro was the start to my bad day today - HELP!

I am running Windows 7 (XP I believe) and somehow this virus ensnared me. I found an article on this site touting Rkill and how to download it free but even when I start in safe mode the virus hijacks me again. I am at its mercy, please help.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/509766/antivirus-security-pro-was-the-start-to-my-bad-day-today-help/

Mypc backup/advance system pro/regcleanpro +more

Hi,

My mom said she tried to download words with friends (not sure from where) but now there's a handful of programs on the computer now - Advanced System Pro, Reg Clean Pro (systweak), My PC Backup, Search Protect by conduit, and Wise Convert.

I did uninstall wajamupdaterV3 from the control panel. I saw that all of the programs have an uninstall except Search Protect. Can they be completely deleted using the uninstall? The computer is running XP 32bit with Norton and Malwarebytes but I haven't ran either.

Thank You

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512047/mypc-backupadvance-system-proregcleanpro-more/

Forum Game: Word Association! Take 6

Sky.

Fall

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/486650/forum-game-word-association-take-6/

How to remove or disable unwanted,

Hello, I am In need fo your help.

How do I remove or disable, (HP Photosmart Premier- view 6.5) from my PC

Willie T..

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511764/how-to-remove-or-disable-unwanted/

My computer recently started playing random ads and music suddenly

No browsers are open no nothing just comes on when I start it at random times. I have tried every thing from SuperAntiSpyware, Malwarebytes, Windows defender, TDSSKILLER. Any help would be greatly thanked.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512430/my-computer-recently-started-playing-random-ads-and-music-suddenly/

Need Help with Removing Adware Vundo Variant

Hi,

I have tried removing Adware Vundo Variant with Malwarebytes, Super Anti-Spyware, Vundo Fix, Microsoft Security Essentials, Webroot Secure Anywhere, and Spybot Search and Destroy, without any type of success. The only program that even detects the Adware Vundo Variant, is the Super Anti-Spyware and, it can not completely remove the adware.

After removing the adware with Super Anti-Spyware, I would be prompted to reboot my computer (which I do), I would run SAS again, and the adware would be detected again. I have gone through this cycle several times, only to have the adware remain in my computer.

I would appreciate some help with this.

Thanks,

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512341/need-help-with-removing-adware-vundo-variant/

Snapdo Removal

Hello,

It appears I have picked up the Snapdo infection. When using Foxfire my main screen has changed to SNAPDO search and can not be changed. I'm concerned there are possible other redirect problems also. While on foxfire, random screens pop up all over the screen. Please help me clean these problems up.

Thanks In Advanced

Joel

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512539/snapdo-removal/

External hard drive activates when using win 7 recycle bin?

OK this is NOT really a "problem" but more annoying than anything else.I was just wondering if this is supposed to work this way...and if not if there is a way to "fix" this?

When I have not been to my (32 bit) Win 7 Recycle bin in awhile, I usually click on it and HAVE TO WAIT while my Western Digital 3 TB External hard drive is activated (It also used to happen on my Western Digital 1 TB External hard drive as well)...this happens everytime and a re-format does NOT make this behavior go away...Is this supposed to happen?

Because it is VERY ANNOYING having to wait whle my external hard drive "wakes up" ...when all I am wanting to do is access the stupid recycle bin in win 7!

Anyone got a solution for this? Or is that what is supposed to happen?

I really do not know if this is caused by win 7...or by the western digital external hard drive itself....but I have been using this brand for awhile and I think it used to happen in XP also, though it was SO long ago I do not remember.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512469/external-hard-drive-activates-when-using-win-7-recycle-bin/

Tuber Saver Virus/Malware in FireFox

Hi, I have been running FireFox for sometime and recently it has been slow, so I might have found the problem and it could be a virus called TubeSaver disguised as a advertisement. Also, I have been getting a pop-up everything time I turn on and log into my windows account on my laptop. Says that something is deleting, but I do not know what. I have ran Malwarebytes twice once in normal windows mode and another time in safe mode, the normal mode as said that it found a removed them, and the second time, in safe mode, it did not catch anything. I need help to see if it got rid of it or it is just lingering in my computer. I have attached a image to show what it might look like, but ad-block plus might have prevented it from showing anything so it might have protected a little, but i want to make sure. So, this has only affected FireFox for bogging it down.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512482/tuber-saver-virusmalware-in-firefox/

Hi All

I am an IT professional with IT and Accounting background.

I am always learning and willing to pass on my limited experience to anyone.

I look forward to hopfully doing both on this site.

Tushar

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512465/hi-all/

Windows 8 for business

Hey everyone just a note,

I am the only person in my office/building running Windows 8. This is because Windows 7 is a more preferred OS for office use.

However In the future Windows 8 will be used in the office more and I'm using it so when people encounter problems I will be there to jump in to help just as I can with Windows 7, Vista and XP.

I noticed Windows 8.1 was released, but as I'm running a business version of it I cannot download it from the store it is quite a pain but I have to download 8.1 free from Microsoft and burn the image onto a disk then re-install it on my work PC and get a new key under Windows 8.1. This seems like such a hassle instead of just installing it. (you have to make sure you have upgrade rights)

So encase any of you using business Windows 8 and are not sure why you cannot upgrade to 8.1 then here it is. Also if you have any advice then please don't hesitate to do so.

Darktune

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512464/windows-8-for-business/

Cant Access The Internet

Hi.

Right now im unable to access the internet. My signal is excellant.im typing on my tablet via wifi. My service provider was out and all connections are fine.

The problem is there is no activity taking place between my modem and my desktop. I had no issues earlier today and was able to use my desktop. The problem occurred after i installed Firefox to install a security application. When i discovered the problem i uninstalled Firefox and the security app.

The technician who came out said it may be my network card.

Could it be something else? Would getting a new prossesor solve the problem?

I have Windows XP.

Hopefully someone can help.

Thanks

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512414/cant-access-the-internet/

Greetings :)

Hello BleepingComputer community!

Just wanted to say hello

Came here to research some of the things needed to end my GeekU class, and I think I'll stay here for a while.

I'll also try to help sharing my knowledge if I'll know how to solve some issues.

Cheers,

Naat

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512461/greetings/

$300 CryptoLocker Refund!!!

So my client got the CryptoLocker Virus and decided to cough up the $300.

Went to walgreens, loaded up the $300 MoneyPak

Created a Visa Card on the GreenDot.com card

Logged into the affected terminal server account.

Entered in the MoneyPak code - it went into the "Waiting for payment activation" screen

I entered the MoneyPak Code into the GreenDot visa account.

I waited about 3 hours for this thing to decrypt... nothing. went ot bed.

Woke up about 6 hours later, logged into the affected account.

BAM!!!!!! - It started decrypting!!!!

I logged into the GreenDot account, there was still $300 on there, CLOSED ACCOUNT!!!

I contacted GreenDot support, and i asked whats going to happen to my account, and if there was any transactions made to withdrawal the money.

They stated no transactions, that ill receive a check by 11/07/2013

Im just HOPING i fell through their cracks.

I will 100% post my check from GreenDot by 11/07 or by 11/08!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512282/300-cryptolocker-refund/

Fans won't shut off

Hopefully I can get some help with this. Problem is, when I shut down the pc my fans continue to run infinitely. Everything from the chassis, cpu, gpu, psu, optic drive. I've checked to make sure windows is set to shut down, I've looked in the bios settings. I've cleared the CMOS. I've updated the bios. I've tried a different PSU. I thought it might be the board, however this is the second board. First board was RMA'd due to a faulty ram slot and had the same issue.

The fans are all PWMs, 3 are connected to a chassis header via spliter. Cpu's are connected to the cpu header via spliter. However, one of my cpu fans will occasionally shut down, which seems strange.

Im wondering if it might be an OS issue. I might try reinstalling windows. Otherwise Im lost. I wouldn't think it'd be the board, not two in a row. At least I sure hope not.

Any Ideas are greatly welcomed.

Thanks

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512212/fans-wont-shut-off/

tsassist.exe

A week ago I had issue with a software to open files from bitberry and ended up with babylon and Delta toolbars, etc. I have removed manually a lot of junk put on my computer causing pop up ads on every page along with constantly being asked to allow adobe flash players on most pages and if I didn't pages crashed. Now I am having issue with tsassist.exe doing pop ups I never had before in the lower right hand of the screen, telling me to update programs.

I understand this is a program on the system but seems like it is being used to exploit my system.

Comodo and their geek buddy help doesn't find it or find it necessary to fix it. Malyware Bytes isn't picking it any problem, mbam-chameleon isn't finding an issue, SecurityCheck isn't finding anything, along with a host of other things I have tried and download from here that have worked in the past.

Using regedit and searching the registry finds nothing.

Although I can easily track to the file from task manager.

I will gladly delete all the files if it will let me do so. I am concerned to not error in causing my system to crash by doing so incorrectly.

I'm running Windows 7 on this computer but appreciate any assistance.

Seems like anything I deal with in malyware and junk anymore requires more pulling out of the big guns than simple virus removal.

I would like to really up the ante so to speak in protecting my system and still hope to run my webpages, etc.

Appreciate any input on how to up the ante as well.

I've attempted to attached a snippet of the files I found but doesn't seem to want to allow me to do that here.

Thanks

Rivqa

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/509681/tsassistexe/

Security Center won't stay on

I have been given this Wins 7 laptop which didn't have any antivirus

Subsequent scans revealed a whole load of junk

I have used Combofix - Malwarebytes - Kaspersky Boot Disk

The OS will function but the little blue circle will appear on a regular basis, and security centre wont stay on

I could find combofix results and maybe kaspersky etc if you want

Thanks !

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512455/security-center-wont-stay-on/

Windows7/Mozilla Firefox/ Pop- up windows and underlined words

Hello to everyone! :-)

My name is Manolis and I come from Athens, Greece. Firstly, I would like to mention that I don't know much about computers so whoever is kind enough to answer this thread, please keep it simple. Thanks! :-)

I have Windows7, I run Mozilla Firefox and I use Avira Free Antivirus.

During the last few months when I was browsing different pages I saw that some words were underlined. When I rolled over the underlining I realized it was an advertisment saying "Click to continue -> By CouponDropDown". It usually advertised Ipads or some kind of online casino games. I didn't pay attention but it started getting worse. More and more words were underlined in this way. As if this were not enough, pop up windows started to appear saying that it was some kind of survey on behalf of Mozilla.

I realized it was probably a virus so I visited the Mozilla Firefox support page where they advised me to download the following malware scanning programmes: Malware Bytes AntiMalware Free, Superantispyware Portable Scanner, Microsoft Safety Scanner, Anti-Rootkit Utility TDSS killer, and ADW cleaner. I ran all of these programmes and many viruses were found and removed. The problem diminished temporarily but then I started seeing again underlined words and pop up Windows.

Is there anything else I could do?

Thank you in advance!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512159/windows7mozilla-firefox-pop-up-windows-and-underlined-words/

Computer infected with unknown malware

Infected with ZeroAccess can't update windows, can't change firewall help

I also can't down load any exe files. DDS Logs attached

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512330/infected-with-zeroaccess-cant-update-windows-cant-change-firewall-help/

Taskmgr.exe not starting and computer slow

Help needed ;)

As it looks i have a virus/malware on my computer. Computer geting very slow, when i tried to open task manager to see what process is slowing down, it can not be open. I got only error the application was unable to start correctly (0xc000006) taskmgr.exe. I have avast antivirus, and when i started full scan it works for some time and than it blocks. I have also spybot, but noting showing. I downloaded Malwerbytes Anti MAware and on quick scan there is nothing, on full scan it blocks also. I tried it from safe mode, but it is the same.

I copied taskmgr.exe from good computer, and tried to run it but it wont. I even chanced the name but it still cannot be started.

Help needed.

tnx,

Ged

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512095/taskmgrexe-not-starting-and-computer-slow/

Please help!

All of a sudden my processes (google chrome and task manager) started multiplying to about 5 of them without bringing up any extra applications, and my laptop froze for over 15 minutes before I was able to do anything about it. Then both of my security programs, Windows Defender and Microsoft Security Essentials were both turned off. As I was trying to perform a scan, the processes started multiplying again and computer kept freezing. I tried to put it into safe mode and used system restore to October 26th (around 5 days earlier) and when I ran my computer again, Security Essentials was already turned off, and shortly after the same problem occurred. The only possible thing that I can think would cause this is that a program from Norton, which I have been trying to avoid, showed notifications about having to restart my computer to complete installation. I uninstalled the program right after seeing this notification and now I can't see it, so I don't know if there's any remnants or not. Please let me know what you think might be the case, thanks!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512452/please-help/

this is the servers down

Help me ?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512405/this-is-the-servers-down/

this is the servers down

Help me ?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512405/this-is-the-servers-down/

Infected with Trojan:win32/sirefef.AB

Do not know how to remove.

DDS scan files attached.

Thank you!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/510348/infected-with-trojanwin32sirefefab/

wisersearch help

I've had adserverplus ads coming up in my browsers for the last couple of months (haven't been using my laptop much though). I tried removing it but to no avail. And then just this week my browser's (IE10) homepage became wisersearch. Ive read some scary things about it and I cant seem to find it or any other malware so I really dont know what to do.

I'm running Windows 7, if that helps.

Thanks

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512033/wisersearch-help/

Antivirus Security Pro - won't allow safe mode, regedit, msconfig

One of my salesmen's laptops is infected with Anitvirus Security Pro. His system is running Windows 7 Professional SP1. The system will not boot in Safe Mode (it loads through the welcome screen and then immediately logs out and restarts in normal mode) and It will also not allow access to task manager, Regedit or MSCONFIG.

Any assistance would be appreciated! Thanks.

Beth

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511742/antivirus-security-pro-wont-allow-safe-mode-regedit-msconfig/

I am infected - virus detected by AVG but not removing

I am infected.

I have found files re-writing in even after I delete them.

This is the thread that AVG detects every time I open my blog site on Firefox.

C:\Users\Bob\AppData\Local\Mozilla\Firefox\Profiles\bjevpkwj.default-1365741532968\Cache\5\EA\BBC79d01

Even after I clear the Cache it keeps writing the files and AVG constantly detects these files as a virus.

I have contacted GoDaddy and they say all is well with my website but that the problem is in firefox plugins.

I have no idea.

Can you help me resolve this dilemma??

Thanks in advance

Robert Dorsey

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512450/i-am-infected-virus-detected-by-avg-but-not-removing/

My computer recently started playing random ads and music suddenly

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512430/my-computer-recently-started-playing-random-ads-and-music-suddenly/

mercredi 30 octobre 2013

Condoblokes crap

Download SecurityCheck Download Link

* Save it to your Desktop.

* Double-click SecurityCheck.exe

* Follow the onscreen instructions inside the black box.

* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: If any security program requests permission to access the Internet, allow it to do so.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512449/condoblokes-crap/

Google Redirect Virus or similar

Every link I click in Google or Yahoo redirects me, usually to ihavenet.com. It occurs in both FireFox and IE and neither MalwareBytes, nor McAfee has been able to remove it. I've had this virus since June or July. The two DDs logs are attached as files.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/508535/google-redirect-virus-or-similar/

PCers interested in new Mac AV test. Very interesting and well done.

I thought I would post this here since none of you would ever go to the Mac OS section. This is a great Mac AV test with a massive pdf full of info. Very interesting.

http://securityspread.com/detection-rate-results/

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512417/pcers-interested-in-new-mac-av-test-very-interesting-and-well-done/

Sorry, you don't have permission for that!

Just reading about Cryptolocker Hijack Program. Post #1427 involves a response from Grinler where he provides links to BC Forum info.

I can click on this link http://www.bleepingcomputer.com/forums/t/446111/new-accdfisa-protection-center-ransomware-called-malware-protection/

But when I try this link http://www.bleepingcomputer.com/forums/u/771599/accdfisa/

I get "Sorry, you do not have permission for that!"

Don't understand as this was posted by the Administrator. Please clarify.

Thank You

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512421/sorry-you-dont-have-permission-for-that/

Problem...

I recently built my own custom build for the first time, and everytime seemed to be going fine. I managed to install the OS fine (all done on Saturday) and been on it a few times. However, last time I switched it on, it goes past the POST screen but then nothing shows up afterwards. Any idea on what I could have done wrong here?

Sorry details are a bit vague.

Ask for anymore questions that may solve this issue.

Thanks in advance.

Andy

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512344/problem/

Random freezes/lockups even with some new hardware.

Hello, I come seeking advice on what may be my problem.

if this is posted in the wrong forum, a mod is more than welcome to move it accordingly, I do not know what causes the problem, only that it is most likely some hardware.

I will start by explaining the problem, which begun a while ago.

A few weeks ago, I started experienceing random freezes/lockups on my homebuilt PC, it had been working fine for over a year and out of the blue it just starts freezing on me randomly while in windows, not even while doing anything in particular, just while browing the web or listening to music and even when just idling.

After I tried to resolve the issue myself (to no avail I might add) by running memtest86+ for 24 hours (7 whole passes on 16GB of RAM) and it showed no errors, replacing my SSD with a new one thinking it was to blame, replacing my CPU cooler with a new one (noticed my CPU ran a bit on the hot side while idle), and of course reinstalling windows entirely. None of these steps helped, so I accepted defeat and turned my PC in to my local repair shop. After a few days I get a call from the shop saying that he managed to solve the issue by removing both my graphics card and my SATA HDD, and that it ran fine withut them for 27 hours straight with no freezes.

Knowing I still had warranty left on both my HDD and my graphics card, I contacted my place of purchase and requested an RMA for both.

After a few days of back and forth I was cleared to recieve a full refund for my graphics card, which would be more than enough to buy a new graphics card, a new PSU and a new PC case, which I did.

Now as I am writing this on my "new" PC (same PC, new components.) I just experienced another freeze/lockup! Windows event log shows nothing of significance (what I can tell), I also have "Who Crashed" installed and it doesn't give me any logs of what happened either. I am not overclocking anything at all, everything is running on stock levels. What baffles me most about this problem is why it just seemingly out of the blue starts happening after working fine for over a year? The only thing I can think of that I changed before it all started happening was a setting in bios to enable me to start my PC by using a keyboard command (a setting that did not work because my keyboard is a USB one, and thus I restored that setting to its default value afterwards).

I tried updating the chipset drivers now, but it said my version was up to date, also my SSD had the latest firmware installed (R211).

No other hardware connected currently, my optical drive was damaged so that is not connected, and I am still waiting for RMA on my HDD so that is not connected either.

I am at my wits end about this, and do not know what to do, or what could be wrong.

My hardware currently is as follows:

PSU: XFX XXX Pro series 850W

GPU: Sapphire R9 280x 3GB OC Dual-X

CPU: Intel i5 3550 3,3 GHz

RAM: Corsair 8GB DDR3 1600MHz/CL9/VENGEANCE & 8GB of the same memory type except a higher clock frequency I believe, total 16GB RAM.

MOBO: Gigabyte Z68X-UD3H-B3 Rev 1.3

SSD: SanDisk SSD Extreme 120 GB

SATA III, Sandforce SF-2200

Running windows 7 ultimate 64-bit, latest stable bios version installed (F12 I believe).

Any help or recommendations what to do next are very welcome, the only thing I can think of that is left is the motherboard being the culprit?

Please excuse my somewhat broken english, it is not my first language.

Thank you in advance.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512360/random-freezeslockups-even-with-some-new-hardware/

How do I remove OtShot? It's driviing me crazy. I have cleaned Control Panel.

This is my first posting.

I have been trying to delete OtShot. I have no idea how I received this. I have cleaned out my Control Panel but OtShot isn't listed.

HELP !!!

I am totally a virgin when it comes to this kind of thing.

Be patient!

Thank You!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512447/how-do-i-remove-otshot-its-driviing-me-crazy-i-have-cleaned-control-panel/

How do I remove OtShot? It's driviing me crazy. I have cleaned Control Panel.

This is my first posting.

I have been trying to delete OtShot. I have no idea how I received this. I have cleaned out my Control Panel but OtShot isn't listed.

HELP !!!

I am totally a virgin when it comes to this kind of thing.

Be patient!

Thank You!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512446/how-do-i-remove-otshot-its-driviing-me-crazy-i-have-cleaned-control-panel/

Antivirus Security Pro will not allow me to boot up in Safe Mode

Computer infected with Antivirus Security Pro; cannot successfully log on with Safe Mode as computer reboots at log on.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512206/antivirus-security-pro-will-not-allow-me-to-boot-up-in-safe-mode/

Ads Posted within all webpages I visit.

Good afternoon from Racine, WI.

I'm posting this message in hopes I can remove this nasty bit of malware I've somehow gotten.

Every web page I go to posts ads both to the right and left of the page and sometimes right on top of the page that I am viewing.

Someone please help! Thank you!

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511759/ads-posted-within-all-webpages-i-visit/

Need Help with Removing Adware Vundo Variant

Hi,

I would appreciate some help with this.

Thanks,

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512341/need-help-with-removing-adware-vundo-variant/

Need Help with Removing Adware Vundo Variant

Hi,

I would appreciate some help with this.

Thanks,

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512341/need-help-with-removing-adware-vundo-variant/

psactive.exe

http://www.bleepingcomputer.com/forums/t/393472/win-xpcannot-find-fictitious-dll/page-2?hl=%2Bpsactive#entry2238805

Here is a further clusterbomb of ambiguous conflicting results from metascan:

AegisLab

No threat detected

Agnitum

No threat detected

Ahnlab

Win-Trojan/Agent.8192.Z

Antiy

No threat detected

AVG

Generic7_c.AGFB

Avira

TR/Drop.Yoader.A.22

BitDefender

Trojan.Generic.7219697

ByteHero

No threat detected

ClamWin

Win.Trojan.Agent-27809

Commtouch

No threat detected

Emsisoft

Win32.SuspectCrc!E2

ESET

No threat detected

F-prot

No threat detected

F-secure

Trojan.Generic.7219697

Filseclab

TrojanDrop.Agent.cck.yxgo

Fortinet

No threat detected

Hauri

Backdoor.Win32.A.Agent.3584

Ikarus

Win32.SuspectCrc

Jiangmin

TrojanDropper.Microjoin.anl

No threat detected

Kaspersky

No threat detected

Kingsoft

No threat detected

Lavasoft

Trojan.Generic.7219697

Malwarebytes

No threat detected

McAfee

Artemis!55F52BA64E49 trojan

Microsoft

Unknown Threat

NANO

Trojan.Win32.Microjoin.frsfp

NetGate

No threat detected

Norman

winpe/Suspicious_Gen4.BKRYJ

nProtect

Trojan/W32.Agent.5120.CU

Preventon

No threat detected

QuickHeal

TrojanDropper.Microjoin.hfg

STOPzilla

No threat detected

SUPERAntiSpyware

No threat detected

Symantec

No threat detected

Systweak

trojan.agent

ThreatTrack

Trojan.Win32.Generic!BT

TotalDefense

No threat detected

TrendMicro

No threat detected

TrendMicroHouseCall

No threat detected

VirIT

No threat detected

VirusBlokAda

��virus_nameTrojanDropper.Microjoin

Zillya!

No threat detected

The computer exhibits no other suspicious activity whatsoever apart from the daily avast alert. I lean towards trusting Kapersky + Malwarebytes + Fprot. Any thoughts?

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/511902/psactiveexe/

Viruses removed and now, no boot.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512305/viruses-removed-and-now-no-boot/

Time for an upgrade, looking for some advice.

Hey guys, looking for a bit of advice. It's time to upgrade my system, but I don't need everything new. Pic is what I was planning to purchase, because the intent is to eventually upgrade to two R9 280s.

Here's the current set up:

Asus M4A88TD-V EVO USB3

Phenom II X4 955 Black Edition

Patriot G Series Sector 5 4GB x3

Radeon HD 6850

WD Caviar Black 1TB

WD Green 3TB

SeaSonic S12II 620 Bronze

NXZT Zero 2

Advice? I'm trying to stay below $850-$900 if I can.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512323/time-for-an-upgrade-looking-for-some-advice/

ar.voicefive popup won't go away

Hello,

A few days ago, I had a pop-up from ar.voicefive. I googled it and it turned out to be a browser hijacker. I don't know where it could've came from because my laptop is only used for school purposes as well as watching Netflix. I don't download things unless they are school related from my school website. I've followed the steps in this forum:

http://www.bleepingcomputer.com/forums/t/461780/arvoicefivecom/

but it hasn't seemed to stop. The popups actually increased. Please help! I want to stop this before it gets worst.

via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/512440/arvoicefive-popup-wont-go-away/