Computer Support Forum

Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Question: Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented from opening and an error box notifies me as such every time I log on.When the computer is left on and idle it goes to a blue screen then restarts then blue screen then restarts *doesn't look real though, like it's a screen saver designed to imitate a blue screen? Whoever made this thing thought of EVerything.It won't uninstall in add/remove or from program files, and its' files and icons are locked from being deleted. It has taken over the desktop picture and won't let you change it as the desktop tab has disappeared from Properties. It locked www.freewebportal.com for my homepage and locked me from changing it in Tools, it constantly changes my internet options to allow popups, the popups sometimes freeze the computer as it starts freaking out and opens upwards of 54 internet explorer windows at one time and if you try to close them the number goes down but right back up, it has little start menu notifications come up saying I have 2577 viruses, the program itself automatically opens at startup and then randomly aftwerwards and automatically scans, it prevents my antivirus and anti-malware programs from opening although the program seems to be active and gives me notifications of malware that the desktop firewall blocks. It's in the process of trying to prevent Firefox from starting up although it doesn't stop internet explorer from opening. When I'm surfing with internet explorer, randomly I am routed to a page saying that I'm unprotected and then re-routes me to the ordering page for Antivirus 2008. I'm sure there's more but that's all I can remember right now. Heres the reports:Deckard's System Scanner v20071014.68Run by nomore_43 on 2008-08-05 13:02:17Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-08-05 19:02:29 UTC - RP10 - Deckard's System Scanner Restore Point2: 2008-08-05 13:25:37 UTC - RP9 - Software Distribution Service 3.01: 2008-08-05 05:21:12 UTC - RP8 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 502 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-08-05 13:08:14Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Digital Media Reader\shwiconEM.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Realtek\InstallShield\AzMixerSel.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Qwest\QuickCare\bin\sprtcmd.exeC:\Program Files\3D-Relax\Living 3D Fireplace Trial\trioService.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\system32\lphcnwfj0e5cr.exeC:\Program Files\rhcjwfj0e5cr\rhcjwfj0e5cr.exeC:\Program Files\Webroot\Desktop Firewall\WDF.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Desktop Firewall\wdfsvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\system32\pphcnwfj0e5cr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Webroot\Spy Sweeper\SSU.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\nomore_43\Desktop\mbam-setup.exeC:\DOCUME~1\NOMORE~1\LOCALS~1\Temp\is-8347H.tmp\mbam-setup.tmpC:\Documents and Settings\nomore_43\Desktop\dss.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexploreR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = <local>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAShCut.exe"O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QUICKCARE] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QUICKCAREO4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\Living 3D Fireplace Trial\trioService.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exeO4 - HKLM\..\Run: [lphcnwfj0e5cr] "C:\WINDOWS\system32\lphcnwfj0e5cr.exe"O4 - HKLM\..\Run: [SMrhcjwfj0e5cr] "C:\Program Files\rhcjwfj0e5cr\rhcjwfj0e5cr.exe"O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exeO4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -kO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /trayO4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exeO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - CmdMapping - (file missing)O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {3AA42713-5C1E-48E2-B432-D8BF420DD31D} () - http://antivirus-scanonline.com/AntvrsInstall.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194127732210O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cabO16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games ? Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dllO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dllO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - AppInit_DLLs: c:\windows\system32\cru629.datO21 - SSODL: GGsjpRJLGSd - {F4C21FFB-5E68-B551-9B90-31E6C3F712CF} - C:\WINDOWS\system32\quqqpm.dll (file missing)O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exeO23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exeO23 - Service: Webroot Desktop Firewall network service (wdfnet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe--End of file - 11530 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager? (32-bit)>R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus? ASPI Shell>R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>R3 sysrest.sys - c:\windows\system32\sysrest.sysS0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys (file missing)S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------S2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)S2 SpywareCleanerService - c:\program files\spyware cleaner\scservice.exe (file missing)-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-08-05 12:56:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job2008-07-30 13:31:38 1538 --a------ C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job-- Files created between 2008-07-05 and 2008-08-05 -----------------------------2008-07-31 19:41:09 109150 --a------ C:\WINDOWS\system32\drivers\f9bcfe6a.sys2008-07-31 07:19:02 0 d-------- C:\Documents and Settings\Pookies' Ma\Contacts2008-07-30 16:38:06 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\ArcSoft2008-07-30 16:21:02 94208 --a------ C:\WINDOWS\system32\pphcnwfj0e5cr.exe2008-07-30 15:55:45 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\Mozilla2008-07-30 14:23:39 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\rhcjwfj0e5cr2008-07-30 13:36:23 0 d-------- C:\Documents and Settings\nomore_43\Application Data\Webroot2008-07-30 13:33:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot2008-07-30 13:31:17 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\Webroot2008-07-30 13:31:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot2008-07-30 13:31:16 0 d-------- C:\Program Files\AskSBar2008-07-30 12:49:26 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\Adobe2008-07-30 12:49:06 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\Google2008-07-30 12:48:23 0 d-------- C:\Documents and Settings\Pookies' Ma\Application Data\Real2008-07-30 12:43:04 0 d-------- C:\Documents and Settings\nomore_43\Desktop2008-07-30 12:15:12 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia2008-07-30 12:13:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe2008-07-30 12:13:02 0 d-------- C:\Documents and Settings\Guest\Application Data\Google2008-07-30 12:12:21 0 d-------- C:\Documents and Settings\Guest\Application Data\Real2008-07-30 12:11:38 0 dr-h----- C:\Documents and Settings\Guest\SendTo2008-07-30 12:11:38 0 dr-h----- C:\Documents and Settings\Guest\Recent2008-07-30 12:11:38 0 d--h----- C:\Documents and Settings\Guest\PrintHood2008-07-30 12:11:38 0 d--h----- C:\Documents and Settings\Guest\NetHood2008-07-30 12:11:38 0 dr------- C:\Documents and Settings\Guest\My Documents2008-07-30 12:11:38 0 d--h----- C:\Documents and Settings\Guest\Local Settings2008-07-30 12:11:38 0 dr------- C:\Documents and Settings\Guest\Favorites2008-07-30 12:11:38 0 d-------- C:\Documents and Settings\Guest\Desktop2008-07-30 12:11:38 0 d--hs---- C:\Documents and Settings\Guest\Cookies2008-07-30 12:11:38 0 dr-h----- C:\Documents and Settings\Guest\Application Data2008-07-30 12:11:38 0 d-------- C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver2008-07-30 12:11:38 0 d-------- C:\Documents and Settings\Guest\Application Data\SampleView2008-07-30 12:11:38 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft2008-07-30 12:11:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities2008-07-30 12:11:37 0 d-------- C:\Documents and Settings\Guest\WINDOWS2008-07-30 12:11:37 0 d--h----- C:\Documents and Settings\Guest\Templates2008-07-30 12:11:37 0 dr------- C:\Documents and Settings\Guest\Start Menu2008-07-30 12:11:37 1048576 --a------ C:\Documents and Settings\Guest\NTUser.dat2008-07-30 11:56:43 0 d-------- C:\Documents and Settings\Administrator.SPANKY\Application Data\Adobe2008-07-30 10:12:12 0 d-------- C:\Documents and Settings\Administrator.SPANKY\Application Data\rhcjwfj0e5cr2008-07-23 11:56:04 0 d-------- C:\Documents and Settings\nomore_43\Application Data\rhcjwfj0e5cr2008-07-23 11:55:40 0 d-------- C:\Program Files\rhcjwfj0e5cr2008-07-23 11:55:21 60928 --a------ C:\WINDOWS\system32\blphcnwfj0e5cr.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>2008-07-23 11:55:19 110080 --a------ C:\WINDOWS\system32\lphcnwfj0e5cr.exe2008-07-21 02:56:18 12733 --a------ C:\WINDOWS\system32\yhisat.dll2008-07-21 02:56:18 14963 --a------ C:\WINDOWS\system32\ryweke.bin2008-07-21 02:56:18 13894 --a------ C:\WINDOWS\system32\diruna.reg2008-07-21 02:56:18 13310 --a------ C:\WINDOWS\exubiku.scr2008-07-21 02:56:18 13998 --a------ C:\Program Files\Common Files\ikasyxac.sys2008-07-21 02:56:18 10356 --a------ C:\Program Files\Common Files\bypijama.pif2008-07-21 02:56:18 13331 --a------ C:\Documents and Settings\nomore_43\Application Data\zyhev.com2008-07-21 02:56:18 16264 --a------ C:\Documents and Settings\nomore_43\Application Data\tawired.pif2008-07-21 02:56:18 19844 --a------ C:\Documents and Settings\nomore_43\Application Data\jaqafenid.pif2008-07-21 02:56:18 18988 --a------ C:\Documents and Settings\nomore_43\Application Data\eryxuqyrig.bat2008-07-21 02:56:18 12221 --a------ C:\Documents and Settings\nomore_43\Application Data\elase.com2008-07-21 02:56:18 18665 --a------ C:\Documents and Settings\All Users\Application Data\cucugun.com2008-07-21 02:56:18 13950 --a------ C:\Documents and Settings\All Users\Application Data\abyjypi.bat2008-07-20 23:22:22 11747 --a------ C:\Program Files\Common Files\obex.com2008-07-20 23:22:22 10835 --a------ C:\Program Files\Common Files\luju.com2008-07-20 23:22:22 13784 --a------ C:\Documents and Settings\nomore_43\Application Data\ofat.dll2008-07-20 23:22:22 16963 --a------ C:\Documents and Settings\nomore_43\Application Data\aqejakuwij.scr2008-07-20 23:22:22 18052 --a------ C:\Documents and Settings\All Users\Application Data\ysemoricy.bat2008-07-20 16:39:51 11915 --a------ C:\WINDOWS\system32\duhyrab.scr2008-07-20 16:39:51 16550 --a------ C:\WINDOWS\nuxov.dat2008-07-20 16:39:51 10541 --a------ C:\WINDOWS\bigecosyqo.bat2008-07-20 16:39:51 17538 --a------ C:\WINDOWS\bekodyx.bin2008-07-20 16:39:51 19938 --a------ C:\Program Files\Common Files\imoqosil.sys2008-07-20 16:39:51 16246 --a------ C:\Program Files\Common Files\idedy.reg2008-07-20 16:39:51 12549 --a------ C:\Documents and Settings\nomore_43\Application Data\agab.vbs2008-07-20 16:39:51 14237 --a------ C:\Documents and Settings\All Users\Application Data\omad.exe2008-07-20 16:39:51 15751 --a------ C:\Documents and Settings\All Users\Application Data\avytedem.bin2008-07-20 16:39:51 12942 --a------ C:\Documents and Settings\All Users\Application Data\ahyloqavu.scr2008-07-20 07:10:04 16998 --a------ C:\WINDOWS\tisulosada.pif2008-07-20 07:10:04 10895 --a------ C:\WINDOWS\system32\ahux.dat2008-07-20 07:10:04 16852 --a------ C:\WINDOWS\gakojopoxi.bin2008-07-20 07:10:04 18693 --a------ C:\WINDOWS\esugyrafoq.reg2008-07-20 07:10:04 17181 --a------ C:\WINDOWS\elij.com2008-07-20 07:10:04 11262 --a------ C:\Program Files\Common Files\racywek.bin2008-07-20 07:10:04 18509 --a------ C:\Documents and Settings\nomore_43\Application Data\obirokepy.com2008-07-20 07:10:04 19043 --a------ C:\Documents and Settings\nomore_43\Application Data\esyvys.bat2008-07-20 07:10:04 14904 --a------ C:\Documents and Settings\nomore_43\Application Data\baji.dll2008-07-20 07:10:04 12429 --a------ C:\Documents and Settings\All Users\Application Data\zysyfurada.vbs2008-07-20 07:10:04 17013 --a------ C:\Documents and Settings\All Users\Application Data\teciwutera.bin2008-07-20 07:10:04 19272 --a------ C:\Documents and Settings\All Users\Application Data\qiqetenuno.bat2008-07-19 20:17:51 14502 --a------ C:\WINDOWS\system32\ytawujod.com2008-07-19 20:17:51 16955 --a------ C:\WINDOWS\system32\vare.exe2008-07-19 20:17:51 18136 --a------ C:\WINDOWS\hepebamux.dll2008-07-19 20:17:51 13379 --a------ C:\WINDOWS\henoriwiwa.dat2008-07-19 20:13:35 304332 --a------ C:\WINDOWS\system32\winivstr.exe-- Find3M Report ---------------------------------------------------------------2008-08-04 17:22:26 0 d-------- C:\Program Files\Webroot2008-07-30 19:33:43 0 d-------- C:\Documents and Settings\nomore_43\Application Data\Mozilla2008-07-30 13:00:30 164 --a------ C:\install.dat2008-07-30 12:48:43 0 d-------- C:\Program Files\WAV2008-07-30 10:30:28 0 d-------- C:\Program Files\Microsoft Works2008-07-21 02:56:18 0 d-------- C:\Program Files\Common Files2008-07-20 23:22:22 15784 --a------ C:\Program Files\Common Files\ykasa.ban2008-07-20 23:22:22 19185 --a------ C:\Documents and Settings\nomore_43\Application Data\ulufyso._sy2008-07-20 23:22:22 12670 --a------ C:\Documents and Settings\nomore_43\Application Data\sovax._dl2008-07-20 16:39:51 10479 --a------ C:\Program Files\Common Files\vumukypo.db2008-07-20 16:39:51 15869 --a------ C:\Program Files\Common Files\ucun.db2008-07-20 16:39:51 18831 --a------ C:\Documents and Settings\nomore_43\Application Data\ezof._dl2008-07-20 16:39:51 18021 --a------ C:\Documents and Settings\nomore_43\Application Data\adiqyvos.inf2008-07-20 15:02:45 0 d-------- C:\Documents and Settings\nomore_43\Application Data\Move Networks2008-07-20 07:10:04 18829 --a------ C:\Program Files\Common Files\wugaducajy._dl2008-07-20 07:10:04 11329 --a------ C:\Program Files\Common Files\eqogun.inf2008-07-20 07:10:04 15848 --a------ C:\Documents and Settings\nomore_43\Application Data\getuly.dl2008-07-19 22:46:25 0 d-------- C:\Program Files\Yahoo!2008-07-19 20:17:51 14517 --a------ C:\Program Files\Common Files\ruzeqiti._dl2008-07-19 20:17:51 19499 --a------ C:\Documents and Settings\nomore_43\Application Data\axokyg.lib2008-07-06 16:40:47 0 d-------- C:\Documents and Settings\nomore_43\Application Data\uTorrent2008-07-04 21:57:43 36352 --a------ C:\WINDOWS\iexplorer.exe <Not Verified; www.; World.WideWeb.>2008-06-30 22:33:45 0 d--h----- C:\Program Files\InstallShield Installation Information2008-06-22 20:50:56 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >2008-06-22 20:35:26 0 d-------- C:\Program Files\Firaxis Games2008-06-15 13:01:13 0 d-------- C:\Program Files\ConsoleClassix.com2008-06-10 08:39:52 0 d-------- C:\Program Files\CoffeeCup Software2008-06-08 08:38:14 0 d-------- C:\Documents and Settings\nomore_43\Application Data\MSNInstaller2008-06-08 08:37:03 0 d-------- C:\Program Files\Online Services2008-06-07 21:27:30 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-06-06 22:24:48 0 d-------- C:\Program Files\Common Files\Java2008-06-06 22:24:48 0 d-------- C:\Documents and Settings\nomore_43\Application Data\Real2008-06-06 19:53:03 0 d-------- C:\Program Files\Google2008-05-08 03:05:06 1 --a------ C:\WINDOWS\system32\kl_done-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]07/30/2008 01:31 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]07/30/2008 01:31 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 04:04 PM]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]"High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\HDAShCut.exe" [01/07/2005 06:07 PM]"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [06/01/2005 05:56 PM]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/25/2005 11:32 AM]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/25/2005 11:29 AM]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/25/2005 11:32 AM]"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [07/13/2005 11:37 AM]"Alcmtr"="C:\WINDOWS\ALCMTR.EXE" [05/03/2005 07:43 PM]"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 09:00 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/26/2005 06:42 PM]"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [11/07/2006 10:07 PM]"trioService"="C:\Program Files\3D-Relax\Living 3D Fireplace Trial\trioService.exe" [02/09/2006 02:07 PM]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/28/2007 03:05 PM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]"Explorer"="C:\WINDOWS\iexplorer.exe" [07/04/2008 09:57 PM]"lphcnwfj0e5cr"="C:\WINDOWS\system32\lphcnwfj0e5cr.exe" [07/23/2008 11:55 AM]"SMrhcjwfj0e5cr"="C:\Program Files\rhcjwfj0e5cr\rhcjwfj0e5cr.exe" [07/23/2008 09:27 AM]"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [07/31/2008 07:18 AM]"@"="" []"Webroot Desktop Firewall"="C:\Program Files\Webroot\Desktop Firewall\WDF.exe" [10/20/2007 01:20 PM]"KernelFaultCheck"="C:\WINDOWS\system32\dumprep.exe" [08/04/2004 01:00 PM]"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/13/2008 09:53 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM]"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]"BitComet"="C:\Program Files\BitComet\BitComet.exe" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"NoDispScrSavPage"=1 (0x1)"NoDispBackgroundPage"=1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceActiveDesktopOn"=1 (0x1)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"GGsjpRJLGSd"= {F4C21FFB-5E68-B551-9B90-31E6C3F712CF} - C:\WINDOWS\system32\quqqpm.dll [ ][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=c:\windows\system32\cru629.dat[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]@="Service"-- Hosts -----------------------------------------------------------------------127.0.0.1 www.test.com127.0.0.1 www.ads.x10.com127.0.0.1 www.600pics.com127.0.0.1 www.doberman.befree.com127.0.0.1 www.enews.bfast.com127.0.0.1 www.etoys.bfast.com127.0.0.1 www.falcon.bfast.com127.0.0.1 www.ftp.befree.com127.0.0.1 www.ftp.bfast.com127.0.0.1 www.geocities.bfast.com844 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-08-05 13:12:16 ------------*****************************************************************************Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel? Pentium? 4 CPU 2.93GHzPercentage of Memory in Use: 69%Physical Memory (total/avail): 501.94 MiB / 150.69 MiBPagefile Memory (total/avail): 1225.66 MiB / 628.92 MiBVirtual Memory (total/avail): 2047.88 MiB / 1918.96 MiBC: is Fixed (NTFS) - 145.47 GiB total, 91.22 GiB free. D: is Fixed (FAT32) - 3.56 GiB total, 2.72 GiB free. E: is CDROM (CDFS)F: is Removable (No Media)G: is Removable (No Media)H: is Removable (No Media)I: is Removable (No Media)\\.\PHYSICALDRIVE0 - WDC WD1600JD-22HBC0 - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 145.47 GiB - C: \PARTITION1 - Unknown - 3.57 GiB - D:\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.FirstRunDisabled is set.AntiVirusDisableNotify is set.FirewallDisableNotify is set.UpdatesDisableNotify is set.AntivirusOverride is set.FW: Norton Internet Worm Protection v2006 (Symantec) DisabledFW: Webroot Desktop Firewall v5.5.8.8 (Webroot)AV: Webroot AntiVirus with AntiSpyware v5.8.1.47 (Webroot Software, Inc.)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:America Online 9.0""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL""C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App""C:\\Documents and Settings\\Messenger\\YahooMessenger.exe"="C:\\Documents and Settings\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:?Torrent""C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client""C:\\Program Files\\GhostSurf 2005\\Proxy.exe"="C:\\Program Files\\GhostSurf 2005\\Proxy.exe:*:Disabled:GhostSurf proxy""C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer""C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)""C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger""C:\\Documents and Settings\\Pookies' Ma\\Local Settings\\Temp\\.ttD.tmp"="C:\\Documents and Settings\\Pookies' Ma\\Local Settings\\Temp\\.ttD.tmp:*:Disabled:.ttD""C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\nomore_43\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=SPANKYComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\nomore_43LOGONSERVER=\\SPANKYNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WbemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0401ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\NOMORE~1\LOCALS~1\TempTMP=C:\DOCUME~1\NOMORE~1\LOCALS~1\TempUSERDOMAIN=SPANKYUSERNAME=nomore_43USERPROFILE=C:\Documents and Settings\nomore_43windir=C:\WINDOWS__COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------Owner (admin)MichaelMelnomore_43 (admin)Pookies' Ma (admin)Administrator.SPANKY (admin)Guest (guest)-- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf?Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALLActiontec Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9 Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAdobe? Photoshop? Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}AntivirXP08 --> "C:\Program Files\rhcjwfj0e5cr\uninstall.exe"ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O Celtx (0.9.9.1) --> C:\Program Files\Celtx\uninstall\uninst.exeCivilization III Complete Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF} Console Classix 4.04 --> "C:\Program Files\ConsoleClassix.com\unins000.exe"Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} DirectX Media Runtime 5.1 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NTEasy GIF Animator 4.3 --> "C:\Program Files\Easy GIF Animator\unins000.exe"Easy Gif Animator Extension --> "C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_3153.exe" _?=C:\Program Files\Easy Gif Animator ExtensionEPSON CX 4200 4800 Guide --> C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exeEPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /REPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /rEPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anythingFlash Slideshow Maker Pro 4.40 --> C:\Program Files\Flash Slideshow Maker Professional\uninst.exeForm Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstallHigh Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALLIntel? Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exeMap Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -uMicrosoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\nomore_43\Application Data\Move Networks\ie_bin\Uninst.exeMozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exeMSM32Installer --> MsiExec.exe /I{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /UninstallMusic Creator 4 --> "C:\Program Files\Cakewalk\Music Creator 4\unins000.exe"Myst IV - Revelation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9 Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALLOneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstallQuickConnect --> C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonlyQuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.logQwest QuickCare 2.0 --> "C:\Program Files\Qwest\QuickCare\unins000.exe"RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonlyRhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}Riven --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Riven\DeIsL1.isu"Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.infSpy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"Spy Sweeper Core --> MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}Titanic --> C:\Program Files\CyberFlix\Titanic\TITANIC.EXE -UViewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uWebroot Desktop Firewall --> MsiExec.exe /X{8FD723BB-E30B-4BE9-85DD-161FD6F5B37A}Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /SYahoo! Messenger --> C:\DOCUME~1\MESSEN~1\UNWISE.EXE /U C:\DOCUME~1\MESSEN~1\INSTALL.LOG-- Application Event Log -------------------------------------------------------Event Record #/Type390 / SuccessEvent Submitted/Written: 08/05/2008 10:23:34 AMEvent ID/Source: 12001 / usnjsvcEvent Description:The Messenger Sharing USN Journal Reader service started successfully.Event Record #/Type375 / SuccessEvent Submitted/Written: 08/05/2008 00:38:36 AMEvent ID/Source: 12001 / usnjsvcEvent Description:The Messenger Sharing USN Journal Reader service started successfully.Event Record #/Type363 / SuccessEvent Submitted/Written: 08/04/2008 11:28:47 PMEvent ID/Source: 12001 / usnjsvcEvent Description:The Messenger Sharing USN Journal Reader service started successfully.Event Record #/Type354 / SuccessEvent Submitted/Written: 08/04/2008 08:54:56 PMEvent ID/Source: 12001 / usnjsvcEvent Description:The Messenger Sharing USN Journal Reader service started successfully.Event Record #/Type351 / ErrorEvent Submitted/Written: 08/04/2008 06:22:32 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Faulting application civ3conquests.exe, version 1.22.0.0, faulting module civ3conquests.exe, version 1.22.0.0, fault address 0x001cdce6.Processing media-specific event for [civ3conquests.exe!ws!]-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type68257 / ErrorEvent Submitted/Written: 08/05/2008 10:23:01 AMEvent ID/Source: 7000 / Service Control ManagerEvent Description:The SpywareCleanerService service failed to start due to the following error: %%2Event Record #/Type68256 / ErrorEvent Submitted/Written: 08/05/2008 10:23:01 AMEvent ID/Source: 7000 / Service Control ManagerEvent Description:The Print Spooler service failed to start due to the following error: %%2Event Record #/Type68255 / WarningEvent Submitted/Written: 08/05/2008 10:21:56 AMEvent ID/Source: 1007 / DhcpEvent Description:Your computer has automatically configured the IP address for the NetworkCard with network address 00132088CE56. The IP address being used is 169.254.148.224.Event Record #/Type68254 / WarningEvent Submitted/Written: 08/05/2008 10:21:50 AMEvent ID/Source: 1003 / DhcpEvent Description:Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00132088CE56. The followingerror occurred: %%121.Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.Event Record #/Type68247 / ErrorEvent Submitted/Written: 08/05/2008 07:25:38 AMEvent ID/Source: 20 / Windows Update AgentEvent Description:Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows XP (KB951376).-- End of Deckard's System Scanner: finished at 2008-08-05 13:12:16 ------------

Relevance 100%
Preferred Solution: Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possible to prevent more junk from being installed.Also -- At least one of the threats indicate backdoor activity:http://www.sophos.com/security/analyses/vi...ojagentgin.htmlThis means that it is possible for others to have access to the system to download & execute files.Your passwords could also have been stolen too so I advise you to get to a clean system to change your passwords to any sensitive sites like banking, shopping sites, ebay, PayPal, etc.Don't use this system for the above activity till we can get it cleaned up.If you bank or use credit cards online -- best call those companies so they can watch your accounts and advise you of any needed further actions.Thanks

3 more replies
Relevance 92.66%

Can someone please help read this log and advise me on what needs to be done next?Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Antivirus Xp 2008 Removal

How to remove Antivirus XP 2008 (Uninstall Instructions)ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.

1 more replies
Relevance 92.66%

The pop-ups are ridiculous. I know he has downloaded something that contained this annoying virus...
I am pretty good with the computer, but don't have time to sit for hours trying to find it... please help me remove if possible.

Thanks!
Lp

Answer:Antivirus 2008 Removal

Hello and welcome. I am moving this to the AM I Infected forum from Antivirus..Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal proce... Read more

2 more replies
Relevance 92.66%

Hi I went to log yesterday from my pc and a million viruses showed up. In short i got the antivirus xp 2008 virus. Ok so i dl spyhunter that didn't remove it because i can't complete dl. I also downloaded spyware doctor that has the same problem. My norton has completly stopped working now. Windows is crashing. I really don't know what to do. Any help would be much appreciated. I have a dell dimension 3100 with windows xp as os. Thank you
 

Answer:help with antivirus xp 2008 removal

Oh also norton say they can't help if i don't pay them, so i'm stuck with no virus protection at all now and a bunch of trojans and viruses.
 

1 more replies
Relevance 92.66%

Having got stuck with this uninvited softwear and found that I cant get rid of it without buying a licence, I checked out the past forums on this subject and ended up buying the the full program version of SpyHunter 3 and running and fixing etc.Having found the associated parasites ref Antivirus XP 2008 (3) the SpyHunter now says it has fixed and cleared my PC of these pests.Howver after a re boot it is still there. It is still showing via control panel/add and remove programs and still not letting me remove it.Any help would be much appreciated.

Answer:Antivirus XP 2008 removal

Try Malwarebtes antimalware prog; click hereAlso run superantispyware in safe mode.click here

3 more replies
Relevance 92.66%

This uninvited program has installed itself on my computer. I cannot remove it unless I comply with its blackmail threats and pay for a licence.It takes up all my desktop screen and constantly runs scans and gives me warnings about 100s of "viruses" I suppose to have on my computer.I checked through PC Advisor past forums on the subject and ended up paying out 70? for a full fusion of Spy Hunter 3 download.Spy Hunter detected 3 associated parasites and after a clean out says they are not there now.I have rebooted and its still there.I have gone into my control panel and tried removing it form the add/remove programs facility but it will not let me remove it.If anyone can offer any help I would be very gratefull.Tom

Answer:Antivirus XP 2008 Removal

.

3 more replies
Relevance 92.66%

Can anyone help me get rid of this horrible programme. It seems I picked it up from downloading a torrent. Now I fake reports about trojans etc and then asking for money.I'm running Vista if that helps, thanks in advance.

Answer:Antivirus 2008 pro removal

click hereSave that to your Desktop. Then double-click FixIEDef.exe and press OK on the "FixIEDef is running as administrator"FixIEDef will kill all copies of [b]Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process

8 more replies
Relevance 92.66%

bcbamaman8 How can I delete xp antivirus 2008 when it does not show up on programn list?

Answer:Removal Of Xp Antivirus 2008

How To Remove Xpantivirus (removal Instructions)http://www.bleepingcomputer.com/forums/t/111715/how-to-remove-xpantivirus-removal-instructions/

1 more replies
Relevance 92.66%

Anybody know of a removal tool for Antivirus Removal 2008? I think this is a version of Antivirus XP 2008. It has the same characteristics as this. It displays itself on the desktop and runs a scan then wants you to purchase it. I ran malwarebytes and Spyware Terminator and it is still there. I could not access the Internet at first but after running Malwarebytes I can now access the Internet but still get the little red x icon on the task bar. Any ideas would be greatly appreciated.

Jay
 

Answer:Antivirus Removal 2008

Sorry just a clarification this is called Virus Remover 2008.
 

2 more replies
Relevance 92.66%

I have a pc running XP SP2 that was recently infected with "Antivirus XP 2008". I believe i have removed all portions of the malware using Spybot, Combo Fix, and Malwarebytes. Now, when I boot my system, it will run for 1-2 minutes and crash. It states "If this is the 1st time this happened...." message. I can run the programs listed above in Safe mode, and the system does not crash. I tried doing a repair using the XP cd, but just before the option to "press R", the system crashes.

I have unplugged any unnecessary hardware and eliminated it being a memory issue by removing each stick and testing. I have gone into msconfig and made sure that it isnt try to start the Antivirus program. It is disabled but still listed.

Does anyone have any idea if I still have parts of Antivirus XP 2008 on the machien, or if my hard drive took a dive on me?
 

Answer:Removal of Antivirus XP 2008

Here are the Hijackthis logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070605
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&... Read more

1 more replies
Relevance 92.66%

Hello. I need help in removing this malware/trojan horse. Did a scan with AVG 8.0 Free and it showed the malware as pphc3f8j0eaaa.exe. So, currently the Resident Shield of AVG 8.0 Free is always removing it from the computer when AVG detected the malware on open. Anyway, my desktop background turns blue and when I go to Properties, it didn't have the tabs for Display, so I can't change my background either unless I manually set the background by right clicking on a wallpaper I have. Also, as I read with this problem in some of the threads in this forum, users faces pop-ups, etc but I didn't experience that. Only I had that so-called antivirus program keep on popping up, asking me to register it. So, really need your help here!! Thanks very much.Deckard's System Scanner v20071014.68Run by Lainey on 2008-07-13 23:57:44Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-07-13 13:57:55 UTC - RP7 - Deckard's System Scanner Restore Point1: 2008-07-13 09:19:58 UTC - RP6 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 76% (more than 75%).System Drive C: has 1.37 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro H... Read more

Answer:Help With Removal Of Antivirus Xp 2008!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Click Start > Run and type these commands hitting enter after each one:sc stop sysrest.syssc delete sysrest.syssc stop winvncsc delete winvnc================Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "T... Read more

14 more replies
Relevance 92.66%

tried spybot, and avg both haven't detected XP antivirus 2008 on my mates PC , its totally crippled IE7 and despite turning off popup blockers repeatedly will not allow access to any sites and as such does limit the possibility of any online intervention.

Is there a software to remove this malware? tried spydoctor which require one to purchase it before it would attempt to remove this malware and that defeats the purpose as one would land up paying for this malware to removed which was included to the registry with just that purpose in mind ;)

anyone successfully removed this without having to do it manually ?

thanks

Answer:Xp Antivirus 2008 Removal

You can use this Bleeping Computer Tutorial (self-help guide): How to remove XPAntiVirus (Removal Instructions)

1 more replies
Relevance 92.66%

A few days ago, the Antivirus 2008 pop-up appeared on my friend's new computer. It stated that he had 41 infections. HIs access to the internet was blocked, as well. In order to remove them, he had to pay for the service. After a bit of research, I discovered that it was a scam and attempted to remove it from his computer, via standard means (control panel, programs and features, uninstall). It appeared that some files were removed, but some were left behind. Those that remained still indicated that he had 41 infections and blocked his access to the internet, by indicating that the websites posed a threat.I found this community and the instructions for removing Antivirus 2008, through http://www.bleepingcomputer.com/malware-re.../antivirus-2008. I carefully followed the instructions and ran the scan...to no avail. The program didn't find the Antivirus 2008 or any infections, for that matter. Unfortunately, the problem remains. I thought that it might work to restore the computer to a time prior to the arrival of the Antivirus 2008 pop-up and then follow the removal instructions. When I restored it to a restore point from May, I could not get on the internet (the error message indicated that we were not connected to the internet. After an hour with the Roadrunner support people, we determined that their signal to the computer was strong and that the modem was working; but apparently the TCI/IP(?) was damaged by the restore and needed to be re-installed). Out of des... Read more

Answer:Antivirus 2008 Removal

Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.phpRight click on it and choose "Run as Administrator". Click 'Do a System Scan and Save logfile'.The HJT log will open in notepad. Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

3 more replies
Relevance 92.66%

Hi Guys : looking for some help I have been trying to remove 2008 antivirus that has taken over my browsers.
this is what i tried (read on anouther thread (Simon) suggested to anouther user to run ccleaner, then combo fix)

1) downloaded cccleaner, scanned

2) loaded super antispyware , scanned , but halfway through scan pc reboots , (uninstalled , reinstalled program no help)

3) was going to try to run combo fix, but i can not set up xp recovery mode ( due to no browser and no xp disk)

4) tried to set up mbam set up , downloaded from anourther pc , transfered to deskto but will not install.
I am stuck and do not know what to do, if anyone can help i would be greatful,
Ragweed

Answer:2008 Antivirus Removal

any ideas before i rebuild my system ????

2 more replies
Relevance 91.84%

Himy son has the dreaded virus on his laptop, can anyone recommend a free removal of the virus, i downloaded spyhunter thinking it was free , did a scan to be told that you would have to purchase it to have the infected files remove. Any advice would be appreciated.thanks

Answer:free removal of antivirus xp 2008

try malwarebytes anti malware from their own site, plus super anti spyware. Just google them.

6 more replies
Relevance 91.84%

I was infected with Antivirus XP 2008 but I did manage to get that removed but all my searches from my IE tool bar to goole get hijacked whe I click the links from the google page.Here is the log from HjackThisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:46:50 PM, on 8/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXEC:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files ... Read more

Answer:Please Help Problems After Antivirus Xp 2008 Removal

to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will ha... Read more

2 more replies
Relevance 91.84%

I have followed the instruction of the tutorial "Automated Removal Instructions for Antivirus XP 2008 using Malwarebytes". This resulted in the following:

Malwarebytes' Anti-Malware 1.28
Database version: 1191
Windows 5.1.2600 Service Pack 2

9/22/2008 10:00:51 AM
mbam-log-2008-09-22 (10-00-51).txt

Scan type: Quick Scan
Objects scanned: 46161
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 19
Files Infected: 91

Memory Processes Infected:
C:\Documents and Settings\Kendall Statema\Local Settings\Application Data\qip\QuickInstallPack.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helpe... Read more

Answer:Removal Of Antivirus Xp 2008 - Next Step

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow ke... Read more

3 more replies
Relevance 91.84%

What's the best way to remove this? My OS is Xp, Mc Afee doesn't seem to do much, I've deleted some files manually via safe mode, but the little taskbar "system alert" pop-up still remains! Doing a google search, a lot of sites come up with various removal programs, not sure which one is trustworthy though!?thanks in advance..

Answer:Windows Antivirus 2008 removal

Use this program just click on download for the free version,Malwarebytes antimalwareclick hereJust do a quick scanmfletch

2 more replies
Relevance 91.84%

Dell 3000 with XP Home purchased in 05, 512MB RAM, Office 2000, Photoshop & Misc..

The issue is that (keyboard) commands take 3-5 minutes each to execute and some system tools won't launch, like taskmgr.exe or System Restore, therefore troubleshooting is nearly impssible.

Things I've done:

- Despite the PC's slow operation, I deleted the two virus *.exe's and their DLL's in Program Files and ran a real version of Registery Mechanic.
- I deleted the DisableTaskMgr entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System but taskmgr.exe still returns " Admin has disabled the task manager".
- I set Virtual memory to 512MB.
- I emptied the Prefetch folder.
- Twice I used msconfig to disable all the startup programs and rebooted.
- Repeatedly tried to run Safemode unsuccessfully using F8.
- PCcillian runs but real-time scan can't be enabled.
- I don't have any origional system discs.

I'm seeking:
- A method to restore XP, or....
- A method to salvage some files, e-mail addressses in Outlook and a bunch of photos on the HDD, and...
- A method to re-install XP.

Thank you,
seattleguy

Answer:Xp Antivirus 2008 After Removal Issues

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

1 more replies
Relevance 91.84%

I tried several things to remove the Antivirus HP 2008 from my computer. I got infected Sunday night. Nothing has worked and I am a bit comfused.

First off the Antvirus 2008 removed all my restore dates and is in the BIOS. Keeps putting a desktop picture and deletes mine. I tried several things. Now it does not even registar as running.

I can try system restore and start when this was put into my computer. Any sugestions?

Answer:New Antivirus 2008 Removal Question

Hello what did you try ? What is your operating system,XP ??I am movin this topic from AntiVirus, Firewall etc... to Am I Infected..Please run this,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects fou... Read more

25 more replies
Relevance 90.61%

I got an array of viruses Wednesday night. Since then, and following the advice on this and other sites, I've done the following in no particular order:Run CCleaner (much like AFT Cleaner I suspect)Disabled system restoreRun OTCleanIt (a number of times)Run Super AntiSpyware (a number of times)Run Malwarebytes' Anti-Malware (a number of times)Run VundoFixInstalled Norton Internet Security 2009Re-Enabled system restoreRun SysRestoreRun ERUNTRun RSITMy Vaio VGN-A270P has been disconnected from the 'net since Wednesday night when this happened. I've been transfering files via a thumb drive. Before I reconnect to the web, I want to make sure all this crap is off my laptop. Here are the RSIT files. Thanks in advance for your help.- TWLog.txt follows:Logfile of random's system information tool 1.05 (written by random/random)Run by Greg Rankin at 2008-12-19 15:52:11Microsoft Windows XP Professional Service Pack 3, v.3311System drive C: has 51 GB (34%) free of 147 GBTotal RAM: 1023 MB (45% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:31 PM, on 12/19/2008Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI... Read more

Answer:Vundo and Antivirus 2008 removal review

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not... Read more

3 more replies
Relevance 90.61%

Hello,I somehow received this virus while trying to update adobe flash player which seemed legit, however I was wrong and am now haunted by this blue screen desktop and auto download of Antivirus XP 2008. My Clock is stuck in military mode and I cant restore my computer to a previous point except for when hte virus started. Your Help is appreciated in removing of this issue. I am providing you with my Hijack this log from DSS. I am also including Kaspersky Online Scan as well as Malware Bytes FileDeckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 3.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® M processor 2.00GHzPercentage of Memory in Use: 49%Physical Memory (total/avail): 1015.42 MiB / 508.71 MiBPagefile Memory (total/avail): 5016.71 MiB / 4527.63 MiBVirtual Memory (total/avail): 2047.88 MiB / 1918.44 MiBC: is Fixed (NTFS) - 111.54 GiB total, 21.65 GiB free. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 111.54 GiB - C: \PARTITION1 - Unknown - 251.02 MiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.-- Env... Read more

Answer:Antivirus Xp 2008 And Blue Screen Removal

Hi,

Can you post the log from Deckard System Scanner, but the main.txt? Because you posted the extra.txt log instead.

17 more replies
Relevance 90.61%

Been a lot of these around recently in their different guises so here's the links to the removal instructions for them:-Antivirus 2008 or Antivirus2008 Removal Instructionsclick hereAntivirus 2009 or Antivirus2009 Removal Instructionsclick hereXP Antivirus or XPAntivirus Removal Instructionsclick hereXP Antivirus 2008 or XPAntivirus 2008 Removal Instructionsclick hereXP Antivirus 2009 or XPAntivirus 2009 Removal Instructions click here

Answer:(XP) Antivirus 2008 2009 Removal Instructions

Or download and run a quick scan with Malwarebytes' Anti-Malware {free}click here

1 more replies
Relevance 90.61%

I have been attempting to remove the Antivirus XP 2008 menace for over a week now. I had CA antivirus protection from my local ISP so I began with my ISP. They in turn escalated the call to CA antivirus. The repesentative there worked with me for two days before advising that I reload my operating system and start from scratch. Before taking such drastic action, I began my search within the Bleeping Computer forums.

I am running Windows XP and Internet Explorer

I have found a great deal of helpful info in the forums (and in addition to the scans etc. run with the CA antivirus tech), I have done the following as recomended on the forums:
Cleaned out temporary files, temporary Internet files and Recycle Bin
Scanned with Ad-Aware, Spybot Search and Destroy, Bit Defender (all multiple times) and McAfee Avert Stinger
Enabled Firewall
And attempted to download all the latest Window updates, but am unable to as the Internet is redirected when I attempt to do this.

I have rebooted, scanned, opened in Safe Mode With Networking repeatedly, but get redirected or the notice that the website is unavailable. I have had to download all of the spyware removal tools on a "travel" drive from one computer and then install the files on the infected computer. I am not sure what to try next and would greatly appreciate help in irradicating this pest once and for all.

Thank you!!!!!!!!!!!!!!

Answer:Antivirus Xp 2008 Removal - Internet Being Redirected

Firstly, do as described in this tutorial to remove Antivirus XP:http://www.bleepingcomputer.com/malware-re...tivirus-xp-2008Sicne you're being re-directed, I recommend downloading malware bytes from here on a different PC:http://www.download.com/Malwarebytes-Anti-...4-10804572.htmlAnd the latest database:http://www.malwarebytes.org/mbam/database/mbam-rules.exeThen, through internet explorer run the Kaspersky Webscanner:http://www.kaspersky.com/virusscannerPlease post the malwarebytes log and the kaspersky webscanner log (if possible) in a post here

2 more replies
Relevance 90.61%

I was working on a computer for a co-worker and she got the infamous AntiVirus 2008 rouge program. She is running Windows XP. I dealt with an eariler version of it on a different computer and had no problems removing it then. This time however was different. Last time was just a matter of deleting the files in Safe Mode and that was that. This time I had to edit the registry and use Spybot to get rid of the rest (plus Zango and other stuff). I found a site and only deleted the registry values associated with Vista AntiVirus 2008. Now it's worse off than ever. explorer.exe won't start up on its own, at all. All that shows is the desktop background. I have to manually load explorer.exe through the task manager. The same goes for Safe Mode, I have to manually load explorer.exe. I also keep getting userinit.exe errors when it boots (0xc0000005), rundll32.exe (same error code) errors whenever I want to open something up (My Computer, Control Panel) and when I want to run the Firefox setup, it extracts the files then crashes. Any ideas on what the problem may be or how I can fix it will be greatly appriciated. ThanksCartman

Answer:Vista AntiVirus 2008 removal problems

I hope you had the foresight to backup the registry before screwing around with it.  Even when following instructions online, it's very easy to screw up the registry and it's quite possible that this is what happened.  If you made a backup, I would suggest importing it.  If not, then just skip that step, I guess.  Either way, take a look at this post:http://www.computerhope.com/forum/index.php/topic,46313.0.htmlPost the requested logs and we'll see if there's anything we can possibly do to help.

1 more replies
Relevance 89.79%

Hello all,

I am a newbie to these tec support forums, so bear with me (I can usually remove malware on my own with a bit of help from google!)...

After trying to set up a plug-in for Nero (at least i presume that's what it was, as that's when the trouble started) My system was infected with Vista Antivirus2008, a clone of the Antivirus2008 malware so I believe. My system has Spybot running in the background (and Bitdefender) and so those stopped the vast majority of dodgy registry entries being made pointing to the malware and the numerous trojans associated with it.

The VAV program has done the following to my system:-

- Disabled viewing of all Local hard drives from Explorer (although still accessable from typing the disc root into the address bar)... I have fixed this by installing Windows SteadyState onto the system.
- Disabled access to the registry, stating "Access to the registry has been disabled by the administrator", even though I am the administrator!... This was again fixed by SteadyState.
- Disabled the Task manager: Error message "The task manager has been disabled by the administrator" was shown, so i couldn't kill off the trojan's processes... I think this has been fixed by SteadyState
- XP Start Menu altered: No 'log off' button, no 'programs' buttom, no list of recently used programs, no access to Internet Explorer or Control Panel or the vast majority of links which used to be on the start menu. The programs menu is a lot... Read more

Answer:Help needed to finish off removal of VISTA ANTIVIRUS 2008!!

Same exact thing happened to me last night. Any advice would be appreciated.

Ron

8 more replies
Relevance 88.97%

Hello,
I did a silly thing by installing an un verified file and have ended up with these two problems.
1. Anti virus 2008 pop up and application install
2. BSOD screensaver.

So far i have stopped Antivirus 2008 by using super anti spyware free edition and i have stopped it starting up by using msconfig.
The BSOD screensaver has disabled my desktop settings and also stopped me from restoring as it has deleted/hidden previous restore points.

I have tried to follow the instructions on post;

Solved: Antivirus XP 2008/BSOD Screen Saver (HJT
http://forums.techguy.org/malware-removal-hijackthis-logs/724160-solved-antivirus-xp-2008-bsod.html

but the files were different.
Here is my Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:33, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgen... Read more

Answer:Solved: Antivirus 2008/ BSOD screen saver removal

Ok solved it.
run SAS (super anti spyware) in safe mode.
run msconfig from start>run
uncheck antivirus 2008 in startup progs
follow the instructions here:
http://forum.sysinternals.com/forum_posts.asp?TID=15206&PN=2
disable and re enbale system restore
done well should be lol
 

1 more replies
Relevance 87.74%

Hey guys,

I am guessing that by now you have all seen or known someones about this VIRUS ALERT & XP / VISTA Antirvirus Problem!

I know how to remove them and so but I am finding my customers are coming back pretty much ever few weeks because they are getting it back on there.

1. Has anyone or does anyone know of a fix that stops these problems getting back into the machine?

2. Could someone give me a list of things that are making people fall for these pests getting on the computers.

I would be most happy if someone could help me out here its becoming a pain in the bum and some are so bad that they are needing reinstalls.


JubeiTigeruk
 

Answer:Virus alert / xp & vista fake antivirus 2008 & 2009 removal!!!

There are two reasons why it would be back:

Not removed 100%
The end user keeps doing the same bad things to reinfect themselves.
As far as number 1, I cannot answer whether the machines were totally clean since we did not clean them.

For number 2, no matter what you put on a PC, a user can still infect themselves by doing the same foolish things. Your best bet is the below and a proper education of the end user

How to Protect yourself from malware!

The websites they are visiting, what they are download and from where and how (P2P/Torrents...etc) are the frequent causes. They need to learn the difference between a popup from their own protection software and fake things that tell them they need to download software to clean an infection from their PCs.
 

3 more replies
Relevance 87.74%

Just a comment about topic '23-May-2007 12:32 AM - Solved: HELP!! Infected with em.pc-on-internet/amaena and others' in forum 'Malware Removal & HijackThis Logs'.

For sometime I was experiencing persistent screen pop-ups on my computer infected with malware from 'http://em.pc-on-internet.com'. After reviewing the posts in this forum topic, I applied 'Cybertech's response that fixed 'Turanganui's problem. This instructed Turanganui to download and run 'combofix.exe'. I did just that (carefully following this utility's screen prompts through to the finish). Upon completion I was rid of the pop-ups that were advertising in nature, though not malicious, but annoying. This was the only utility downloaded and run, as it always the last one that effects the desire end result.

The end user is forewarned that this utility is not to be used without the tutelage of either a 'gold' or 'blue' shield anti-malware instructor. Also the advise given 'Do not mouseclick the Combofix window while its running, as it may cause it to stall.' was observed.

End result was that on first attempt, I was successful in removing the malware from my computer. With a little research and study of the 'Tech Support Guys Forums' website, success was achieved.
 

More replies
Relevance 87.74%

As stipulated in the forum rules, only members who have a gold (Malware Specialist) or blue (Malware Trainee) banner under their usernames are permitted to post to malware-related matters. However, unauthorized members often disregard those rules and post when they are not qualified to do so. As a result, we have decided to change the Virus & Other Malware Removal) forum permissions to prevent this.

Therefore, effective immediately, the following change has been implemented.

Anyone seeking assistance will be able to start a new thread and, being the thread starter, they will continue to be able to post replies back to their own thread as they follow through the clean up process with their helper. However, only authorized members will have access to reply to those threads. Anyone trying to reply who is not authorized will receive a "denied access" message.

This change was necessary to protect the posters who come here seeking help.

If you have general questions relating to anti-virus/anti-spyware programs, firewalls, etc. you may post them in the General Security forum where anyone can reply.

We thank you for understanding.

Edited to reflect changes August 1, 2007.
 

Answer:Virus & Other Malware Removal Forum Changes in Effect

I'm copying this here so as to have only one thread stickied:

Revised April 10, 2007 to include new category of malware trainee.

I just wanted to inform everyone of a change that has just been implemented regarding malware removal in order to ensure that users receive the best quality assistance and to avoid any confusion.

Only members who are deemed qualified to remove malware may post to security related threads. These members can be easily recognized by a gold "Malware Specialist" or a blue "Malware Trainee" banner that will appear under their user names.

A paragraph has also been added to the forum rules that reads as follows:

Unauthorized Malware Removal
In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware are identified with a title near their username. If you'd like to participate in a training program, please contact a Moderator.Click to expand...
 

1 more replies
Relevance 87.74%

Hello, I went through the whole removing malware procedure which took me hours to try to fix my pc. I was told my logs are clean but it does not change the fact that my computer shuts itself down while trying to run in safe mode or running Kaspersky antivirus. Is there any further help before I just give in and reformat my machine?

Paul
 

Answer:Started in Malware removal, now in Software forum

Greetings, pauljacks411...

We need to know what OS and service pack# you're running, the Kaspersky version, and any other machine specs you can come up with...also, do you have a Windows disk, or do you have a recovery partition?
 

6 more replies
Relevance 86.92%

Unless you are an authorized Majorgeeks Malware Expert/Helper/Malware Fighter, please refrain from posting in this area of the forum unless of course you started your own thread here asking for help with malware removal.

Thanks for understanding.
 

More replies
Relevance 86.92%

We appreciate that some of you sometimes want to help users requesting the help, but our rule is that only Moderating Team and Malware Removal Experts are allowed to respond in Malware Removal Assistance forum.

If you are not in one of these groups, you are not allowed to respond, any such unauthorized posts will be deleted without response to the poster.

Please DO NOT take advice from members other than those allowed to respond to. If you follow the advice of anyone other than the above groups, you do so at your OWN risk.

If you're interested in helping others with removal of Malware please visit one of the sites below to sign up for a training facility:

http://uniteagainstmalware.com/
Thanks!
 

More replies
Relevance 85.69%

Thank you everyone for all of your invaluable insight and sharing of knowledge. I need help with identifying/verifying that my computer has been hijacked and infected with multiple viruses. Please contact me to begin the process (via this thread). Thanks.
 

Answer:Read 100's forum posts and need expert help with virus and malware removal

8 more replies
Relevance 85.69%

I have a dell inspiron 1720 and with windows Vista.

The sound on my computer keeps turning off and i have to turn it on by right clicking on the task bar and selecting the audio device. However, it turns of within a couple of minutes.
Also on the task bar it says i am not connected to a network even though i am connected to the wireless network.
I also have a windows security centre alert saying security centre is off.. I click turn it on and Maleware protection is red and says check settings.
Even though my AVG is uptodate it says no programs found. It says spyware protection is off and when click to turn it on I get a messege saying " There are no new deffintions available to download for windows defender"

I also keep getting a messege saying " Host process for Windows services stopped working and was closed"

I've updated AVG and run scans however it does not detect anything ..

I am overseas so i do not have any of the cd's that came with my laptop.
Please help.

Here is the log from Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:40 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\... Read more

More replies
Relevance 85.28%

suddenly those programs appears at my pc!!! please help me... here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:33:59, on 10/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\wyn3.tmpC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more

Answer:Infected With Malware Protector 2008 And Antivirus Xp

Hello Thiago Ol?vio and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Add... Read more

5 more replies
Relevance 85.28%

I got XP antivirus 08 on 7-2-08, I tryed removing it with add/remove programs and didn't work, after 5 min I got Malware protector 2008, So I scanned my computer with AVG anti virus, Ad aware 2007, Spyware terminator, spyware doctor and malwarebytes anti malware, I also did the cleaning process with Smitfraudfix, and heres is the good thing, there's no pop ups, nothing starts when I restart the pc, theres no bugs on the screen and is not bothering me at all right now, but i still see them, the folders are still in program files (malware protector = shcl67j0e3ul , xp antivirus = rhcn67j0e3ul ) and they are in add/remove programs still. I also followed some manual instructions on how to remove them ( http://www.xp-vista.com/spyware-removal/xp...-antivirus-2008 ) and it seems like the re-produce or something, because they came back. Also the uninstall option has a red "x" on the side, I guess that means it doesn't work. I don't know what else to do, I was thinking on restoring the computer to a day before I got these viruses, but I don't want to mess my computer up and I don't have the windows cd with me. If you guys could help me I would really appreciate it. Thanks! Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 18:46:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System... Read more

Answer:Infected With Malware Protector 2008 And Xp Antivirus 08

Hello Jota_leslie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

5 more replies
Relevance 84.05%

Here is a link to my previous posts (pre DSS) so you can get an idea of what's happening to my system:http://www.bleepingcomputer.com/forums/t/156344/i-have-the-same-hijacked-system-problems-as-neo147-need-help-w-combofix-logsplease/also noticed that the infection seems to have taken control of my desktop settings. when you right click on the desktop to get the settings window (with the image menu, screen saver menu, etc) it's different from prior to the infection. i no longer have tabs for some things to click on in this menu now. this has to be related somehow to the background screen image going back to the "Your computer is infected with..." at reboot. very weird.anyhow, here is the "main" DSS logfile, followed by the "extra" one:"main"Deckard's System Scanner v20071014.68Run by Jeff on 2008-07-08 17:58:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-07-08 21:58:26 UTC - RP8 - Deckard's System Scanner Restore Point6: 2008-07-08 02:10:27 UTC - RP7 - Software Distribution Service 3.05: 2008-07-08 02:02:54 UTC - RP6 - Software Distribution Service 3.04: 2008-07-08 02:01:47 UTC - RP5 - before spack33: 2008-07-08 01:59:22 UTC - RP4 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-07-07 15:50:39 UTC - RP2 - System Chec... Read more

Answer:Infected By Antivirus Xp/malware Xp 2008 - Trojans Keep Getting Found...

Hello stiahhh,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
White Warrior

20 more replies
Relevance 83.23%

This is a bit of a weird problem. :S I've written a post and attached the attachments and everything, but every time I try to post it, I get sent straight to the "Internet Explorer cannot display the webpage" page. I get the same problem when I try to preview the post. Any idea what's happening? D:

P.S. Sorry if this is in the wrong section, I wasn't quite sure where to put this rather odd topic.

Answer:Cannot create topics in the Virus, Trojan, Spyware, and Malware Removal Logs section of the forum.

Hello Prosaic.This could be malware interfering here. Let's try this. You will need a clean computer and a flash drive.***************************************************This applies to your clean computer.Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.***************************************************Please use the flash drive to move the logs you generated by following the Prep Guide from the infected computer to the clean computer. Then, use the clean computer to create your topic.Let me know if this does not work.~Blade

5 more replies
Relevance 83.23%

Before I tried to buy a discounted Office suite for download, I had no problem downloading large files. I was not satisfied with that purchase, and I think it must have snuck something into my tower. Now when I try to download large files they time out with the message "Failed-Network error", even the files for malware removal. Does anyone know which would be the best fix-it software on a CD? Please, help. Thank you.
 

More replies
Relevance 83.23%

Hi there. Found 360 on my desktop tonight and ordered MalwareBot + Registry + Active Protection. Then downloaded HJT.I've also been running Avira AntiVir Personal edition but that didn't seem to catch this.I've quaranteened all files from the MalwareBot scan, but still have browser hijacking going on.My HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:56:12 PM, on 2/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\Program Files\AntiVir PersonalEdition Classic\... Read more

Answer:Need Help with 360 AntiVirus Malware Removal

Hello bknobloch,I'm afraid that not only did you get taken, but you got taken. MalwareBot is a rogue that uses false positives to goad you into a purchase. If you paid money for this, then you lost it because they will not give you a refund.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the c... Read more

5 more replies
Relevance 82.41%

Hi just got infected with spyware some way or another. Last thing I could think of was accidently clicked link that open real time player. Then I closed it. And 10 minutes later spyware. I am affraid of doing scans and deleting whatever and then restarting when done. Cause I got no disc and don't want to get GF mad at me for messing PC up. Anyways the fake antivirus keep popping up it says MS removal tool or something like that in bottom right. I came back to computer and said infected with spyware. I obviously didn't click it.. It then popped up fake avg and then it keeps opening itself. Ctrl alt delete ain't working. Trieed downloading malwarebytes and superantispyware and renaming. Said there infected and wont open. It just wont let much open. I did get IE to open atm thank god. Any imput? ATM imma try to download and run scans again.
 

Answer:infected rs removal fake antivirus?

Uploading one
 

7 more replies
Relevance 82%

I'll try to make this as clear as possible:The day before yesterday, my wife as working on her laptop. She clicked on an Internet link to a MySpace site and suddenly her computer was hijacked by a virus posing as an Internet security scan by "Antivirus Pro", which not only began running a false scan, but continually posted pop-ups saying that one file after another was infected and could not be used, and also began opening a porn Web page. Obviously, my wife freaked out and started yelling to me for help.My wife was just recently given this laptop as a hand-me-down from her father, so I wasn't really sure what AV program she had on it and neither was she. I knew she had downloaded Malwarebytes before, so I tried to run that, but at first the virus wouldn't let me. However, after several false starts, Malwarebytes finally ran a quick scan, but came up clean. I then ran the Malwarebytes full scan, but with the same results. Next, I went online to try to run a free ESET scan, and it was at this time that I realized her computer already had a paid subscription to ESET Antivirus through December, and ESET was active. However, it had not caught this virus! Even thought ESET said it was current and updated, I ran a full ESET scan anyway, but again, it came up clean.All the while, I had to keep "X"ing out of pop-up after pop-up from the virus, each one either advising me of another file that was corrupt or telling me my computer was in danger and did I want to "activate my antivirus ... Read more

Answer:Removal of Antivirus Pro malware [Moved]

Hello there,

Yowza, what a saga. Since you haven't posted any logs, I'm shifting this topic to the Am I Infected forum where we can begin assisting you. At this point, please do not post logs unless requested.

Orange Blossom

15 more replies
Relevance 82%

I've tried Malwarebytes, as well as some of the other better malware removal tools, yet every time i install and try to run the programs the malware automatically deletes the .exe files that run the programs. any advice?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:45:03 AM, on 10/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\nnohiq\tleesysguard.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\nnohiq\tleesysguard.exe... Read more

Answer:Antivirus 2009 malware removal...

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 82%

My mother-in-law gave me her laptop to clean up some stuff cause it was getting a bit slow. I checked out everything and I uninstalled norton with the removal tool and installed MSE Free. I ran Malwarebytes, SuperAntiSpyware, Spybot Search And Destroy and Full scan with MSE. All found 0 infections. I also ran ccleaner. Well I went to security page that show antivirus and firewall in windows and noticed it said 1 or more antivius and 1 or more firewalls is running on your computer. Ok so I turn off the xp firewall and it says best malware firewall is currently protecting your computer. Well I googled it and see its malware. How do I remove this? The laptop is running fine but I know this malware is lurking casue a credit card number was stolen when used on this laptop online. The only thing I found to detect it was StopZilla but have to pay to remove it. Any help is appreciated. Its a HP Compaq NX9010 Running XP Pro. Thanks!!

Answer:Best Malware Antivirus/Firewall Removal?

Hello and welcome.. This is the procedure I have used with success. I 'd say where you already have the tool ,just update prior to scanning.First we need to disable Spybot S&D's "TeaTimer"if runningTeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click Mode > Advanced Mode.
You may be presented with a warning dialog. If so, click YesClick on Tools and then Resident
Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"Close/Exit Spybot Search and DestroyPlease click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and... Read more

6 more replies
Relevance 82%

Hello, new forum user. I've been running amok for a couple of days now, playing cat and mouse with a set of malware that infected my computer. It has shut off internet access and has gone as far as disabling processes to prevent me from ending them. I used HijackThis and Malwarebytes to get rid of some of the issues, but Malwarebytes cannot be updated (it wouldn't allow it even when connected) and I know there are some remnants just waiting to come back online the second I plug back in the ethernet. A few suspicious applications and processes have appeared, including ibd.exe, ibc.exe, ibf.exe, g9wsxg.exe, browserseek117.exe, and the virus Antivirus Antispyware Removal 2011. I have deleted some of these and gone through the registry once before on my own time in an attempt to take some of them out, but I know I haven't done the job fully, so I was hoping the experts here could help. Here is the HijackThis log that is newest:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:28 PM, on 4/14/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.... Read more

Answer:Antivirus AntiSpyware Removal Malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 82%

Running windws XP service pack 2 - I am novice - semi-computer literate.

Prior to yesterday had Symantec Enterprise antivirus and Stopzilla running.

Yesterday morning was working on an excel spreadsheet and received a popup that Stopzilla stopped working and that I need to reboot to restart stopzilla.

After reboot was unable to launch stopzilla, so I checked current running processes and discovered 3203397148:3809022017.exe.

So far I have run Kasperski TDSSkiller which removed a rootkit, then the only software I could get to scan was Microsoft Safety Scanner which removed a bunch of stuff, then was able to download Malwarebytes which removed two Rouge.antivirus files. Re-ran both Safety Scanner and Malwarebytes - both come back clean.

I cannot get my Symantec or Stopzilla to launch or reinstall (I have full admin rights). When I try to launch either program I get the message: Windows cannot access the specifed device, path, or file. You may not have the appropriate permissions to access the item. I get the following message when I try to install Stopzilla: Message 1321. The Installer has insuffiecient privileged to modify this file: C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

I am thinking the registry may have gotten damaged? I am stuck and this point and appreciate any guidance.

Answer:After malware removal I cannot reload antivirus?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

23 more replies
Relevance 82%

Hello everyone!

I was originally infected with the Win XP AntiVirus 2012 malware a few weeks ago. It shut down my internet, changed settings, and reeked general havoc. I thought I had gotten rid of it until my virus scanner (Avast!) started going haywire last night and settings were being changed again.

So, I'm seeking some professional help since I apparently didn't get it all last time. Hopefully I've included all the logs you need, and thanks in advance for any help

-Alyssa
 

Answer:(Win XP) AntiVirus 2012/Malware removal

Still need to see the MGlogs.zip from running MGTools.exe. Thanks.
 

7 more replies
Relevance 81.59%

I recently had a malware trojan called Vista Security 2012. I am running Vista 32 bit. I used Malwarebytes to remove it and only could execute it by running as an administrator. It removed the Malware issue but now cannot open any program on my computer without a prompt saying "choose the program in which you want to open this program with". Malwarebytes quarantined 2 files, 1 registry data and 1 registry value. Are my registry values now corrupted and/or missing? I also noticed that my sidebar no longer loads upon boot up and also a few taskbar items are missing as if it's in selective start-up. I also did a full Mcafee scan after the malware was removed and reported no issues. I can however open any program but only right clicking as an administrator. Any help is appreciated. Thank you.

Answer:Cannot open any program after Vista Antivirus MW removal

Ahhh yes... that pain in the ass.. What this virus does is it alters the registry entry for program executing, it's a real pain, but real easy to fix. Click the link I included and it will have exact instructions from Microsoft on how to do it. http://support.microsoft.com/kb/837334

4 more replies
Relevance 81.59%

MS Removal Tool, saying I have infections and virus'. CLicked to see the problem and 'scans' my computer saying I have 38 infections. I click remove, comes up with a payment option asking for Credit Card details.

Have tried going through steps 6 and 7. Download links to desktop, try to open them. Warning sign from MS Removal Tool : 'Warning Application can not be excicuted. The file dds.scr is infected. Please activate your antivirus software'.
Not sure what to do now because steps 6 and 7 are the ones that are most imporant.

Other message bubbles keep appearing.
'Warning windows had dected spyware infection! Click this message to update'
'Intercepting programmes that may comprimise your privacy and harm your system have been detected on your PC. Click here to remove them imediatley with MS Removal Tool'

Answer:infected with MS Removal Tool (antivirus software)

Hey - it's your bro!The program MS Removal Tool is what's known as a rogue Anti-Virus. It installs on your PC and will identify problems which may not exist but ask you to pay to remove them. More details can be found here.Please download OTH.scr to your desktop.Now download OTL to your desktop.Double click the OTH file and select Kill All Processes, your desktop will go blank

Then select Start OTL, - OTL will now run:Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedCasey

12 more replies
Relevance 81.18%

Hello,
I'm looking for some help on removing a possible trojan and some malware. I've been getting notifications with "Antivirus software" alerts and a trojan called Banker A.
I've went through the steps of using RKill and following up with Malwarebytes but they both come back after restart. I'm running Windows XP. Any help would be appreciated! Thanks!

Answer:Banker A/Antivirus Software Malware Removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 81.18%

Help! Antivirus PRO is messing up my laptop big-time. I went to Malwarebytes site and downloaded the Anti-Malware, installed and ran it. It removed 14 infected objects but the Antivirus PRO is still rooted in my computer, causing problems. Need advice how to remove this Antivirus PRO after Malwarebytes Anti-Malware failed to do so. Please send advice.

Answer:Antivirus PRO stays rooted after Malware removal

Can you post the Malwarebytes log? We can go from there...

1 more replies
Relevance 81.18%

Hi,

I was asked to help a friend remove the "Windows Antivirus Software" from her computer. The virus was downloaded as part of a photo contest form. Not only did they infect her computer, they charged her for the entry fee. (She's 84 years old and is pretty sure that her cat is the cutest in the world - so why not enter a contest ;). argh.

I was not able to get a screen shot of the virus (I have a pic of the cat if you want it), but I'll try to describe it.

Right after boot up, there is what looks like a splash screen that says "Windows Antivirus Software" (white background, green lettering) and has some technical-looking statistics on it about the number of viruses that your computer is effected with. The entire background behind the splash screen is a light blue. In front of this splash screen is a pop up that tells the user to "Click OK" in order to scan for viruses. The only interaction that the user can do is click "ok". Closing the window will not work, Ctrl+Alt+Del is ineffective.

As usual with these viruses, I tried to put it in safe mode to remove. The same splash screen shows up in safe mode which is why I decided to post here.

Here is how I removed it:
Activate Safe mode with command prompt. (Even in this mode, the desktop had that same light blue color that showed up with the virus - but at least the splash screen was gone)
Run system restore from the command prompt <Start Restore> (requires syst... Read more

More replies
Relevance 81.18%

Hi Friends what is the best free antivirus or malware removal tool you have been using or used
 

Answer:Best free antivirus and malware removal tool

Moved to software. Not seeking actual malware removal.
 

3 more replies
Relevance 81.18%

Hi,

New to the forum, apologies if this isn't posted in quite the right place

Wanted to put a message on here mainly in thanks for the details on the main site on removing this extremely aggressive one! Largely this site saved my pc! Excellent work.

For information i'm running vista business edition

However, couple of points I have to add from my experience that i think will be helpful for others:

1. The instructions of the fixreg.exe could be amended to make it clearer as to what will happen - i.e. just a short note to say that you'll need to choose 'start' from the right click menu

2. upon completion of the exercise and malware bytes has removed everything you will find the pc still having the temporary .exe fix and programs not being able to start unless through this 'start' option
This aspect and how to fix it should maybe put in this area?

I tried to find a reverse for altering the registry key, but only really found help with regards to XP.

Eventually i did find one that was from a site with various file extension fixes, but it didn't work - comments on the site did suggest a lower success rate with this

I managed to resolve the problem via a system restore. This scrubbed malware bytes, but of course this will be going back onto the pc!

I hope this information will be helpful to anyone else who gets this horrible one

Thanks once again for the help!

More replies
Relevance 81.18%

Hi There. I have a Dell Inspiron laptop circa 2006, that has a bad malware infection called "Antivirus Scan." I am running XP Pro 2002. The machine is not a big loss, but I want to be able to clean the infection and recover the files. The system is paralyzed, won't let me access programs or functions except IE to go to their website to purchase "Antivirus Scan." I read this is a known malware infection, if you buy the software then blue screen after that. "Windows" alerts keep popping up about a malicious malware infection on my system, and the only function that is active is to go to their website. Obviously I am writing from a different system. What I want is to download a virus removal program and burn it to disc. The USB ports on my Dell are blocked by the virus, and I figure I need to boot directly from a disc. I just want to recover my files. I don't care if the hard drive is toast.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:"Antivirus Scan" Malware Infection Need Removal

Take a look here: Remove Antivirus Scan (Uninstall Guide)

1 more replies
Relevance 81.18%

I had trouble trying to uninstall Trend Micro Security 2010. Upon reading a forum from this site, I tried AppRemover, which successfully took the software off, however, I am unable to connect to my wireless network because the driver connections seem to be messed up(?). I have tried uninstalling and reinstalling the drivers for my wireless LAN, but this does not seem to work. I have tried troubleshooting via Microsoft's website and have used the Microsoft FixIt program, however it has failed to fix the issues. This is what the program says:Fix it Center:Use hardware and access devices connected to your computer. 5 problems need attentionHide detailsProblems found StatusThere is a problem with the driver for Microsoft ISATAP Adapter #2. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Teredo Tunneling Pseudo-Interface. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Intel® WiFi Link 1000 BGN. The driver needs to be reinstalled. Not fixedThere is a problem with the driver ISATAP Adapter #3. The driver needs to be reinstalled. Not fixed DetectedI am running Windows 7 on my ASUS notebook. I have internet connection when I'm directly connected through the cable, but I cannot get wireless connection. My other computer connects to the wireless network fine. Please help. THanks a lot in advance.*moved topic to Am I Infected as requested by narenxp. - Queen-Evie*

Answer:Difficult Antivirus removal, even more trouble post removal

Hello,Before trying to fix windows you should try the Diagnostic Tool from Trend Micro it should remove all the leftovers and maybe at the same time fix the problem you have.Download the Trend Diagnostic Toolkit and save the file to the desktop, make sure you select the tool that matches your Operating System and the 32-bit or 64-bit version.Boot the PC and enter Safe Mode (press F8 durring Boot), run the tool, click on the Uninstall tab and follow the program instructions.

15 more replies
Relevance 80.36%

I have tried the Anti malware on this site and it won't start. I am using another computer because I cannot even go to sites that have anything to do with virus removal on the infected computer. My norton and spysweeper have been disabled also. This seems really complex and nasty. I even get redirected to random web sites when I try to go to some of my favorite web sites. Not all but some.

I have downloaded the files requested on the "do this first" to my usb drive and started it from the USB on the infected computer and also saved them to the HD but none will run. I get a breif hourglass and then nothing. I have no hair left. HELP!

Answer:Malware removal wont work for Antivirus 2009

Hi pepsirich,Are you still waiting for help? If so, try the following: (If anything doesn't work, simply make a note of it and continue on.)If you have Spybot S&D installed, be sure that TeaTimer is deactivated before you begin. To do this, open the program, click on mode at the top and select Advanced Mode. Then on the left hand side at the bottom, expand tools and click on the read and white Resident shield. In the middle of the page you'll see entries for SDHelper and TeaTimer. Be sure that TeaTimer is not checked.Next download and install CCleaner. Once installed see if you can run it in normal mode. If not, please try running it in safe mode.To run CCleaner, open the program and click on Run Cleaner in the lower right-hand corner. Confirm that you want to delete the files and allow it to finish. When it's done, the Run Cleaner button will light back up. CCleaner will remove all your temporary files, browser history, logs and cookies. It will make any further work on your computer easier and it will help prevent malware from getting started again via temp files.After you've done this, attempt to install and run MalwareBytes. You may find that you will need to rename both the installation file and the executable files. You can name them anything, as long as you remember which is which and where they are located. If you are able to open Windows Explorer, find the malwarebytes executable in its folder under Program Files and rename it fro... Read more

1 more replies
Relevance 80.36%

Hello all,

I started having the problem after trying to remove malware by using mbam. Mbam recognized the items and deleted it. I had to redownload mbam, rename it, all other virus/malware utils would not start. System Recovery failed also (tried Kelly's Korner registry link). However, after the reboot I still have no access to the virusscanners and the system still is affected.

When I start in normal boot, everything will freeze within a few minutes, also safemode with networking isn't stable, I can only use Firefox and some programs but not for too long (i had to do root repeal in safemode with prompt). I ran mbam again and panda online virusscanner, it does not give any hits on any malware.

I added the requested logfiles, but unfortunately i do not have he old mbam log of what it deleted (got tired of all the txt popups so i once turned logs off, i am so regretting it now). Since the scans with mbam and Panda virusscanner do not give any hits, i am clueless what to do next.

Can you tell me how to fix it? Please shine your divine light on me

*bows humbly*

Answer:Laptop freezes after removal of malware (like Antivirus 2009)

Guess I know what is bothering me now..I saw a lot of H8SRT remarks in the logs of Root Repeal and after some browsing and checking I noticed a solution to download TDSSKiller and after that run mbam. So I tried to run TDSS in safe mode. It cannot get access to KLMD, error 2 and the results are 0 across the board..The story continues..http://www.bleepingcomputer.com/forums/t/281515/h8srt-rootkit/===========[Edit after moderator post in blue] Oh, sorry, the addition with the H8SRT remark was not meant as a bump at all, my bad.I just wanted you to know what I have been doing thusfar. After a normal reboot, TDSSKiller worked and removed the .sys-file of the H8SRT trojan. I rebooted into safemode (without networking) and did a full scan with mbam. No result. However, my laptop is working in normal boot. I ran a quick scan with mbam and omg, it detected the (20 hits for H8SRT) leftover files.. Files removed, and I can move around normally. The previous link really helped!PROBLEM HAS BEEN FIXED.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assista... Read more

2 more replies
Relevance 79.95%

I'm having trouble removing bip.exe
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:52 AM, on 4/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\vVX6000.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\WRInstall.exe
C:\Users\Jesse\AppData\Local\bip.exe
C:\Program Files\Trend Micro\HiJackThis\HiJack... Read more

Answer:I'm infected with bip.exe & malware removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 79.95%

OS: Windows XP Pro SP2

My CPU has been running odd for the past 5 days. Programs would stop on their own, I received a black screen, and programs were laboring to load. I had not run Spybot search and destroy for about a month, so I thought that would perhaps find some problem. iI have always had success in locating problems with spybot in the past. I also have used Lavasoft Adaware in conjunction. I tried to run Spybot, but the system was incredibly slow. In one instance Spybot crashed, another instance it ran for about 9 hours and was only 1/10 its way through the scan list, and another time it ran faster (though still very slow compared to how it used to run) but did not find any problems. I then ran a fresh install of Adaware, which took many hours to run, and that came up with no problems also. While the programs were taking a painfully long time to run, the hard drive would have a constant "marching" sound coming from it.

At this point I found your forum on Malware removal, and began to systematically work through the step by step process. I had used MSConfig in the past to stop programs from startup, so when I set to normal mode (Step 4) and rebooted, the CPU ground to a complete halt taking eons to load and not allowing any programs to run (unless I waited 30 mins. for my explorer to open) at normal operating speed. I must have unleashed prior malware hidden in the cpu, though I am not sure. The "marching" described earlier occurred... Read more

Answer:CPU infected - Asking for malware removal help

I am not seeing any malware on your system. Did you disable your AV software before you tried to run ComboFix?

When you say your hard drive is making a "marching" sound, could you be a little more specific? Is it clicking? That would be an indication that your hard drive is dying.
 

5 more replies
Relevance 79.54%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 79.54%

I have many pop-up ads while browsing the internet these past 2 days. When I click my Windows Security Alerts icon, it states that I am "at risk" because my automatic updates have been shut-off. Even when I turn them back on, they reman shut off (i'm pretty sure this is the malware running defense for itself). The pop-up ads are for fubar.com, bigpoint.com, ovguide.com, and for vista antivirus 2008 & 2009 software. Basically they're trying to get me to buy bogus software to "fix" or "clean" the problem that they gave me.I'm running IE7 on Windows XP Home w/sp3. I'd really appreciate any guidance/help from the professionals on this forum with helping me remove these problems. Thanks in advance!-JimDeckard's System Scanner v20071014.68Run by JIM on 2008-08-03 19:30:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...failed; access is denied.Backed up registry hives.Performed disk cleanup.-- HijackThis (run as JIM.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:31:55 PM, on 8/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC... Read more

Answer:Vista Antivirus: Bogus Software... Malware/virus Removal?

update: Spybot - Search & Destroy says it's Virtumonde. I think it could be more too.
Day 4...

28 more replies
Relevance 79.54%

hey guys does any one know how to download stuff like anti virus malware removal ect straight to blank media like cds,USb,external hard drives ect?

thanks

Answer:download malware removal and antivirus straight to blank media

You should be able to tell the download where you want it to save when you go to start the download.

1 more replies
Relevance 79.54%

I have a friends laptop that got infected with ANTIVIRUS 2009.

I was looking for some way to remove this a$$ho** of a program...it's a nasty one.

One website said to download Malwarebytes' Anti-Malware tool. HAS ANYONE EVER USED THIS? IS IT ANY GOOD?


Also, any recommendations on how to remove ANTIVIRUS 2009?

Cheers and thanks

mark

Answer:2 questions - 1 about Antivirus 2009 removal - 2nd about Malwarebytes Anti-Malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

2 more replies
Relevance 79.54%

Hello. I was visiting a few websites and all of a sudden my computer blue screened and started doing a "file dump" it then reset itself.

I tried to go on and fix it, but it wouldn't let me access any antivirus/spyware/malware downloads. Norton, mcafee, spydoctor, malwarebytes anti malware.

I started getting popups stating "this site is unsafe download this.." it was a windows/microsoft grey box message. It seemed legit, but I did not actually download it. I cancelled. I got it every few websites I went to. Mostly from the antivirus sites.

I restored my computer to factory settings (didn't need anything on it).

I have since been able to run several virus scans and download several malware softwares. I have malwarebytes anti malware, norton, and spydoctor. They all have run and found nothing.

I just want to make sure I have gotten rid of everything.

I downloaded hijackthis and this is the log it just returned.

I don't know what to do with all this, but it has been suggested I find a help forum for some advice.. Anything anyone can tell me is much appreciated. Thanks in advance.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 8/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.... Read more

More replies
Relevance 79.13%

I am helping a friend whose computer was infected with a virus this morning--the guilty files were 9129837.exe, advpackc.exe, pdfupd.exe, and wpv071239024366.exe. The computer is a Dell Optiplex GX520, Windows XP Pro, running symantec corporate.

I launched windows into safemode, deleted the startup files, and then deleted all of the suspected malware files. This became a bit challenging because I couldn't open regedit.exe and other .exe files. I copied regedit.exe to regedit.com, and all was well. But now I still cannot open .exe files, even though I believe I have solved the malware issues. I have followed numerous suggestions to fix this problem, but to no avail. I have tried the Doug Knox .reg file, the Kelly Corner .reg file, tweaking the registry manually (all the entries look fine) and some other downloads/scripts claiming to fix automatically. Still nothing. Anyone have any ideas? Thanks for your help. DDS log is below:
DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by administrator at 16:58:18.65 on Wed 04/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.716 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Exp... Read more

Answer:Cannot open .exe files after malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

3 more replies
Relevance 79.13%

Hello everyone and thank you in advance for taking your time to help me with my problem. I am trying to fix my brothers HP mini 110 netbook with the main problem being that it would not connect to the internet. I restored the internet connection by doing the following:


Quote:




Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log

Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log




The internet connection is there now, but the browsers will not open. I updated the BIOS and installed PC Tools Spyware Doctor + Antivirus as well as PC Tools Registry Mechanic. Although both programs found a lot of issues, the browser issue still exists. When I try to open the browser, I get the following error message:


Quote:




Windows cannot find 'C:\Program Files\Mozilla Firefox\firefox.exe.' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.




This is the error that appears for all of the internet browsers. Other .exe files seem to work fine and I can access command prompt and the registry editor. Any help is appreciated. I have been working on fixing this computer for 48 hours now and have absolutely no luck. Thank you in advance everyone!

Answer:After malware removal, browsers will not open.

Use malware bytes if you havent yet, run it at least 3 times. Do you recall what the name of the virus/torjan that infected it?

5 more replies
Relevance 79.13%

Hi folks,
Malwarebytes is blocking the malware removal website for me.Is the malware removal website infected itself?

Answer:Malware Removal site infected?

What website is that? Can't check it out if we don't know the url.

5 more replies
Relevance 79.13%

Hi
I have tried the softwares I mentioned all in full version(trial) except zenama which is free
It started with a lot f ads,inability to download anything and pop up installer for random aps whenever I opened any app or new webpage.
Most is fixe and laptop is kinda normal now..but these three errors(scan log uploaded) reappear on zenama scans,without any trace on anti virus or any other tool from those mentioned.
 

More replies
Relevance 79.13%

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jim at 20:55:39 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.999.442 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\W... Read more

Answer:Infected with ms removal tool malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Relevance 79.13%

Hi - I am having a problem with my Dell laptop, which runs MS Windows XP SP3. A few days ago I started getting an error message shortly after startup saying that the "DCOM server process launcher terminated unexpectedly and Windows must shutdown" with a 60 second timer. I can stop the shutdown using Start/Run/shutdown -a. The computer will then work, but I continue to get pop ups saying the computer is infected. When using IE to search the internet, I constantly get redirected and get pop ups urging me to install "Antivirus Pro 2009." I have Malwarebytes, Superantispyware, and Combofix installed on the computer, but I can't run them - I just get the egg timer for a few seconds, then nothing. I tried in safe mode and also from a memory stick and still can't run the programs. I also can't download new versions of the programs or any other Malware-related programs, such as HijackThis - I just get redirected or I get a message that IE cannot display the download page. I also cannot get to your site, so I am using another computer to contact you. I went through your cleaning procedure and was able to get through Steps 1 and 2; however, I can't do Step 3 since none of the programs will run. Any help would be appreciated.

Thanks,
Bobny
 

Answer:Infected and Can't Run Any Malware Removal Programs

Welcome to Major Geeks!

I know you indicated you have started to run the READ & RUN ME, but follow along with the tips/notes below and try ALL steps. Make sure you also follow the instructions about renaming files.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

16 more replies
Relevance 79.13%

Hello. I have windows 7 and I noticed norton picked up on a few things. I didn't see the first one but a message just popped up now saying there was an attempt blocked called HTTP Nukesploit request. I did a little research online and found that it's malware. I know nothing about viruses and how to get rid of them besides downloading antispyware or programs such as that and running them and seeing what is found. Norton found that nukesploit and read about other people who have this problem have malware. While I was looking at that message, I decided to check my norton history and see what other things are detected as I leave my computer on sometimes while watching tv and don't notice the messages. There was one attempt blocked a few days ago saying HTTP Fake av redirect. I researched that a little bit and people have said that there's a fake av program installed on their computers but I only have norton on mine.

Also, my internet explorer has been crashing a bit more often. With the error message saying "internet explorer has stopped working" and you click ok and it restarts the browser with the tab you have it on. I haven't been doing anything weird I'll just be trying to watch a streaming video or something and it gives me that error message. It usually happens with streaming video sites or on sites I always frequent like a few video game websites and streaming sites and such but it's never off a new page i'm going to. It happens m... Read more

Answer:Infected with malware and something else possibly - help on removal

bump. any help?

1 more replies
Relevance 79.13%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.72%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 78.31%

I noticed AVsecurity running on my computer I ran processexp and suspended the infected exe. I wanted to run malware bytes but i was unable to get to an website. I downloaded malwarebytes on my second pc and transfered via usb to the infected box. it removed 2exe's and reg files. I rebooted the comuter and am still unable to get to any webpage. attached are logs from dds.

Answer:Unable to open webpages after malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

I am stuck at the point where you need to choose a program that will 'open' the tool. I don't have a clue, but have tried some with no success. Would appreciate the info. Thanks, {redoak}
 

Answer:Solved: How to 'open' Ms' malware removal tool

16 more replies
Relevance 78.31%

Hello. First, Google Chrome stopped working and shut down. wouldn't open or immediately crashed. then lost IE as well, unless I backed in from a cached page. Avast virus scan revealed Dropper gen Trojan and supposedly quarantined, but the problems persisted. I carefully followed all seven steps on this site to remove, using all the listed software/scans. I have IE back now, but it is often redirected, and Chrome still doesn't open or immediately crashes. Please help.
 

Answer:still can't open Google Chrome after Malware removal

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

29 more replies
Relevance 78.31%

Recently I have noticed I cannot open any antispyware/malware programs and my google searches will often redirect to random stuff that is not even close to what I googled. Here is my dds logs. If I did anything wrong please let me know.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Gablen at 1:11:32.01 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.674 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:&#... Read more

Answer:I cannot open ANY spyware/malware removal programs!

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

6 more replies
Relevance 78.31%

Hi My Windows 7 PC 64bit is infected with Virus / Malware. Whenever I try to use Internet Explorer it guides me to different websites each time. Is there a good Antivirus / Malware which can help clean up the infection. I do not want to reinstall Windows. I will appreciate if you can share some of your experience with me. Thanks!!!EDIT: Moved from Win 7 to Am I Infected forum ~ Hamluis.

Answer:Virus / Malware Removal for infected Windows 7 PC

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

1 more replies
Relevance 78.31%

Hello, I am having trouble detecting what malware is causing my computer to have pop-ups and redirections in my web browser. I used a tutorial that used rkill and malwarebytes anti-malware to remove MalwareDefense. Upon reboot, Malware.Trace popped up. I thought I had removed it, but am still getting the pop-ups and redirections. Nothing is showing up on my MBAM scans now, and Avast doesn't seem to be removing or quarantining any of the infections either.DDS (Ver_10-03-17.01) - NTFSx86 Run by USER at 13:23:30.82 on Wed 04/07/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1314 [GMT -4:00]AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! antivirus 4.8.1368 [VPS 100407-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files&... Read more

Answer:Still infected with pop-ups, even after removal of MalwareDefense and Malware.Trace

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

7 more replies
Relevance 78.31%

My computer has been infected with Smart HDD. I'm in the process of removing it, but even in safe mode with networking it still wont let me access Malwarebytes Anti-Malware pogram to scan and remove the virus. DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16Run by Melissa at 17:46:28 on 2012-11-04Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1013.378 [GMT -7:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\s... Read more

Answer:Infected with Smart HDD and still cant run Malware Removal Programs

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

17 more replies
Relevance 78.31%

I was infected with Spyware Removal 2009 Malware. so I had the Spyware Removal 2009 malware somehow got installed on my computer. As some forums said I installed malwarebytes to remove it. I think I got most of it out but I thought I had it all removed before and it came back. So here is my hijackthis file to see if everything is off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:33 PM, on 3/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS... Read more

Answer:Infected with Spyware Removal 2009 Malware.

Hello pdeals917,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

4 more replies
Relevance 78.31%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 77.49%

I am fixing a problem for a friend. He came to me when IE would not open for him. I uninstalled the most recent installs that looked suspicious without results, so I am turning to you for help

Thanks in advance
MamaLoca
 

Answer:Malware removal for a friend. IE will not open, system slow

That is not the correct log from Malware Bytes. Instructions explain how to find it.

MyPC Backup <<< Uninstall this junk.

Re run Hitman Pro and allow it to remove all that it finds please.

Norton 360 might be to blame for Internet Explorer not opening.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\Users\Danny\AppData\Local\BITB26D.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}]

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Pr... Read more

5 more replies
Relevance 77.49%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x86 Family 15 Model 107 Stepping 1
Processor Count: 2
RAM: 1791 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 700 Mb
Hard Drives: C: Total - 610475 MB, Free - 489520 MB;
Motherboard: ASUSTeK Computer INC., M3A78-EM
Antivirus: None

PC slowed to a crawl so I suspected malware/virus. I used Spybot S&D which didn't help. Found and used Malwarebytes and CCleaner which did seem to work. I realized though, my .jpegs on the desktop wouldn't open but others in My Docs did. Now it seems all .jpg and .pdf files don't open. I can still see thumbnails which leads me to believe there is still something there - encryption maybe? Anyways I realize I may have already gone too far without guidance, please help. Thanks in advance, Jim.
 

Answer:.jgpg Thumbnails show but won't open after malware removal

16 more replies
Relevance 77.49%

I'm using Windows XP Home Edition and have Avast Antivirus on it. Initally, the computer became infected with XP Antivirus 2010, which I tried to remove with
Malwarebyte but was unable to properly install Malwarebyte. Thus, I did a system restore and was able to properly download Malwarebyte and remove the infected files (ran numerous full scans with both Avast and Malwarebytes). After this, i had a problem with exe file associations (nothing would open) and was able to fix this with exefix.reg.

Now, everything is running properly on my computer except for Internet Explorer. My computer is able to connect to the internet (Avast is running and I'm able to download Windows updates), but when I launch Internet Explorer it opens for a second (quick flash) and then immediately closes. I've tried to reset the internet settings and uncheck the "enable third-party browser extensions" box, but none of this worked. I had recently updated to IE8 (one of the windows updates after the system restore), so I tried to uninstall IE8 but I had the same problems with IE7. I then tried reinstalling IE8 but it was no help. Please let me know if there is a solution for my problem.

Thanks in advance for your help - mckli

Answer:Internet Explorer doesn't open after removal of malware

Hello When you start Internet Explorer, it opens, flashes, and then closes immediatelyhttp://support.microsoft.com/kb/967896I'm having the same issue with IE.Hope this helps

8 more replies
Relevance 77.49%

Please see
"Windows Live mail won't open - Win 7 64 bits" topic for details.
 
 
I uninstalled Avira anti-virus and Malwarebytes (it wouldn't open, anyway), in safe mode. Now, I am able to go to my Firefox home page. But all my other problems are still there.  ESET still stops half-way through the scan (it has identified 12 threats that are still there), and F-secure doesn't open.  
 
Windows IE doesn't open.
 
I sometimes get "Windows Explorer has stopped working" and sometimes programs don't open.
 
All my problems started after I installed Baidu anti-virus. So, I tried to uninstall it, but couldn't find in "Uninstall or change a program." Do you know how to uninstall it? I believe we need to uninstall Baidu before we go to the next steps.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Danny at 11:05:23 on 2013-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6131.3790 [GMT -8:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Enabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCP... Read more

Answer:New malware removal request (re: Win Live mail won't open et al)

Hi Konadan
 
I will be handling your computer issues to help you get up and running again. Please give me some time to look over your situation and I will get back to you as soon as possible.
Thanks for your patience.
polskamachina

75 more replies
Relevance 77.49%

Hello all, thanks for the wonderful forum and the help! One quick thing to get out of the way - when I ran DDS, it created the DDS.txt but I did not get an Attach.txt log. I will post what I have. My Mother In Law's computer is hosed. Pretty badly. You can open up IE, and it just sits, there, never even really opens. I was able to put Firefox on here, which I'm using right now, and it's usable. But anytime you do a Google search, when you try to click on any of the results, you're redirected to any number of obviously virus loaded sites. I'm sure there are other problems that I haven't encountered yet. I'm just now starting to dig into this machine. I'd like to have it back to her in the next few days. Thanks for your help!DDS (Ver_09-12-01.01) - NTFSx86 Run by Andrew at 17:27:46.70 on Sun 03/14/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2940.1691 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Win... Read more

Answer:Malware removal novice seeking help. MIL's computer infected.

Hello MrCarner Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Is everything still the way you described it in your initial post? Have you been able to stop Symantec yet? Let me know of any other things which might be pertinent since you first started the thread.Thanks,thewall

4 more replies
Relevance 77.49%

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Download random's system information tool (RSIT) by random/random from here... Read more

Answer:Infected virus, trojan , spyware , and malware removal

Thank you for your response.... here are the following logsLog:Logfile of random's system information tool 1.06 (written by random/random)Run by User at 2010-03-09 10:36:20Microsoft Windows XP Home Edition Service Pack 3System drive C: has 142 GB (93%) free of 153 GBTotal RAM: 510 MB (8% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:45 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Apoint\Apoin... Read more

33 more replies
Relevance 76.67%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies