Computer Support Forum

BEST Pro PAID Service for Malware Removal?

Question: BEST Pro PAID Service for Malware Removal?

I am in need of a Malware removal service that can solve difficult issues on demand.  What is your opinion of the BEST!

Relevance 100%
Preferred Solution: BEST Pro PAID Service for Malware Removal?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: BEST Pro PAID Service for Malware Removal?

There is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. Every vendor's virus lab and program scanning engine is different. Each has has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. In many cases choosing an anti-virus is a matter of personal preference and what works best on a particular system. You may need to experiment and find the one most suitable for your needs.Please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareMy personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Emsisoft Anti-Malware is also a good choice if looking for a paid for program and so is Kaspersky Anti-virus.

6 more replies
Relevance 60.68%

Hi, I've been working with boopme on this in the "Am I infected forum" Mod. edit: Topic referenced is here: ~ OBHe determined that a driver was blocking the removal of the malware affecting my computer and said I should post here.Some background info. My desktop computer is infected. It uses Window Vista home premium. The computer is very slow when trying to browse the net and stops responding often. I can sign on with IE but am very limited to what sites I can get to. I can't get to this site. Firefox won't start at all. I am unable to download anything and I can't updated my antispyware programs. Other programs on the computer, like photoshop, seem to work fine.I have been using my laptop to download and update programs and transfer them to the desktop with a flash drive. I am posting this from my laptop.Here are the RIST logsLogfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-04 21:36:01Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 148 GB (64%) free of 231 GBTotal RAM: 2942 MB (69% free)HijackThis download failed======Scheduled tasks folder======C:\Windows\tasks\Check Updates for Windows Live Toolbar.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Ac... Read more

Answer:Driver or service blocking malware removal

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part... Read more

14 more replies
Relevance 60.27%

I had a computer infected with the Win 7 Antispyware 2012 rogue anti-spyware program. I removed it using the the instructions located at Now, a week after the initial removal, the user suddenly cannot connect to other computers on the network. The "Computer Browser" and "TCP/IP NetBIOS Helper" services will not start, failing with Error 1060 and Error 1075, respectively. The user has also informed me that they were still seeing Google redirects during the past week, which leads me to believe that there is still a rootkit installed. I have tried running tdsskiller again, but it says there are no infections. I need help removing whatever is still installed on this computer, as I would rather not have to wipe it clean.


Answer:Cannot start Computer Browser service after malware removal

I am having the same issue but it was last night that I removed everything. I'll keep searching and post if I find a solution.

8 more replies
Relevance 59.04%

Okey i now have to pay for my mp3's so my question is which one is the best between, itunes, napster, and any other ones, thx!!!

Answer:Best Paid MP3 Service

if you have an ipod, itunes is it. even if you don't i like the itunes app the best. just remember that their format is aac so make sure whatever player you have supports it

5 more replies
Relevance 58.22%

Does anyone know of a pay-in-advance e-mail service that will let you choose your own user name, no matter how long or short it is? If so, what is that web site? Thank you. Murrar

Answer:paid-for e-mail service

Just out of curiosity why do you want a 'pay for' mail service, when there are so may free ones that have the long user name availability? What are the benefits you are looking for by paying a fee?

A long user name is one way to minimize use, by others. Most people don't like typing long names or they are often misspelled.

3 more replies
Relevance 56.17%

I haven't been too impressed with GeekBuddy. A guy on it who dealt with me wanted me to get rid of all my programs that he wasn't familiar with, including Kingsoft PC Doctor. (That program gives me a very neat little bar that shows percentages for CPU and memory usage and shows you the most demanding programs on both categories if you hover the cursor over it.) He came across as arrogant and abrasive.

Answer:Is there a paid tech support service really worth subscribing to?

Hey, you can do everything they do. First, ask yourself a bunch of questions about your problem, then answer them. Sit back and pretend you're on hold for 5-10 minutes, then ask yourself the very same questions. Hold for 5 minutes then open and close a bunch of control panel applets and root around in the control panel for a while. Hold for another 10 minutes and finally, decide that the only solution to your problem is to reformat your drive and reinstall Windows. Piece of cake.

8 more replies
Relevance 56.17%

Hello, my family just subscribed to a paid VPN service and asked me to help figure out how to get the house's wifi network go run all traffic in the house through it. In short I guess we want the router to run through the VPN if that is possible.

We have a netgear R100 router and the VPN service is through PIA

Thank you in advance for any help!

More replies
Relevance 56.17%

A friend has a Nokia Windows phone I can use but need to know if I use it with my plan I have with Verizon

Answer:Can i use a nokia windows phone with my pre paid service through verizon

It depends on the phone. If it is the Microsoft Lumia 735, you can. You can also use the Lumia ICON, 822 and 928. Aside from those, it probably wouldn't work.

2 more replies
Relevance 56.17%

Some may have noticed the links for the trial version have been moving around a lot lately. We were trying to update the cans at CCSP accordingly. Today 29wood sent me the link for this.Webroot SoftwarePublisher's Website Webroot SoftwareFour-time winner of PC Magazine's Editors' Choice, Webroot Spy Sweeper 4.5 takes another leap ahead of the competition...Note: This trial version scans your PC for spyware with Spy Sweeper's state-of-the-art threat engine and offers proactive protection with Smart Shields. Removal is limited to the paid version.c|net Webroot Software

Answer:Spy Sweeper: Removal Is Now Limited To Paid Version

Hi there

I saw that as well, thankfully it looks like have got it wrong. A trial version of SS downloaded yesterday from is working just fine with nothing disabled.


4 more replies
Relevance 55.76%

I followed all the instruction to remove the FBI  moneypak Virusand could not use the free one so purchased the Hitman Pro license for 1 year subscription product key C4HTN-XSBGN -LNJTR-YVAI8 was unable to remove the FBI Virus moneypak virus in Windows 7 64 bit.
Any suggestions for further Help?

Answer:FBI moneypak Virus removal not removed with paid hitman pro

Hello deesyd I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

3 more replies
Relevance 55.76%

I paid money to have a life time protection with Viper...I want it back.

Answer:Why was my LifeTime Viper Removed, I paid $$$ for it and did not authorize removal?

Just to be clear?
This is a fan based News and Discussion site. It is in no way run by Microsoft, Lumia or any developer.
Have you tried contacting the vendor???
I gather you mean Vipre anti virus suite?
More details might help. Was there a change in the account used to log in on your computer? Change in OS version? Are all your contact details up to date with the vendor?
Have you tried simply downloading it again?

8 more replies
Relevance 54.12%

I have had my Lenovo Think Pad R500 since December 2009, and all had been working perfectly until last week when all of a sudden, it decided to not recognize Flash and Active X Control.  The consequences are that I now have limited web usage, e.g.. Cannot view videos on, (my ISP) or even view the website -- and problems more far reaching than I just summarized.  I have gone through multiple attempts to resolve the issue, including opening my Internet Explorer in the 32 bit version, rather than the 64-bit version that I have as a result of how I had the computer built.  I have uninstalled and reinstalled Flash and Active Control X in both IE 32 bit and 64 bit; and although, I receive messages that the programs have been successfully installed, my functionally remains the same. What the [email protected]&* is going on.  When the Think Pad was delivered to my home, is sung like Barbara Streisand, but now nothing is resolving the problem and Lenovo support system is as worthless than a  used, wet, dirty paper towel when trying to clean up a major spill of gasoline in the garage.  The service is TERRIBLE!!!!!!!!!!  Can anyone offer help or suggestions?  I am not a computer guru to say the least, but I can follow directions that make sense. I am so disappointed that I do not have proper, professional help from Lenovo when I paid for a year's worth of support service.  YOU CALL THE NUMBER AND THEY... Read more

More replies
Relevance 53.71%

It seems pretty inexpensive.

Anyone been using it? Thoughts?

Answer:The paid version of malware bytes

Have heard the real time protection is pretty good. But can generate some pop-ups that may be confusing to some. It acts as a bit of a firewall too. It will show blocked intrusion attempts from known questionable IP`s, possibly whole Domains.This is going on second hand info from people I know who use the paid version.Hoping someone will chime in who use`s the full version.

14 more replies
Relevance 53.3%

Is it worth it? I have the free version, but would love that real-time protection. Is it better than Windows Defender for Windows 7??


Answer:Malwarebytes Anti-Malware Paid Version

I recommend taking advantage of the Malwarebytes Anti-Malware Protection Module which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology monitors every process and stops malicious processes before they can infect your computer. Enabling the Protection Module feature requires reqistration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs.

3 more replies
Relevance 53.3%

I have a paid subscription to ESET NOD 32.  I don't understand why you have a separate program for malware too?  I do use Malwarebytes, and check with it every few days as well.  If the Chinese hackers, or other type of hacker uses malware on drive by internet browsing, and they also can get into government systems.  If they aren't protected fully, how can I expect to be?  Thoughts would be welcome.  I already pay for the av, and Carbonite.  Thoughts?Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

Answer:why doesn't paid av programs take care of malware too?

Not all anti-virus companies have every computer infection in their definitions. Therefore its always good to get a second opinion with another security product. As anti-malware products are typically less resource intensive than a full-fledged AV program, it makes sense to utilize one of those along with an av product in order to cover all your bases.

12 more replies
Relevance 52.48%

1. Malwarebytes' Anti-Malware Professional
Malwarebytes tops the list once again with the professional edition of their flagship product. Unlike the free edition, the professional edition offers all the great things included in the free edition plus more. It offers real-time protection against malware and malicious websites known to the Malwarebytes database as well as automatic updating and scanning. When a executable file accesses memory, it is scanned by Malwarebytes. If malware is detected, execution is suspended and the user is alerted. The web blocking feature scans both inbound and outbound connections for known malicious IP addresses. If one is detected, Malwarebytes automatically terminates the connection and alerts the user with a simple bubble in the task bar. Incremental updates keeps Malwarebytes up-to-date quicker, allowing it to detect more malicious software. These great features are complimented by its great price. This is one of the main reasons Malwarebytes tops the list. The user pays a one time fee and recieves updates for life. This is a great compliment to any antivirus, even if you are using a free one. The only down side is that Malwarebytes can be little heavy on system resources and is not designed to run by itself.

2. Emsisoft Anti-Malware
Emsisoft's paid anti-malware product is a fantastic option for someone looking for comprehensive protection without having to buy a full internet security suite. It features both a signature based ant... Read more

Answer:Top 5 Paid Anti-Malware Applications: Beginning of 2012

Any source for this article ?


17 more replies
Relevance 52.48%

Windows Defender along with Vista's UAC do a great job and keeping your computer protected from Spyware. However should you feel the need or if your computer does get infested by spyware which Defender may or may not be able to remove, you may feel the need for an additional 3rd Party Anti-Spy !
WinVistaClub, a Microsoft Featured Community, in association with Emsi Software GmbH is currently offering the PAID Version Of A-Squared Anti Malware absolutely FREE ! If you wish to know the details, click HERE.

More replies
Relevance 52.48%

I have been a fan of Kaspersky for like 5 years now, have their products installed on 4 different devices currently and they have never failed me to date. But, even traditional AV' s cannot detect everything with their behavior-based technology, I was looking for 2 freeware programs to complement my KIS[Kaspersky internet security] on my windows 10 pc. After a lot of poking and snooping around the IOT's , I finally came upon a nice malware remover tool known as SuperAntiSpyware :- and Zonealarm's free firewall solution :- .I just wanted to know whether using these applications with my traditional AV would bog down my system resources considerably or not, as I currently have 8 gigs of ram, will it be a problem? . I hope I do not sound paranoid, but traditional AV's with their signature-based detection were long touted to be dead against 0 day exploits and what not, I guess practicing safe browsing and tightening your security with multiple applications and browser extensions such as ublock origin,disconnect,noscript,etc is the only way to go

Answer:Companion anti-malware+firewall to complement paid AV

Windows 10 can have issues with updates/upgrades when a third-party antivirus app is installed, so I stick with its built-in Windows Defender Antivirus app.

I also use Malwarebytes AdwCleaner and SUPERAntiSpyware (both free) every 7 - 14 days to scan for and remove any threats they may find.

I've never used Kaspersky, so I can't comment on it.


1 more replies
Relevance 52.48%

One of the posts said it is a bad HD but this is 2 months old and worked fine and works fine when I load UBUNTU, ZORIN, and even a Microsoft 8.1 ISO but not the 75.00 4 disc recovery and Install discs I paid HP that should of been included in the original purchase. I put disc one in and it goes to 30 percent then I get REDUCERCopy File FailsFrom E:\Preload\BASE5.SWMto  C:\RM|IMAGE|BASE5.SWM Again I can CD load UBUNTU ZORIN or Microsoft 8.1 ISO from Microsoft site BUT I loose all the things I paid HP for such as my Finger Print Reader. I feel like I got FLEECED twice but HP.    Help PLease

More replies
Relevance 52.07%

Anyone looking for a BRAND NEW challenge??

Hi, I'm Bethy. I'm new but I know just enough about this stuff to probably be dangerous... I literally took my brand new Alienware desktop out of the box four days ago. I have no idea how, but in the process of installing antivirus software I managed to find a first run virus- Virustotal first identified it on March 7th at 8pm.
Have been working with the Mbam team since Sat. to try to remove it but despite writing code scripts for me, we still haven't fixed it. The nasty files appear to be:
C:\Program Files(x86)\standing\minor.exe

Basically, it starts a proxy server that doesn't show up in the regedit and loops back despite all attempts to remove it. I've got 6 FRST logs from various attempts Mbam'ers have tried and innumerable scans with various programs but at this point we know it's a completely new creature and we know mbam, Avira, Hitman Pro, Kaspersky TDSS, MBAR, and Zemana do NOT remove it and only Zemana even detects the proxy server- however deleting and repairing does nothing - it just re-installs within 10 seconds. The net result of this is that I only have internet access for approximately 20-30 seconds at a time and that ALL of my USB ports, optical drive etc- anything to transfer files (EG like to download Respawn and factory reset-if that would even work) is not an option... for some reason, about every 10th attempt I CAN get it to recognize a thumb dr... Read more

Answer:Paid Help, Please?? Brand New Virus/malware- Mbam Team Struggling-need Help

Note: While we appreciate that you very likely posted at multiple forums in order to ensure a response, in the future please do not cross-post. Resources that help perform malware removal are very precious and very limited, and cross-posting only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems.

In the future - choose one forum and stick with that one until they've resolved your problem.Click to expand...


8 more replies
Relevance 51.25%

Hey everyone, I am currently looking for an Internet security suite that best suits the following criteria in order of preference:

1- a very high detection rate
2- real time protection or whatever preventing malware from infecting my system is called.
3- user friendly
4- light on system resources.

I've been trying out NIS 2009 for a while and it's rather pretty nice with a decent detection rate. NIS 2009, KIS 2010 and ESET are the obvious choices from what I have gathered.

Please chip in. Thank you.

Answer:Best Internet Security Suite - Paid or Non Paid

I am biased I suppose, having used Comodo products to safeguard my PC for years now without any major faults found but you won't get better than the latest version of Comodo CIS and it is free. Here are a couple of reviews of it and there has just been an update to the version reviewd which in my view is even better than said version. Good luck.

11 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please: file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:

....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

Save it to your Desktop

Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and - normally it is C:\ . Please tell me any problems you still have.

18 more replies
Relevance 46.33%


I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.

MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a Thanks.

20 more replies
Relevance 46.33%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!

mike sieber said:

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 46.33%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 46.33%

In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 46.33%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.

16 more replies
Relevance 45.92%


I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:

5 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.51%

I would not waste my money paying for any of it.

Answer:which paid for AV would you recomend & will run with paid for MBs 3.0

If you do not trust MB 3.0, why did you buy it? They say, you do not need AV alongside it, so just go along with it.
There are currently only 2 firewall software left, ZoneAlarm and Comodo, all others are Windows Firewall based.

5 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.

6 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.

More replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me

2 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.

More replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.

Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.

4 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:

Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 44.69%

I bought this software 9/1/2008 $49.95 + Extended Download Service $5.99. (I rarely used this software, but have another hard drive I bought since then, installed in this machine). I only use this software on 1 PC at a time, as agreed. But when I access my account on Nero it shows "no downloads available". Why can't I download my original Nero 8 install.exe file now? I paid for extended downloads.

Answer:re-download for Nero 8 Ultra, paid, ext download paid?

Not sure why...but i'd contact Nero...

3 more replies
Relevance 44.28%


EDIT: Removed inline HJT log



Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hi all, 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
I have a strong suspect this is a malware!!!
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...

More replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!


Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!

2 more replies
Relevance 44.28%


Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?


Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.

but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...

2 more replies
Relevance 43.87%

Someone please help me! I have the nasty command service malware and I can't get rid of it. I've tried McAfee and Spybot and nothing works. Please help

Answer:command service removal help

16 more replies
Relevance 43.87%

I am wanting to remove the MSN Messenger Service 3.0 completely.
I have been to the Add/Remove programs, then I get a popup that reads:
"This will remove MSN Messenger Service. Before proceeding please exit from the program (Click the NSN Messenger Service icon in the taskbar, and click Exit) Do you wish to continue? Yes, No"...........................
Strange popup,........exit what program? Is it a Left or Right click and on what icon?

I have done some searching around "Here" and in a couple of other places and I've not found anything good or nice to sayive about removing this "MSN" Service, on the contrary Ive read some bad results from removing it, like "unable to access any e-mail" and having to "re-install OE", "loosing the Dial up configurations.

Before I do anything I thought maybe someone (or more than one) here may have some personal experience and/or knowledge about removing this?


Answer:MSN Messenger Service Removal

8 more replies
Relevance 43.87%

The last time i checked, the remove option was there to remove service pack3 from my add/remove programs. today i installed IE8 and i noticed afterwards that service pack3 is in the add/remove but the remove option is not there any longer. I was wondering if this is because i installed IE8 or if it is another reason. the remove option is not there even if i check the show updates box. my system is windows xp. service pack3 was installed before IE7 or 8

Answer:Service pack 3 removal

I uninstalled IE8 and the remove option for service pack3 is back in the add/remove so i guess it was because of the IE8 install. I was under the impression that if you installed service pack3 and then IE7 and 8 that the remove option for service pack3 would be in the add/remove. I guess i was wrong

1 more replies
Relevance 43.87%

I have been unlucky enough to have this command service thing on my computer. I have included a copy of my log file. Can someone help me remove it (for the first time in ages I have pop ups and it is driving me insane)

Logfile of HijackThis v1.99.1
Scan saved at 8:40:00 PM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Interne... Read more

Answer:command service removal

7 more replies
Relevance 43.87%

This is more curiosity than wanting to remove service pack 3. Last week i checked in my add/remove program and the option to remove service pack 3 was in my add remove program. Today i downloaded IE8 and i noticed that the service pack 3 is in my add/remove program but the option to remove it is not there now. i clicked on the show updates and the remove option is still not there. i was wondering if it could be because i installed IE8?.

Answer:Service pack 3 removal

I think i have figured it out, i removed IE8 and the remove option for service pack 3 is back. So i guess it was because of the IE8 installation. i was under the impression that if you installed IE7 and then 8 after installing service pack3, the remove option for service pack3 would still be there. I guess i was wrong.

1 more replies
Relevance 43.87%

I have this annoying thing that doesn't want to go away called Command Service , and SpyBot always says it wants to fix it at reboot, which it tries to, but with no avail. Anyways, here is my log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:53:52 AM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\C... Read more

Answer:Command service removal

10 more replies
Relevance 43.87%

I'm currently running Windows NT server enterprise w/ service pack 5. However, my company is having problems and as we reinstall/upgrade the operating system it will prompt me to install service pack 3, but it cannot because it is currently running SR5.

I went to add/remove program to uninstall service pack 5. However, it still shows "service pack 5" during the bootup. and would not let me continue install of the NOS until I remove service pack 5.

Anyone out there know a way I can completely remove the service pack 5.

Thanks in advance.


Answer:Service pack 5 removal...How??

7 more replies
Relevance 43.87%

Ok... I have some kind of thing on my computer called command service, and from the info ive gathered on other websites, this is some kind of annoying spyware. Ok. So I read some steps that said to download the brute force uninstaller and ewido. so i did that, and scanned with ewido in safe mode, and then i ran the active panda scan.

here is the hijackthis log, i cant fit all three into one, so ill reply to this and post the rest there.
Logfile of HijackThis v1.99.1
Scan saved at 11:33:20 PM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
C:\Program Files\Common Files\AOL\1130011228\ee\AOLHostManager.exe
C... Read more

Answer:Command Service Removal.

16 more replies
Relevance 43.87%

any prob. in removing sp2? i didn't know it was gonna take up so much room.
i already have firewall, spyblaster,adaware...etc.
using an older rig with not a real lot of mem. could use the space.
what da ya think ?
t bone.......thanks in advance

Answer:service pack removal ?

go to and scroll down until you see removing service pack 2

2 more replies
Relevance 43.87%

OK, I know the services in windows are all located in

Hkey_local machine>system> services

But which one folder is the windows update service in?

Answer:Windows Service Removal..

I'm assuming that you wish to remove Windows Update. Why not just disable it in services.msc, or the Control Panel?

9 more replies
Relevance 43.46%

Hi! Over the years (and special thanks particularly to THIS FORUM), I've become a bit of a guru of removing virus/spyware, etc. I've helped many friends and family members "clean" their computers of unwanted "baddies." However, I'm not ashamed to say that this one is really doing a number on me... but, I AM ashamed to admit that this one is on MY MACHINE! It's called "Command Service" / "cmdService" and my usual helpful tools (Spybot/Ad-Aware) are not really helpful here.

I should also point out that I've searched this forum and others for the answer, but each case seems to be pretty victim-specific, and I end up finding I'm more confused and STILL INFECTED!! That's why I have decided to create my own thread here. I feel confident we can get rid of this thing...

Also, I have noticed that many forums have new rules about posting HJT logs, etc. Therefore, before I post mine, I thought I'd post this introductory entry and ask if I am to post my HJT log as text or if I need to attach the file to the post... ??

Thank you!!


Answer:cmdService (Command Service) Removal HELP (please!! LOL!)

12 more replies
Relevance 43.46%

I am needing to remove or reset my dell service tagfor a M1710 , if anyone can help please let me know. my email is [email protected]

Answer:Dell M1710 Service Tag Removal

try dst-cd

3 more replies
Relevance 43.46%


I am trying to rid a buddy's PC of a rather nasty virus/malware/rootkit infection. Reader's Digest version of how it got infected: He was trying to download a Windows Media Codec to play a downloaded movie (needless to say he kind of asked for it) clicked on the link where it redirected him to a website to download the codec. However, it then told him that he had to disable his firewall to download it, which he did :eek and BAM! here we are...

I am an experienced professional, but needless to say this one has me baffled. I found your forum here and I followed the instructions in the
"Windows XP Cleaning" procedure. However, I was unable to run "ComboFix" as every time I tried running it, I received an error that read

"ALERT! It is NOT safe to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from NOTE: You may be infected with a file patching virus (Virut)"

I am still having problems, as the desktop background cannot be changed, the Task Manager is disabled, regedit is disabled, and every time I thought I've removed the problems they return. I am attaching logs to this post and would appreciate any assistance that can be rendered. Thank you.

Answer:Rootkit.Cloaked/Service-GEN Removal Help

Welcome to Major Geeks!

Your Windows Operating System files and perhaps other executable files have become infected with a Virut type infection. This is why you received that message from ComboFix. The executable file for Combofix was infected as you tried to download it. Virut infections can infect every executable file on your PC thus making it unreliable and untrustworthy. The safest thing to do for infections like this is to reinstall from scratch. We could attempt to repair your problem but it may not be successful since the infection can respawn itself from just one single remaining infected file. And even if we appear to fix the problem, your PC really still would be unreliable and untrustworthy.

Let us know how you would like to proceed, but either way the safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.

3 more replies
Relevance 43.46%

I am looking to remove the service tag info on my inspiron 8200 notebook


More replies
Relevance 43.46%

ok this one could be weird; i know i have malware cos i am getting avg notifications about win32/agent infection in winnt32.dll. actually it could be both malware and spyware.
also, whenever i run spybot (usually in safe mode), i always get a notification about the smitfraud c core service running. I remove it everytime and every time i run a scan it pops up. Worse still, if i go to another user profile and login in safe mode, it shows the same problem, even if i've just removed it.

i'm running avg 8 anti virus with webshield disabled, and comodo free firewall cos i thought it's nice and light. i've posted the hijackthis log as well for some kind expert to review.

now what i've done: i've already used the smitfraudfix from S!ri in both regular and safe mode. and in both profiles- no luck. also done spybot as mentioned with the current updates.

Thanks in advance for all your kind help.

Answer:Smitfraud C Core Service Removal

Hello mr2face,I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.IMPORTANT NOTE:If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools.----------------------------------------------Please visit this webpage for instructions for downloading ComboFix at your DESKTOP : ensure you read this guide carefully and install the Recovery Console first.Additional links to download the tool: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs ... Read more

27 more replies
Relevance 43.46%


I've been following various pieces of advice to remove this but can't seem to get rid of it.

Here's the HJI log and Spybot S&D logs.

Logfile of HijackThis v1.99.1
Scan saved at 10:36:07, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Applic... Read more

Answer:SmitFraud Core C service removal help please


1 more replies
Relevance 43.46%

Hi,I am suffering from smitfraud-C.CoreService malware doom, detected in core.cache.dsk file in system32/drivers by Spyboot and Spyware doctor (here as Rootkit.Agent) . I have tried last days many things including the smitfraud-fix, many programs (adware, spybootSD, Spywar doctor, AVG-antispyware, Norton, Panda, Combofix,...) running in normal mode and safe mode... and nothing worked, those nasty popups keep coming again and again (funny... only in IE...) and the file is impossible to delete (do not appear in safe mode)See below my HijackThis and ComboFix logsMany thanks in advance!HIJACKTHIS LOG-------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:44:30, on 20/02/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:... Read more

Answer:Smitfraud-c.core.service Removal

Hi, sending last logs of Combofix and HThis. Looks fixed since I uninstalled JavaTHANKSComboFix 08-02-21 - Rafael 2008-02-25 15:45:12.1 - NTFSx86 MINIMALMicrosoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.3082.18.2464 [GMT 1:00]Se ejecuta desde: C:\Users\Rafael\Desktop\ComboFix.exe.(((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Windows\system32\drivers\luafvv.sys.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_LUAFVV-------\luafvv(((((((((((((((((( Archivos creados desde 2008-01-25 - 2008-02-25 ))))))))))))))))))))))))))))))))).Ning?n archivo ha sido creado durante este intervalo de tiempo.(((((((((((((((((((((((((((((((((((((( Reporte Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-25 14:47 --------- d---a-w C:\ProgramData\TEMP2008-02-25 14:36 --------- d-----w C:\ProgramData\Babylon2008-02-25 14:03 --------- d-----w C:\Program Files\AdVantage2008-02-25 14:00 --------- d-----w C:\Users\Rafael\AppData\Roaming\BSplayer2008-02-25 13:59 --------- d-----w C:\Program Files\BSplayerPro2008-02-25 02:08 --------- d-----w C:\Program Files\WMRecorder 112008-02-23 04:33 --------- d-----w C:\Users\Rafael\AppData\Roaming\Media Player Classic2008-02-23 02:19 ---------... Read more

3 more replies
Relevance 43.46%

I recently posted my hjt log on the appropriate board. I completely understand the demand for people on this board to answer these logs and am patiently waiting for a response. In the meantime, though, I decided to try to run a scan with my mcafee service, and it wouldn't run. I contacted mcafee and am still dealing with their tech support. While working with their tech support to enable the scan, I came across their ad for their virus removal service...$64. I was curious if anyone has had experience with them, and if in fact it was worth the fee. It's all done remotely. Any feedback would be appreciated.

Answer:Mcafee Virus Removal Service

The forums are incredibly busy at the moment, that is why nobody has responded to your post yet. I will however, take your log in a minute. I would definately say that it is not worth this fee, although they may remove the malware from your computer, the forums at places such as here are often much more effective at both removal and future prevention. And we do it all for free.

1 more replies
Relevance 43.05%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/10/30 13:15
Program Version: Version
Windows Version: Windows XP SP3

Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 42.64%

Hi (sorry for any x-posts)
I do hope someone can help me please

I have an SBS 2008 system that is working fine apart from when I removed
Forefront because the trial has ended & i wanted to install Sophos

I followed the procedure of stopping the services before removing & then
rebooted & alll seemed to be ok

I then installed Sophos SBE & this is working fine but for some reason
the Microsoft Exchange Transport service just stops everytime I start
it, I can manually restart but this is no solution

I have since read this is a common problem with removing forefront & wish I had not done so

Has anyone else experienced this with forefront & if so do you know of
any permanent resolution

Thanks in advance

Answer:SBS Forefront Removal & Exchange Transport Service


I have now resolved this issue, phew

1 more replies
Relevance 42.64%

Hi, hope someone can help.After 6 months of constant pop ups I finally decided to install Service Pack 2. After installation my computer wouldn't connect to the internet and it was running a lot slower. Anyway i just uninstalled SP2 and everything was back to normal.Last night I was in add/remove and was uninstalling a few programs and I noticed a few SP2 files (Hotfix type). I think I got to unistalling the 3rd file and the BSOD appeared. Restarted the system but the BSOD just kept on appearing the error was with the mrxsmb.sys file.As I couldn't connect to the internet I telephoned the PCA help line and was informed that it was a windows component I was advised to insert my reload cd (originally came with my machine) and see if I can reinstall XP.I inserted the cd and it informed me that it would format the HD, I was informed by the helpline not to proceed and to phone them back.After speaking to the PCA advisor a second time all he could recommend was to use the reload cd and hopefully that will work. The only problem that we both brought up was that if it didn't work it would be due to me having a different mobo that came when I originally purchased machine.I loaded the reload cd and it performed the restore to factory settings, after restarting the machine it provided me with a message from windows saying that windows couldn't start I started windows normally and it came up with another BSOD. The unit I have at the moment is a new one, the only original components are th... Read more

Answer:BSOD due to removal of Service Pack 2 files.

The Recovery Disc will probably be a ghosted image of your original installation, containing all the drivers etc for the components that came with the pc. It will be useless if you change any of these, as you have found out.You should not need a new HDD though, but as you say you will need an XP cd. Use the cd to format the drive and install XP. Hopefully all the components you have will be supported. But you will not now be able to indentify them. If its any consolation I have only ever had problems with modem drivers when installing XP, and I've done it more times than I care to remember.

10 more replies
Relevance 42.64%

I have just bough a used Dell latitude d600 for my daughter for chirstmass from ebay. There is only one problem and I can't seem to fix it. Who ever had it before me has put the service tag to something very inapproiate. I would like to remove it so she does not see it. I was told by dell that since I do not have a legitimate service tag hey can not help me. Other people told me I could use svctag.exe or asset.exe from dell but they do not help. Does anyone have the program or programs I need to remove it and can send it to mel If so please post a link or tell me where to go to get it. I would be greatfull.

Moderator Edit:
No need to message anyone (I wouldn't !)
Free help here:

Answer:Dell latitude d600 service tag removal

please anyone have the software to remove this?

more replies
Relevance 42.64%

I downloaded the Service Bridge (that did not work) and then removed it.  Now upon every startup I received "Cannot Start Application" message.  How can I eliminate this?  Here are the details of the error: SOURCES Deployment url   : file:///C:/Users/torchrod/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Lenovo/Lenovo%20Se...ERROR SUMMARY Below is a summary of the errors, details of these errors are listed later in the log. * Activation of C:\Users\torchrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms resulted in exception. Following failure messages were detected:  + Could not find file 'C:\Users\torchrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms'.COMPONENT STORE TRANSACTION FAILURE SUMMARY No transaction error was detected.WARNINGS There were no warnings during this operation.OPERATION PROGRESS STATUS * [3/8/2016 10:02:09 PM] : Activation of C:\Users\torchrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms has started.ERROR DETAILS Following errors were detected during this operation. * [3/8/2016 10:02:09 PM] System.IO.FileNotFoundException  - Could not find file 'C:\Users\torchrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms'.  - Source: mscorlib  - Stack trace:... Read more

Answer:Lenovo Service Brigde Error after removal of it.

I have a similar error message.  I've removed the program, but still getting that error message. Anybody know how to delete it from my Start up menu?

1 more replies
Relevance 42.64%


Answer:G-buster browser defense-service: Removal

10 more replies
Relevance 42.64%

I've been using Spybot search and destroy software on my computer for several months and have been very satisfied with it. Recently there has been this threat detected that is called command service. Despite rebooting my computer and attempting to remove the program, I can not seem to get rid of it. I currently have no antivirus software installed onto my computer, which may be a HUGE mistake on my part. Please help me get rid of Command Service!

Windows XP user
Firefox internet user

Answer:Command Service removal help for windows XP user

16 more replies
Relevance 42.64%

Hey all, I'm in need of some fairly major help. Got myself into a bit of trouble here...I downloaded a patch for a video game that didn't seem quite right, but I ran it anyway (stupid, stupid me). When I ran it, an error of some kind popped up (can't remember what it was now) and norton internet security told me that an application, "service.exe", was trying to access the internet; I immediately thought "Virus!" and blocked it. Upon searching the computer for the application, I found it in the windows\system32 directory. I then searched the net for it an found that it was definitely a virus of some kind, however norton antivirus didn't pick it up, so I put service.exe in quarantine. I then went about removing it manually, and I ran a hijackthis log. Here it is (you'll see the offending file in bold at the bottom) - Logfile of HijackThis v1.99.1Scan saved at 4:27:39 PM, on 7/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeD:\progr... Read more

Answer:Service.exe Removal; Subsequent Audio Problem

Well nevermind (nervous laughter), I fixed it. The problem was somehow the "Windows Audio" service got disabled. Enabling it took care of it.

2 more replies
Relevance 42.64%

Hi. This is my first post.

I had a yellow exclamation mark next to Microsoft System Management BIOS Driver. After Googling decided to remove XP SP2.

Unfortunately the laptop (Compaq Presario 700) completely froze.

The system now endlessly reboots. I foolishly didn't backup the customer's data first.

Should I chance a repair using the XP Installation CD?

Answer:Solved: XP Service Pack 2 Removal Disaster

9 more replies
Relevance 42.23%

I had this nasty rootkit, I'm pretty sure I have it beat (combofix). I cannot, however, get a LAN connection now. I've removed and added my network card from device manager, I've done everything I can think to do, but I think the issue is that my BITS service won't start. When I try to start it, it says:"windows could not start the BITS service on the local computer...error code -2147014846"

I have also tried all of the steps in this article to no avail:

Can you guys help me?

Answer:After rootkit.zeroaccess removal, cannot restart BITS service

Hi and welcome to Major Geeks, mattbiel!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
If you cannot seem to log... Read more

29 more replies
Relevance 42.23%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my log. Thanks in advance for your help. Any addition info needed please let me know. Take care.

4 more replies
Relevance 42.23%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.


Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

1 more replies
Relevance 41.82%

Hi I was wondering if someone can help.
I have a dell d410 with the service tag ending in -595B.
I tried using password.exe but it would not work, their's an administrative password on the computer(bios password) so I can't change any of the reboot settings, I'm completely locked out. I've tried everything.
I'm thinking about short circuiting the eeprom chip on the dell, or replacing the eeprom chip. I really don't know which one is best, or if someone has a password generator or some back door password, or even some technique that has worked. Can someone offer me advice????
Because I read somewhere that when you replace the eeprom chip on dell latitude's when you boot the computer with the new chip the computer explodes, that's suppose to happen because of some type of security measure, Dell has incase labtops are stolen.

Answer:Dell D410 Bios Password Removal Service Tag -595B

Another Dell D410 with Locked BIOS

Hi, I see that you can help people with a locked BIOS and a Dell D410 model. My service tag is GVY0S91-595B. Can you help me? I have been trying forever to get into this computer. THANK YOU!

20 more replies
Relevance 41.41%

Does anyone know of a way or download I can use to remove an existing service tag on a Dell system board? Working on a Dell Latitude E7250.

Your feedback would be much appreciated.

Answer:Dell Service Tag removal on a Latitude E7250/7250 (Late 2014)

WHY? The tag is fundamental to getting parts for that system.

1 more replies
Relevance 41.41%

A few days ago I was on the computer and sound started coming from my speakers that was unrelated to anything I was doing. I closed all my windows, checked task manager, but it sounded like a movie clip was looping in the background somewhere. I restarted my computer, and it was back. Ran Mbam, combofix, rkill- in no particular order- it found something, which was quarantined, deleted, and I restarted computer and it was gone. Or so I think?
Now, I have NO audio. my volume icon is there with a red x. My majicjack says there is no audio device and I cannot make a phone call. Nothing comes from speakers- no wires have been touched. I checked, and drivers seem to be there still and working. Windows audio service is missing from my services list.
I do not remember the name of whatever was causing the infection a few days ago- but maybe there is a log somewhere where I can retreive it? Any help would be appreciated, as this silence is killing me
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.5.1
Run by Sarah at 6:31:36 on 2013-04-30
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.5109.2143 [GMT -5:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\Syste... Read more

Answer:Windows audio service missing, all sound dead/gone after virus removal.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Check this article for you sound problem.Let me know if you were successfull in reestablishing your sound.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please paste the logs in your next reply, DO NOT ATTACH THEMLet me know what problem persists.

12 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.

10 more replies
Relevance 41%


So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.


[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 41%

Here are some helpful video segments for removing and installing components in Lenovo 3000 systems
Lenovo 3000 N100
Lenovo 3000 N200
Lenovo 3000 C100
Lenovo 3000 C200
Lenovo 3000 V100
Lenovo 3000 Y300 / Y400
Message Edited by Mark_Lenovo on 02-21-2008 03:10 PM

Answer:Service Videos for Lenovo 3000 Systems - features - component install / removal

Dear sir, It's very useful link...... Thank you.

Nicholas K.H.ChaiMalaysiaYM: ckhown

9 more replies
Relevance 40.59%

Logfile of HijackThis v1.99.1Scan saved at 4:31:08 PM, on 8/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\ctf... Read more

Answer:Malware: Command Service

Hello,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seek42/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore <= not requiredO16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Please download delcmdservice (by Marckie), and save it to your Desktop.Unzip the content to your Desktop (a folder named delcmdservice)Double-click on the delcmdservice folderDouble-click on delreg.bat to launch the toolWhen the tool has finished, please reboot your computerOnce rebooted, please scan with HijackThis! and post the new log, in your next reply

2 more replies
Relevance 40.59%

Hey guys I need your help removing some registry keys for the Command Service bug.

I have ran S&D and it shows three entries, one I can remove. The other two are "inuse". I am wondering how to remove these registry keys. I have tried to remove them manually and they are like I said above "inuse".
Wondering if I could get some help with this problem.

Also the bug dosen't show up on the Add/Remove Programs list so please don't tell me to go there.

Thanks in advance,

Answer:Command Service (malware)

check out the info at the link below:

4 more replies
Relevance 40.59%

i am currently being plagued with several malware that neither spybot adaware nor mcafee can rid my computer of, enclosed is a copy of a recent hijackthis if anyone can help i would greatly appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 5:20:43 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Be... Read more

Answer:command service and several other malware


ive got windows popping up when using a browser, and cant for the life of me figure out how to make it stop...

2 more replies