Computer Support Forum

AVG removal

Question: AVG removal

Just repaired xp pro and now my avg does not recognize my license number and will not run. Since I have the free ver. it makes no sense. It will not uninstall using add remove programs utility. I tried to reinstall over and it will not I tried repair modify with same result. ccleaner will not remove it with the tools uninstall either. My question is will ccleaner remove it from the registry or do I go digging in the reg.?
Thanks for any help.
Den

Relevance 100%
Preferred Solution: AVG removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: AVG removal

1. Download the latest AVG Free installation package from http://www.majorgeeks.com/download.php?det=886

2. Run the AVG Free install file
3. Choose the Uninstall option and follow the setup wizard, when you get to the part to remove user settings, select it.
4. Restart your computer then...
5. Now reinstall AVG using the setup file you got in step 1 and update it.

If you tried this already then you can remove all files and services manually.

4 more replies
Relevance 36.9%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 31.57%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 31.57%

I am running Windows XP Pro Version 2002 with SP3 on a Dell Inspiron E1505. I have Norton 360running for internet and firewall protection. I was experiencing the BSOD frequently and finally Windows would not boot. A Norton scann gave me the following "Tidserve Activity 2 Threat requiring manual removal detected". I downloaded the TDSSKiller from Kaspersky and removed seemed to remove the threat. I was able to get Windows up and running, but since then have had the following issues:
1. Occasional popup window with the message "C:\Windows\System\MSVIDEO.DLL is not a valid windows image. Please check this against your installation diskette"
2. Internet access is not possible. The DHCP won't function due to dependencies, specifically AFD, which has a yellow exclamation point in the Device Manager. AFD won't start. So I'm currently working via a flash drive to transfer files from the laptop to a functioning desktop.
Is my system still infected?
Thanks very much-
Richmo
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 22:46:39 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
FW: Norton 360 *Enabled*
.
============== Running Processes =============... Read more

Answer:No internet and AFD issues after apparent removal of Tidserve Activity 2 Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing... Read more

84 more replies
Relevance 31.57%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 31.57%

I recently started my daughters laptop to find a Windows Security window pop up prior to desktop starting up. It mentioned there is a Worm, WIN32.NETSKY that has infected my system, and that I should perform a full scan to remove the worm. I have McAfee on my computers so I contacted them for help. They concurred with the Windows suggestion. I did a complete scan of the system. 14 infections were found. McAfee quarantined them all and I deleted them. I re booted. After the Windows XP boot screen I got a standard blank screen with the shut down immediately going into process. It would restart and go through the same process again. Shutting down and restarting. I have found out through this site what the WIN32.NETSKY worm/virus is, i can imagine how it got into the computer, So how do I fix this? I might also add the computer will NOT let me enter safe mode. So at this point I can do nothing but go through an eternal reboot! Also I can't figure out weather I removed the worm or not!



Thanks in advance, Tom

Answer:[SOLVED] Computer won't start up after removal of WIN32.NETSKY removal

This is what can happen with viruses. They shred your Windows OS files.

What happens when you keep pressing F8 at start up? Can you get to the advanced options menu to do a "repair install"?

Otherwise I think you will probably have to recover your personal data off the drive, completely reinstall Windows, but cleanse that personal data with anti-virus cleaners before you migrate it back to the new installation so the machine doesn't get infected all over again.

4 more replies
Relevance 31.57%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 31.57%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 31.16%

I had trouble trying to uninstall Trend Micro Security 2010. Upon reading a forum from this site, I tried AppRemover, which successfully took the software off, however, I am unable to connect to my wireless network because the driver connections seem to be messed up(?). I have tried uninstalling and reinstalling the drivers for my wireless LAN, but this does not seem to work. I have tried troubleshooting via Microsoft's website and have used the Microsoft FixIt program, however it has failed to fix the issues. This is what the program says:Fix it Center:Use hardware and access devices connected to your computer. 5 problems need attentionHide detailsProblems found StatusThere is a problem with the driver for Microsoft ISATAP Adapter #2. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Teredo Tunneling Pseudo-Interface. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Intel® WiFi Link 1000 BGN. The driver needs to be reinstalled. Not fixedThere is a problem with the driver ISATAP Adapter #3. The driver needs to be reinstalled. Not fixed DetectedI am running Windows 7 on my ASUS notebook. I have internet connection when I'm directly connected through the cable, but I cannot get wireless connection. My other computer connects to the wireless network fine. Please help. THanks a lot in advance.*moved topic to Am I Infected as requested by narenxp. - Queen-Evie*

Answer:Difficult Antivirus removal, even more trouble post removal

Hello,Before trying to fix windows you should try the Diagnostic Tool from Trend Micro it should remove all the leftovers and maybe at the same time fix the problem you have.Download the Trend Diagnostic Toolkit and save the file to the desktop, make sure you select the tool that matches your Operating System and the 32-bit or 64-bit version.Boot the PC and enter Safe Mode (press F8 durring Boot), run the tool, click on the Uninstall tab and follow the program instructions.

15 more replies
Relevance 31.16%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 31.16%

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Answer:Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

14 more replies
Relevance 31.16%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 30.75%

What is MS Removal Tool?

MS Removal Tool is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download an... Read more

More replies
Relevance 30.75%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 30.75%

I love my computer and hate to see it act like this, so i need help from you guys on how to remove this alert balloon that keeps popping up from my taskbar and keep it gone. also i keep getting many popups, a lot of which never load. i think this might have to do with some fake active x thing i installed. i downloaded hijackthis and here is the report: (i noticed 4 new processes running on task manager, too. this might have to do with it all: iesmin.exe, iesmn.exe, imsmain.exce, and imsmn.exe) PLEASE HELP ME!!! thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:13 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svc... Read more

Answer:Help! Bogus System Alert Removal & Pop Up Removal

6 more replies
Relevance 30.75%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 30.75%

Hello:
I 'm not playing word games here. A month or two ago, I downloaded and ran the "Kaspersky virus removal tool". It found problems the other programs were missing. I followed directions and let it remove the problems. My big mistake was in keeping the program on the desktop to try again sometime. At some point WinUtilities, or Ashampoo Winoptimizer removed the Uninstall made by Kaspersky for this tool. The virus removal tool is not listed as a program, on Revo, Advanced Removal tool, or windows. It won't click to delete, but I feel it's a program, so maybe it shouldn't. It contains 321 MB,& 4890 files. Looking in permissions(security) of this "program", I seem to be lacking "Special Permission" . I'm afraid to tinker with permissions.
I would appreciate sincere , simple, step by step, help. I tried reinstalling a new Kas.virus removal tool, and then uninstalling it. Got rid of the new one , didn't touch the problem.
Thanks.

Answer:Virus Removal Tool Program removal

Try this tool at your discretion*. The utility should pick up on any remaining traces of the program and display it on its list for removal.* The Windows Installer CleanUp Utility is provided "as is" to help resolve installation problems for programs that use Microsoft Windows Installer. If you use this utility, you may have to reinstall other programs. Caution is advised.

4 more replies
Relevance 30.75%

I have info stealer detected on my computer by norton. I am unable to locate based on the location listed by norton. I would like to remove it. In addition I keep getting pop-ups from Norton asking if i want to allow a program the files all start with q. For instance these to names are examples: qmhendli.exe and qmlopne.exe, the names keep changing as I continue to block them. Here is my Hijack this Log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:54 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SU... Read more

Answer:Info Stealer removal and removal of exe generator

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

1 more replies
Relevance 30.75%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 30.75%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 30.75%

I am working on my Dad's computer in his office and I have a few questions BEFORE I run CCleaner. I am in the process of following the "Read and run this before posting" but I want to make sure of a few things first. When I run CCleaner am I to let it clean all the cookies as well? I know that there are a few sites that my Dad goes to on a regular basis and I am afraid that it will wipe out cookies that he needs. Could someone please advise?
 

Answer:Smitfraud-C Removal and removal steps questions

While cookies are not really problems to be concerned with, it is better to let CCleaner remove them so that the other scans don't take as long to run. In addition it can tremendously reduce the size of logs that have to be read. So yes clean cookies but you can first just tell Ccleaner which cookies to keep. It is part of the features which you should learn to use and configure.

Be careful with Spybot and SmitFraud-C. Lately I have been seeing it remove rundll32.exe which you do not want to do. Also if you truly have SmitFraud, you should run one of the special removal procedures (mentioned in the READ ME). Like one (only one) of the below:

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

SpywareQuake & SpyFalcon Removal Procedure
 

5 more replies
Relevance 29.52%

My laptop does not work properly. I think virus has attacked my laptop. How to remove virus from laptop ?

Answer:Virus Removal / Spyware Removal

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save t... Read more

3 more replies
Relevance 29.52%

my pc is infected from trojan zlob which seems like an adware iam constantly getting popups and i managed to see the process icthis .xe in task manager this process doesnt get terminated that very moment in knew its a virus.i have read the thread regarding its removal on ur site but i still want the supervision of experts like you pls help
 

More replies
Relevance 29.52%

My computer, running Windows2000 with all latest patches, is infected with some sort of CWS variant. I am running SpywareGuard, Norton Antivirus2004 (useless),ZoneAlarm. I have run Adaware, Spybot Search & Destroy, CWSShredder, and HijackThis. CWSShredder now seems to run much slower than it used to a few days ago on my system. It claims to have removed CWS.Searchx and CWS.jkSearch (i don't remember exact name, but it had jk in it), but adware/trojan/browser hijacking symptoms and componets seem to keep re-appearing -- even if not connected to the internet! I am also using a HOSTS file. I also switched to Firefox Mozzilla browser from IE and installed Sun Java VM (but can't seem to find directions for deleting MS Java -- do I just delete the msjava.dll from c:/WININT/system32 ?)

Am I still infected with something? If so, how do I get rid of it for good? Last two entries look suspicious to me, but I get and error if I try to let H/T fix them. Advice would be most appreciated. Thanks in advance.

H/T error message:
-------
An unexpected error has occurred at procedure: cmdFix_Click()
Error #75 - Path/File access error (30 items in results list)

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.00.2195
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.0

This message has been copied to yo... Read more

Answer:Need Help with CWS variant removal/removal verification

I WISH I could help you - believe me. I got CWS_NS3 on one of my computers last week and tried EVERYTHING. Nothing worked that I tried. You might look for something on AboutBuster - one of the forums I was in indicated there was a fix there in conjunction with HJT. I don't really know - I just gave up and did a clean re-install of XP - but that is drastic. My System Restore was going thru the motions but wouldn't set restore to any point that was there. CWS kept adding "exe" files at bootup. It seems this is becoming more and more prevalent. Hope you find something that will work. I got disturbed when my System Restore quit working and gave up. Let me know if you find something to fix this - just in case I get it again. Good Luck.
 

2 more replies
Relevance 29.52%

I have just tried to install a program and encountered problems while doing so. I tried too remove it using the ADD & REMOVE opption in control panel but found that it was still there even though no trace could be seen on my hard drive.I have tried to re install the software but the program is saying that it is still there. Is this because the program is still on the ADD & REMOVE list and if so can I remove it from the list.Any Help would be greatfulCheers Graham

Answer:Removal of Program ID from ADD & REMOVAL list

Shouldn't make any difference. Something has fouled up. What program and what OS.

9 more replies
Relevance 29.52%

Hello Major Geeks,

I am here once again, as I can not seem to get rid of Spyware FunWeb Products.
I have ran Spybot and Adaware Ten times to no avail.
Any help greatly appreciated.
Also my son visited a web site for video game cheats and we were inundated with pop-ups and I beleive a virus or two.

I found out that my Symantec Norton Anti-Virus has expired. What is the best Anti-Virus software to purchase.
I have ran a HighJack This log entered below. All help so appreciated.
Thank you,
River

Edit by chaslang: Old version, unrequested, inline log removed
 

Answer:Spyware Removal & Virus Removal - please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. Your HijackThis version is way out of date too.


Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

4 more replies
Relevance 29.52%

Greetings,

First of all, I apologize for the breech in protocol. I am unable to post a log because my computer is not allowing me to launch any programs except for Internet Explorer. I write this from my wife's computer because the malware has blocked your site. After it became clear that it was going to block any site that mentioned Malwarebytes, I used her computer to burn a renamed mbam.exe onto a CD and loaded it onto my computer in safe mode with networking. It blocked the program from installing.

I've also tried explaining to it that I'm not angry, just disappointed. That also failed to fix the problem. frowny face.

Do I have a Sony Vaio Paperweight, or is there a fix out there? Everything beyond Malwarebytes seems to have serious consequences if used incorrectly, and so I hope that somebody will be willing to help me.

Thanks,
DS

Ok, people, I have more info.
After convincing my computer to run Malware bytes and Registry Repair several times, I continue to have the following issues:
-My hard disk appears to have nothing in it. ("My Documents" also had this problem, but 'unhide' fixed that. Note that the space that is used on the disk has remained about the same as it did prior to the MS Removal Tool pop-ups first appearance.)
-The application that I usually use to connect to the internet has stopped working. I am currently connected through the default windows program.
-My Start Menu only has Malwarebytes, Glary's Registry Repai... Read more

Answer:Intermediate MS Removal Tool Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 29.52%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 29.52%

I'm pulling out my hair please help. Here's my HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:48 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
f:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sobrado.AOA1\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Soft... Read more

Answer:Malicious Software Removal Wizard, Spyware Removal Wizard, System Integrity Scan Wiz

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/488003-hjt-logfile.html
 

1 more replies
Relevance 28.7%

So in the past when dealing with virus removal, I generally took the hard drive out of the affected machine and placed it into an IDE or SATA dock to turn it into an external hard drive and have the virus non functional outside of its "startup and infected/affect state" rooted to the root OS of the drive it is on.I have seen online people claim to use tools like creating a Bart PE startup CD or DVD with an antivirus on that to clean the systems as well as someone else on another google hit claimed to use a Linux Live CD with an Antivirus on that to clean the drive of malware.Question I have is ... What are the best bootable tool methods of attacking the removal of the malware? I am guessing its the bootable CD or DVD method which introduces a read-only source to the equation of which the system also boots off of so that any viruses would not start up, cant infect the disc, and they can be detected dormant and removed. I tried to make a Bart PE disc once placing Norton Antivirus on it, but it doesnt function, and then if it did function, how do you update the definitions on a read-only disc.* I understand that there is the potential to infect my test station ( workstation I use for projects and data recovery and malware removal ) using my current malware/virus removal method. This is one reason why I never use my important systems to perform interaction with foreign drives to contain any infection to that of the test station which can be wiped out clean via a ghost i... Read more

More replies
Relevance 27.47%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 27.47%

.I am farely new to computers and need some help.I think that i might have a virus.My computer is a dell dimension 3100, and i have mcfaee security centre installed and windows Xp.
I keep getting warnings from mcfaee saying that i have files infected my Generic downloader ad/ae, and that i have a pup??
Can some body please help as i dont seem to be able to get rid of this problem...
Many thanks in advance!!!!

 

Answer:pup removal, trojan removal..

16 more replies
Relevance 25.01%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 25.01%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 22.14%
Question: B I N G removal

Ok don t know how this happened but just started 30 minutes ago and want to delete it, something called Bing it just hijacked my yahoo search and i want to remove it and stay with yahoo, did a search and find no bing or live, so whats next sceech . . not my night . .
 

Answer:B I N G removal

12 more replies
Relevance 22.14%
Question: Hot key removal

How do I remove hot keys from my hard drive?
 

Answer:Hot key removal

10 more replies
Relevance 22.14%
Question: AOL Removal

any ideas how to get rid of AOL please.i have uninstalled every component but the blighter still loads up

Answer:AOL Removal

Just googled and found this,Click the Start button and select Control Panel In the Control Panel window double-click the Add/Remove Programs icon In the list of programs, look for anything that includes "America Online" or "AOL" For each AOL-related item, select the item by clicking it and then click Remove or Change/Remove Follow the instructions on your screen to remove the AOL program Restart your computer. Right click My Network Places Click Properties Right click Local Area Connection Click Properties Look for "AOL Adapter" and anything including "AOL" or "America Online" Select this AOL item(s) (by clicking it), then click Uninstall. Restart your computer again.

3 more replies
Relevance 22.14%
Question: PAV Removal

How do I uninstall this crap? It won't let me into its site. I downloaded a tool from Microsoft to scan my pc. Any ideas?

Answer:PAV Removal

Download and install Malwarebytes Anti-Malware. Run a scan and see if it detects it. http://www.malwarebytes.org/mbam.phpEdit: Edited to remove unnecessary quote. ~ tg

7 more replies
Relevance 22.14%

So I did everything in the "Read & Run Me First" thread. I am still getting the "puper.dll virus" based out of the Win32/Simple.tllb file as well as that annoying yellow yield sign triangle pop-up in my system tray, which warns me of a "security alert." Not to mention, random pop-ups every now and then. How can I get rid of this stuff? Here are the 2 scans and the HJT log for my computer. Thanks a lot for the help.
 

Answer:Need some removal help

anyone? please?
 

4 more replies
Relevance 22.14%
Question: MSN 4.5 removal

Hi

I have just installed MSN 7.5 and am wondering should I uninstall Windows Messenger I understand that Windows Messenger is different to MSN. In any event I am unable to uninstall MSN4.5 and I get the

" Error Message. - Shutting Down - MSM has experienced a problem and can not continue. If you are running short of memory please close some programms and try running MSN again."

Even just left clicking on the MSN Installer on the desktop, I get this error. I have tried to uninstall thru Add/remove pgms, but get the same message.
Anyone got any advice please.

Many thanks

Grandpaj
 

Answer:MSN 4.5 removal

8 more replies
Relevance 22.14%
Question: AVG 7.1 removal

Hi,
my IP has its own Anti-virus, Pop up software. So I thought i'd use it but first I had to remove any other anti virus software from my PC. I was using AVG 8.5. However I downloaded the new software from my IP and when It checked for any existing Software it found AVG 7.1 which said would cause a conflict and therefore needed to be removed before it would continue. I cannot find any versionof AVG on my PC. I'm now stumped as what to do next. Help please

Answer:AVG 7.1 removal

Personally I wouldn't trust any AV software from your ISP, AVG is much better. I would reinstall AVG and then if you want to remove it use Revo uninstaller be sure to use the advanced options to remove it in the registry

5 more replies
Relevance 22.14%
Question: Add-on Removal

Does anyone know how I can disable an add-on from Internet Explorer?
When I try it says this add-on is being controlled by my administrator, although there are no logons or passwords, accounts, groups etc set on this PC.
 

Answer:Add-on Removal

http://www.winxptutor.com/sp2/extmgnt.htm
check the registry entries that the article refers to and see if the value is set to 1
If it is change it to 0
 

3 more replies
Relevance 22.14%
Question: avg removal

I am trying to install KIS 2009 and am having problem installing. The desktop had avg installed previously and I have removed all traces, but during the install of KIS it keeps telling me that AVG is still installed and install quits. How do I remove ALL traces.

Thank you

John
 

Answer:avg removal

see ya, culla.
 

2 more replies
Relevance 22.14%

I had the AV nasties, used your removal system, now I can't get IE to display pages. I am very baffled since I can sign on AOL. When I try IE I just get the cannot display page. I tried the diagnose connection which gave me a bunch of tech talk which I don't understand other than it was being mean to me.
Help would be greatly appreciated.

Answer:AV removal / no IE now

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 22.14%

Is there anyway to remove it from my comp for the time being as they fix it.. I am getting major errors and it wont let me remove it from the Add/Remove screen... it shows up on the list but there is no removal option... anyway to get it off?
 

Answer:Removal Help of SP2

8 more replies
Relevance 22.14%
Question: Removal of Win XP

I would like to remove Win xp and put back my Win 98. How do I do this? Help is appreciated.

kid
 

Answer:Removal of Win XP

If you have just one partition on your hd, then you can boot with a win9x boot disk and run fdisk. Have fdisk delete the current partition; it may be ntfs and you will need to "delete non-dos partition" Once you finish create one or more partitions and format. Restart and choose cd support and begin the install by changing to the cd drive and typing "setup"

Unless there is a compelling reason to go to win9x, I would continue to use xp. XP [and all nt based os] are superior to win9x based os. Post what your problem is with xp, perhaps we can help you with it.
 

2 more replies
Relevance 22.14%
Question: AVG removal

How can I remove AVG security from my netbook? It keeps saying error and wont let me remove it. Any help greatly appreciated, thanks
 

Answer:AVG removal

10 more replies
Relevance 22.14%
Question: AVG removal help

Hi friends.

recently i downloaded and installed free version of AVG anti virus. This software package is not working on my system. Please help me to solve it.
 

Answer:AVG removal help

try using the removal tools
AVG Removal Tools
http://www.avg.com/gb-en/utilities
http://www.avg.com/ww-en/utilities

> removal tool, that can be used with AVG 2013 and 2014 http://www.avg.com/tools#tba2 - > on Installation Tab > use the AvgRemover
> removal tool, that can be used with AVG 2012 http://www.avg.com/tools2012.tpl-mcr1#tba2 -> on Installation Tab > use the AvgRemover
> removal tool, that can be used with AVG 2011 http://www.avg.com/tools2011.tpl-mcr1#tba2 -> on Installation Tab > use the AvgRemover
> removal tool, that can be used with AVG 9.0 http://www.avg.com/tools9.tpl-mcr1#tba2 -> on Installation Tab > use the AvgRemover
> removal tool, that can be used with AVG 8.5 http://www.avg.com/tools8.tpl-mcr1#tba2 -> on Installation Tab > use the AvgRemover
 

1 more replies
Relevance 22.14%

I have tryed to remove previous searches from the IE.6 search box, and am unable to, the main suggestion seems to be : Using the regedit function delete (typed URL's) from _Hkey_current_user\Software\Microsoft\Internet Explorer\ Typed URL's But it seems that this string is undeleteable, is there any free-ware that can do this when scheduled or prompted?Or any other ideas would be appreciated.

Answer:Removal of URL's in IE.6

If you're using Win XP just go to Tools/Internet Options and Clear History, near the bottom of page.

3 more replies
Relevance 22.14%
Question: Need A Removal Tip

How to remove Norton Antivirus!

I installed the 30 trial months ago and it expired, so I got AVG, but now, at random times Norton opens and tells me my trial expired. It opens when I go to some websites, like PC Pitstop, and sometimes before I make a download, or while im using a program. Any ideas on how to get rid of it. THis should probably be in software but its an A/V.
 

Answer:Need A Removal Tip

14 more replies
Relevance 22.14%

Hello. I need help, but the information I can provide seems limited:
I clicked on a random link in an email and the screen flashed and then redirected to some canadian online store or something like that. That was 4 days ago. Yesterday I had issues logging into an email account (gmail); it seemed as though my account had been compromised. Note: this was not the same email account that I received the email with the link. Though I did login to this account after signoff from the other one. I used gmail's detail button below the list of messages and a mobile device in Taiwan had apparently logged into my email account and sent an email with a website link. I've ran a full virus scan (mcafee) with no results. A friend told me to run combofix, so I'm posting today. thanks,

Answer:Removal of something (I think)

Hello,Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses the use of ComboFix.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

4 more replies
Relevance 22.14%
Question: help w/removal

i can not get rid of this thing called VirusBurster. any help will be greatly appreciated. i've removed it from ad/remove area and from program files. have not been able to locate regkey for deletion.
 

Answer:help w/removal

7 more replies
Relevance 22.14%
Question: Pup Removal

My Mcafee Virus Scan Says That A Pup Is Found And I Can't Remove It. I Have A Dell That I Purchased 4months Ago And I Don't Know Anything About Computers. Can Anyone Please Help Me?
 

Answer:Pup Removal

8 more replies
Relevance 22.14%
Question: MS REMOVAL

Hello!!! I work from home and i really dont know much about computers. However, this website has been a life saver. The wonderful MS removal tool was installed in my computer and i am having a horrible time trying to get rid of it, as i said i work from home and have no assistance from an IT dept. I was following the instructions on this website on how to remove this from my computer, i was able to follow all the instructions until i got to step #23, not sure how to do this (i am sorry this may be a really dumb questions but really appreciate your help)can you please give me detailed explanation on how to do this:

23. We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the following HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder. If the contents of the HOSTS file opens in your browser when you click on a link below then right-click on the appropriate link and select Save Target As..., if in Internet Explorer, or Save Link As.., if in Firefox, to download the file.

Windows XP HOSTS File Download Link
Windows Vista HOSTS File Download Link
Windows 2003 Server HOSTS File Download Link
Windows 2008 Server HOSTS File Download Link
Windows 7 HOSTS File Download Link

Answer:MS REMOVAL

Hi CMACY, to BleepingComputer. Sorry for the delay. My name is Jason, and I'll be helping you. You can call me by my screename jntkwx or Jason is fine.My motto is "the only stupid question is the one that goes unasked." So I don't consider your question a dumb question. Let's temporarily show hidden files and folders. The easiest way to do this is to hold down the Windows key on the keyboard (usually next to the Alt key), and press the R key at the same time: This should bring up the Run window. Type in control folders (with a space), and click OK. The Folder Options window should open. Click on the View tab, and under Hidden Files and Folders, select show hidden files, folders, and drives. Click Apply, then OK. You should be able to navigate to C:\Windows\System32\Drivers\etc\ and you'll find a file called HOSTS. It is safe to delete this file, as we will replace it in step 3, below. We need to know what version of Windows you are running. Let's open the Run window, as done previously, and type in winver and click OK. This will tell you whether you're running Windows XP, Windows Vista, or Windows 7. You should then be able to right click on the appropriate link on the Remove MS Removal Tool page and select Save Target As..., if in Internet Explorer, or Save Link As.., if in Firefox, to download the file appropriate for your version of Windows. Save it in the C:\Windows\System32\Drivers\e... Read more

1 more replies
Relevance 22.14%
Question: cpu removal

i was trying to remove all the components from my sony vaio towerPCV-RX590G is the model number of this pc.this computer is giving me a headache. I'm trying to study for the A+ certification and i'm trying to learn how to disassemble and reassemble a PCas quick as possible, but i'm running into problems with different pc cases (secret buttons to press to remove it sometimes) and different types of cpus seem to be locked into the motherboard. i can't find any latch or switch or lever or screw to remove. there's a fan on top of it and a heatsink under it. But i don't see any screws to remove it. except the screws to remove the fan? there's two black little handles on the side, but they're not levers. i tried moving it and realized it wasn't a lever, after the plastic black handle poped off, all i saw was a big metal heat sink underneath the fan. there's no handle. i need HELP. i wish i had a digital camera to take a photo of it, but i don't. can anybody help?click here

Answer:cpu removal

The fan as to come of first, screws that have half turn or a Clip through the Heat sink on to little plastic hooks, you nee to take care when removing if it is going to be used again then most CPU's have a plastic leaver at the edge of the socket that just lifts vertical

5 more replies
Relevance 22.14%
Question: help removal

hi i recently got a virus that has made my computer almost unusable. when using mozilla/ie i will get random website redirects and when no programs are open at all i get random audio play of music/ads/movie previews. most programs i try to run wont load up ex. combofix/sbsearch&destroy/superantispyware and basicly anything else. i have gone through uninstalling and reinstalling many times with them but still they wont load up. i hvae also tried reformating my computer with an my win xp os disk but it will not allow my computer to boot it. i can only run my computer in safe mode as it locks up when logging in on normal mode. please any assistance would be much appreciated. attached is about the only thing i can scan with at the moment.
 

Answer:help removal

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip g... Read more

1 more replies
Relevance 22.14%

Hello,

I ran everything that was requested in the read and run me first sticky. It wasn't until I scanned with Ewido that I discovered I had the look2me infection. I also ran the kill2me program but it said there were no signs of the infection. I went ahead and ran the l2mfix in the special precedure sticky. I also attached the 2 log files from those scans. If anyone could take a look at my logs and offer some assistance in removing this pest it would be much appreciated.

Thanks,
pr1mo
 

Answer:Help with Look 2 Me removal.

Okay! he L2MeFix cleaned up a whole load of bad files. How are things working currently?

You may want to do the below and post your HJT log so we can make sure no other problems exist:


Downloading, Installing, and Running HijackThis
 

28 more replies
Relevance 22.14%
Question: msn plus removal

my son tried to download msn plus without permission how can i get rid it keeps changing my home page to search now .com any body help me

Answer:msn plus removal

Remove the program using Control Panel, Add / Remove ProgramsSearch Now is an advertising (adware) program that comes with it. Adaware click here or Spybot click here can deal with this

2 more replies
Relevance 22.14%
Question: removal

cannot seem to beable to remove a program..... from my control panel i have tried to remove a program by highlighting it and hitting remove....it still is there....HELP
 

Answer:removal

Remove any program or a particular program? I've had problems uninstalling certain programs, because they are associated with another that has to be uninstalled first. Some programs have their own uninstall. Some like NAV don't completly uninstall without a download. If it's a particular program, please post.

Also post your OS for better help from the other more technically inclined.

Randall
 

1 more replies
Relevance 22.14%
Question: Removal of SP3?

A while back I installed a fresh copy of Microsoft Windows XP Pro preloaded with SP3. At the time i did not notice that it was preloaded, i am now having issues and have loaded numerous amounts of data onto my pc.

So far my search to remove sp3 without previous service packs or upgrades have not been good.

I was wondering if there is a way to removing/downgrading the sp3 from windows xp even though there is no history of previous service packs or upgrades? Or will i have to reinstall this os with sp2 to fix my problem?
 

Answer:Removal of SP3?

If SP3 was included with the Windows install, you can't remove it. If you post more information on the problems you're experiencing, I'm sure we can offer some assistance. I wouldn't think all the problems would be caused by SP3.
 

2 more replies
Relevance 22.14%
Question: Pop up removal

How can I stop pop up ads? I have Macafee privacy software, with block ads checked, but it doesn't stop it.

Thanks,

Joel
 

Answer:Pop up removal

9 more replies
Relevance 22.14%
Question: Help w/ Removal

I am seeking assistance, her computer was infected, I tought I removed it, The desktop went black, was a fake repair running, the usual stuff. All the files were hidden and was a mess. I ran unhide.exe, yet it cam back so I must not have done it all the way, so need your expertise on this.
I was hoping to post a log, yet the DDS would lock up my computer and I got nowhere, so shall I try hijack this or an other way to get you my information?
Thanks much

Answer:Help w/ Removal

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp�... Read more

46 more replies
Relevance 22.14%
Question: Vx2 Removal???

My spyware removal scan keeps bringing up VX2. I delete it. It returns. Hopefully someone at MAJOR GEEKS (my beloved savior site) will be able to tell the tale. Thanks all. RUSTY
 

Answer:Vx2 Removal???

Welcome to MajorGeeks.com, please follow the steps below:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender
Panda Scan
HijackThis

 

3 more replies
Relevance 22.14%

Please help, I have a task box that will not go away on my desktop. Also, cxtpls.exe pop up that stops me from accessing the internet. I have attached my HJT log.
 

Answer:Please help with removal

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes. You also do not show a antivirus or firewall this also is a major security risk and should be addressed ASAP.


Please look in Add or Remove Programs for the following and Uninstall them if found:

WildTangent

Viewpoint

AutoUpdate

Aprps

apsi


Please follow standard cleanup procedures as given below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:you... Read more

1 more replies
Relevance 22.14%
Question: help with removal

I dutifly followed the malware removal thread and heres what was left.
 

Answer:help with removal

Per the READ ME.

- Please do not post HJT logs from safe mode

- Please do not have msconfig controlling startups

Read step 7 instructions again and attach a new log after address the above issues.

You also should uninstall the below fix by Ilfak and make sure you have the current Windows updates which have fixed this problem:
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll

Uninstall WeatherBug using Add/Remove programs (if it still is there, it did show in BitDefender). Also delete the C:\Program Files\AWS folder.

What malware problems are you having?
 

1 more replies
Relevance 22.14%

I woud like instructions on how to remove CiD pop-ups from internet explorer

Answer:CiD pop-ups removal

Hello and welcome to TSF

I would recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
Good luck

Please also remember DO NOT post your logs in this thread, please start a new thread here. (Just click on the coloured link.) and post the logs.

2 more replies
Relevance 22.14%
Question: Removal of qvt.exe

Qvt.exe seems to be the virus, AV programs didn't remove it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:04 PM, on 12/17/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Users\Kristen\Downloads\HijackThis(1).exe
C:\Users\Kristen\AppData\Local\qvt.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

Answer:Removal of qvt.exe

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433039 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 22.14%
Question: removal of avg

i am trying to remove avg from my pc and it is not alowing me to how do i remove this frustrated
 

Answer:removal of avg

Have you tried both methods described here:

http://askabouttech.com/how-to-remove-avg-free-antivirus/
 

3 more replies
Relevance 22.14%
Question: NCH removal

I mangaed to install NCH software by mistake and can't get rid of it. The Contol Panel Add/Remove programme says it clears it out by but it hasn't. Searching the web about NCH software indicates that this stuff hooks into the computer and it is very hard to remove. There are no unistallers in the C:\ProgramFile/NCH directory.

I am running XP. I had thought of pulling up the DOS screen and trying to use that. Has anyone got any ideas?

Advice: DO NOT install anything from NCH.
 

Answer:NCH removal

have you tried revo?
 

3 more replies
Relevance 22.14%
Question: Help w/ removal :(

I uploaded the FRST and Addition txt to this, also a picture of the files that keep downloading.
 

More replies
Relevance 22.14%
Question: Removal of SP3

SP3 is not displayed on my add and remove programs, i need to remove IE8 Beta 2 as i cant get Napster to work. Any idea?

Answer:Removal of SP3

you'll probably find these add and remove installed updae section

2 more replies
Relevance 22.14%
Question: ICE removal

I've looked at other ICE threads but figured I'd try to get advice for my specific problem. I will appreciate any help you can give.
Thanks much
 

Answer:ICE removal

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>

Please print these instruction out so that you know what you are doing

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a... Read more

1 more replies
Relevance 22.14%

I've been at this for 2 days... I really need some expert advice now

 

More replies
Relevance 22.14%
Question: avg removal

Hi, need help. AVG removal tool took a nosedive and left me with files related to avguix.exe that will not allow access. I am running Win7 32bit on a Dell E6510 Lattitude. I have tried system file checker (SFC), avg removal tools, ccleaner, and auslogics registry cleaner. I have run an online & microsoft security sweep and there are no viruses. I get get an exception breakpoint error pop-up from avg every time I turn the laptop on. Ccleaner shows that there are files on C drive, but can't access them to clean them out. There are no avg programs on my laptop currently. I also tried another avg install and removal. No dice, can't get at anything to remove whatever the removal tool missed. Anybody have any other ideas? or should I just start over? Still have win7 os disc.
 

More replies
Relevance 22.14%
Question: DRM removal

Hi,
Ive got lots of WMA audio files from yrs of ripping CD's, etc, and now i have a new MP3 player (ZUNE) that doesnt accept WMA files. i cant convert my WMA's to MP3s because theyre all "Protected Files" assuming its the DRM.
I see that there are DRM removal programs out there but before i buy one, i want to know if theres a simpler way around it perhaps using Windows Media Player or Nero. and if i need to buy one, do they work well and do you have any recommendations for a good one?
thanks all!!!
 

Answer:DRM removal

I'm sorry we are not going assist here on how to remove DRM or unprotect protected files.
 

1 more replies
Relevance 22.14%
Question: Log on Removal

When I bought my Wi.8 laptop it asked that i put in a 4 digit code to log in and open. Since I am the only user i don`t want this and want to remove this step to speed up my log in.I`ve gone to PC settings and while I can change the details of the log in code I can`t remove this unwanted operation.Any thoughts?

More replies
Relevance 22.14%

I think I tried to do what the instructions here say. Here is what happened:

Defogger wont run. Says I have to be an administrator.

I installed SuperAntiSpyware says I don't have access to run. If I run the alternate start it runs for a minute and closes.

I installed Malwarebytes says I don't have access to run

Combofix - Updated and then when run and end program window pops up for a second and then it combofix closes

RootRepeal.exe - Windows cannot access the spcified device, path, or file. You may not have the appropriate permissions to access the item.

Any and all help will be much appreciated.
 

Answer:Won't let me run any removal. please help

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the avplog.txt file that is will hopefully be created on your Desktop as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post)

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are ... Read more

20 more replies
Relevance 22.14%
Question: WGA Removal

I have WGA on my computer, and have had no problem. But my friend, Mar, who was here twice in a previous post on this topic, does have WGA, and it says that her Windows XP copy is not valid. The problem is that it is....How can WGA be removed?You cant uninstall it like the other updates, in fact, its the only Windows update that cannot be uninstalled...........And whats this about a "Kill Switch"? Is this just a joke/rumor or is it truth? Answers "LOL" and "MICROSOFT IS EVIL" are allowed..... As long as they contain a rant towards WGA..... GO MICROSOFT! BOO WGA! BOO MACINTOSH/APPLE! Umm, go Linux?

Answer:WGA Removal

The official answer has to be: if your friend believes she has a valid copy of Windows, she should phone Microsoft about this.

9 more replies
Relevance 22.14%
Question: Bug removal

I need help.... Got a pop up telling me I have a bug.... this has been happening a few times over the last serval months.... each time... I just restart my PC.... this time.... I had some problems logging back in.... I kept restarting tilll I was able to log in... try to restore my PC to a prior date.... had problem with restoration.... figure I need to clean up my PC of bugs and junk..... I have a couple of individuals who house set for me when I am out of town.... I allow them to use my PC... I have know ideal what may be own my Windows 7 system.... how can I clean it up.... FOR FREE
 

Answer:Bug removal

Hi DLW75831,
First thing is read the directions:
-----------------------------------------------
Note at the top of this forum page:
Everyone MUST read this BEFORE posting for help in this forum
Please follow the instructions there : http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
Post the required log from TSG SysInfo, and it will enable someone to help. Providing help may not be feasible otherwise.

Post that and I will help
Thanks askey127
 

1 more replies
Relevance 22.14%

Hello..I was looking for ways to remove E2G. I've tried various different things I found online, with the result that (1) I can't seem to access my anti-virus software (AVG or BitDefender); (2) my firewall randomly gets terminated; and (3) I was following the general idea of the post at http://www.bleepingcomputer.com/forums/t/51752/help-my-ie-keeps-closing/ but I got stuck at trying to install the unlocker program -- that wouldn't install either. Any help would be greatly, greatly appreciated. Thanks in advance.Here is the output from HijackThis:Logfile of HijackThis v1.99.1Scan saved at 9:37:45 PM, on 5/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\system32\wdfmgr.exeC:... Read more

Answer:Help -- E2g Removal

Hello,There's a lot more going on here though...We'll deal with E2Give afterwards, let's deal with the other nasties first..Download haxfix.exe.Save it to your desktop.Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)Checkmark "Create a desktop icon".Click "Next".When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.Click "Finish".A red "dos window" (dos box) will open.Select option 1. Make logfile by typing 1 and then pressing Enter.Haxfix will start scanning the computer. When it is finished a logfile will open.Copy the contents of that logfile and paste it into this thread.

20 more replies
Relevance 22.14%

XoftspySE Found several things that i need to get off of my pc, such as:Alcan.a worm, Gaobot Worm,viewpoint toolbar, Flashtrack, and of course the all famous CWS.....any help i can get from you guys will be well appreciated......her is my Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 10:28:57 AM, on 3/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\ewido anti-malware\ewidoctrl.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Progr... Read more

Answer:Need Help With Removal Of Cws And A Few Others

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Relevance 22.14%
Question: JRT Removal

Hello,
 
Need help to download JRT removal, I'am running windows 10 and I hit the down load button and a pop up notice says this app cannot run.
Any ideas on what to do.
 
Thankyou very much.
Have a great day.

Answer:JRT Removal

I don't know what download link you attempted to use, but those below are trusted lins.

JRT (Junkware Removal Tool) Official download at Malwarebytes
JRT (Junkware Removal Tool) Official download mirror
Majorgeeks JRT (Junkware Removal Tool) download

Try to save the download to your desktop and then right-click and select[/color] Run As Administrator[/i].

2 more replies
Relevance 22.14%
Question: AOL Removal

Good Morning....

Can someone please tell me first if I can completely remove AOL from my computer and second how?

I really hate AOL being on my computer without me wanting or putting it here!


Gateway GT4022
Firefox
Thunderbird
No IMing at all

Answer:AOL Removal

Are you looking to remove the AOL Internet services? If so, follow these steps:

1. Click the Start button and select Control Panel
2. In the Control Panel window double-click the Add/Remove Programs icon
3. In the list of programs, look for anything that includes "America Online" or "AOL"
4. For each AOL-related item, select the item by clicking it and then click Remove or Change/Remove
5. Follow the instructions on your screen to remove the AOL program
6. Restart your computer.
7. Right click My Network Places
8. Click Properties
9. Right click Local Area Connection
10. Click Properties
11. Look for "AOL Adapter" and anything including "AOL" or "America Online"
12. Select this AOL item(s) (by clicking it), then click Uninstall.
13. Restart your computer again.

If you are looking to remove AIM, the AOL instant message service, you can simply do that by uninstalling the program via the Add/Remove programs dialog box located in the Control Panel

5 more replies
Relevance 22.14%
Question: SP3 removal

When i bring up the method c:\windows\$NtServicePackUninstall$\spuninst\spunininst.exe I get a box come up which states,Jf you remove SP3 the following programs may not work,and it goes on to list these programs together with all the Net Frameworks and their KB numbers,my question is ,will this really happen or only maybe,as i intend to let the update service to ask me to re install.The reason i am contemplating this action is because there is no cure that i can see to A - get rid of the annoying yellow shield from the taskbar and keep informing me that that i have updates and when i look into add and remove programs there they are.B - one of my Family tree maker programs has stopped responding,i/e it will not open.I have read that this is typical of some of the faults that can be encountered with the installation of sp3

Answer:SP3 removal

Take a look here - click here

1 more replies
Relevance 22.14%
Question: Win.old removal

How is the best way to remove the win.old folder from my hard drive. It was created by upgrading from
version 9841 to 9860 in windows 10 tech preview.

Answer:Win.old removal

Type Disk Cleanup in the taskbar search
Right click Disk Cleanup (in the resulting list), run as administrator
tick all of the boxes
(you should see preview or eval versions, previous versions, and windows update clean up) perhaps worded fifferently, but you'll know when you see them. I tick everything when I clean up - your machine, your choice on what to clean up.
click OK

https://www.tenforums.com/tutorials/2...dows-10-a.html

3 more replies
Relevance 22.14%
Question: Win 8 USB removal

Greetings,
 
I purchased a new computer with Win 8.  I have added nothing to it.  I'm transitioning slowly.  When I inserted a USB thumb drive into my XP I needed to wait for the "Safely Remove Hardware" notice before removing the USB.  However, I cannot find any information on this topic including the book, "Window 8 for Dummies".  I inserted a USB into one of the slots on the Win 8 computer and read the files on it. There was no icon on the task bar on either the Start screen or the Desktop to safely remove the USB.
 
Has this function been done away with  in Win 8?
 
I resorted to Shutting Down the computer and then removing the USB.  How do I Safely remove the USB and still keep the computer running?
 
Thanks in advance.
 
Bill

Answer:Win 8 USB removal

The function is still there, on the desktop just as with earlier releases. My XPS 8700 that shipped with Windows 8, would see, mount & allow for safe removal most of my working Flash drives, but there's a couple that I have that doesn't show, of the Team brand. However, those work well on all of my other computers.
 
Weird, after downgrading to Windows 7 (I considered it an upgrade), those same Flash drives worked perfectly.
 
Have you tried other USB devices & see what happens, such as printers/webcams?
 
Cat

3 more replies
Relevance 22.14%
Question: Removal Help

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:12:30 AM, on 10/7/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\Ati2evxx.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Windows Defender\MsMpEng.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\Ati2evxx.exeD:\WINDOWS\System32\WLTRYSVC.EXED:\WINDOWS\System32\bcmwltry.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeD:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeD:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\Program Files\Bonjour\mDNSResponder.exed:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeD:\WINDOWS\eHome\ehRecvr.exeD:\WINDOWS\eHome\ehSched.exeD:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\system32\HPZipm12.exeD:\... Read more

Answer:Removal Help

Hello taros14,Welcome back to Bleeping Computer Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Thanks,tea

2 more replies
Relevance 22.14%

from what i remember, this is a little bit bigger list than what i had the first time, a long time ago...any help is awesome!...thanks!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:31:33 AM, on 6/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft LifeCam\MSCamSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WIND... Read more

Answer:Need Some Help With Removal

HiYour log's basically clean red.clientapps is associated with adware, very mild, but I suggest you remove it...+ 2 orphan (empty) registry keys ... Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)Are you having any problems ?steam

6 more replies
Relevance 22.14%
Question: Cid Pop-up Removal

I am having a problem with pop-ups on my computer screen whether I am actually using the system or not. Lately it has started popping up highly graphic material and also anti-virus pop-ups and registry cleaner pop-ups. Also, my desktop will disappear and my "start" toolbar dsappears as well. Sometimes if I restart the computer at that point my desktop will still be inactive once the system starts up again. I can't search the internet without getting one pop-up after another. Sometimes the pop-ups are in direct reference to what I am searching for and sometimes it's completely offensive material. I found a CiD program installed on my computer and have removed the application but I am still experiencing these issues. My reports are pasted below:Deckard's System Scanner v20071014.68Run by Brianna on 2008-07-07 15:25:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-07 22:25:17 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 3.29 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-07 15:27:22Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Exp... Read more

Answer:Cid Pop-up Removal

Hello Jmar3311 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

4 more replies
Relevance 22.14%
Question: removal of dxm.exe

user opened an email attachment, a few seconds later a program called xp security center popped up and informed the user that she had about 1000 viruses on her computer. virus seemed to be a program called dxm.exe. i stopped the pocess and renamed the file dxmvirus.exe. then the computer would not longer run exe files. reset file type "exe" association to application. ran malwarebtyes antimalware and it found five problems. downloaded and install microsoft security essentcals, it found a few more problems. ran mbrcheck, it found no rootkits. computer seems to be fine now but i would like a second opinion. i belive some reg edits may be in order.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Carolyn at 12:06:48.40 on Wed 03/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1383 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\W... Read more

Answer:removal of dxm.exe

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

13 more replies
Relevance 22.14%

I read the read me before posting and went through the steps so this is what i have...CID pop-ups would like help on to remove issue. Also the computer isnt running as fast as it used tooDeckard's System Scanner v20071014.68Run by Owner on 2008-04-06 22:33:26Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --72: 2008-04-07 02:33:35 UTC - RP838 - Deckard's System Scanner Restore Point71: 2008-04-07 00:15:26 UTC - RP837 - System Checkpoint70: 2008-04-05 23:20:00 UTC - RP836 - Removed Rhapsody Player Engine69: 2008-04-05 02:04:20 UTC - RP835 - System Checkpoint68: 2008-04-04 00:11:41 UTC - RP834 - System Checkpoint-- First Restore Point -- 1: 2008-01-09 00:46:07 UTC - RP767 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 79% (more than 75%).Total Physical Memory: 502 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:25 PM, on 4/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:�... Read more

Answer:Cid Pop Up Removal Help Please

Hi,Uninstall CiD Help via software > add/remove programs.Then Reboot.After reboot, post a new log from Deckards System scanner in your next reply.

2 more replies