Computer Support Forum

Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

Question: Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

Hi, as the title state, i would like to request help as i feel i might have some kind of malware or virus recently because i noticed 2 changes :
* My PC is of course slower than usual (i didn't install any new programs and i still have sufficient space so those shouldn't be the problem)
* During gaming, my ping has weird spikes and is usually stable at a much higher value than the usual so i tried to check which device might be taking up bandwidth , even after blocking every single MAC address besides this PC i still had those ping spikes so i thought its most likely this PC itself which is running internet consuming programs.
Here are the logs and thanks in advance.

Relevance 100%
Preferred Solution: Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

According to your RKlog, you have a keylogger on your system. Did you put it on?

11 more replies
Relevance 79.46%

I have performed all of the scans from the read and run me and i have attached 3 of the 4 logs below. One of the main malware that i've seen pop up is WildTangent files. Not all of them could be removed during the scans and i feel they are the problem. Another thing i noticed. My computer is only incredibly slow around specific times, from averagely 9-11 pm time range for me (otherwise my computer runs smoothly). Do you think this could be something other than malware?

Appreciate any assistance
 

Answer:Help - Performed all scans, still malware on my computer. Logs attached.

This is the 4th log attachment, the MGtools one.
 

4 more replies
Relevance 75.4%

My computer has been running very slow for the last week or so and I had some time this morning so I thought I would run the virus scans recommended on this site. I have attached them below

I was not able to run the malwarebytes. I downloaded the program, but as I tried to install and run it I kept getting the following error:

internal error: expression error "runtime error (at 79:177):
external exception E06D7363


And the program would not open and run. (I did rename it, as instructed, when I downloaded) it.

I have attached the rest of the logs. Is there any sign of some viruses that might be slowing my computer down? Oh, I am running a Dell Vostro 3700 laptop, with a 32 bit windows 7 operating system.
 

Answer:Computer running slow....Ran recommended virus scans and have attached logs

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode if not already.


Settings Manager <<< Please uninstall this.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\Users\brent\AppData\Local\Linkey
C:\Users\brent\Downloads\SoftonicDownloader_for_sketchup-make-2014.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJA9STWJ\WSSetup[2].exe
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJA9STWJ\WSSetup[3].exe
C:\$Recycle.Bin\S-1-5-21-1815196250-2127635106-2665615271-1000\$RJY35HH.exe
C:\Program Files\SearchProtect
C:\Users\brent\AppData\Roaming\SearchProtect
C:\Program Files\Conduit
C:\Program Files\MyPC Backup
C:\Program Files\Settings Manager
C:\Program Files\Tbccint
C:\ProgramData\APN
C:\ProgramData\Babylon
C:\ProgramData\Conduit
C:\ProgramData\systemk
C:\Users\brent\AppData\Local\Babylon
C:\Users\brent\AppData\Local\Conduit
C:\Users\brent\AppData\Local\NativeMessaging
C:\Users\brent\AppData\LocalLow\Conduit
C:\Users\brent\AppData\LocalLow\Conduit
C:\Users\brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
C:\Users\brent\AppData\... Read more

20 more replies
Relevance 93.89%

Help,
My new computer has some type of issue with a Virus, Trojan, Spyware, Malware. Updates for Windows 10 will not install, even
after troubleshooting and having the issues "corrected".
I ran one scan that stated "domain hi-jack"
I have attached my last Hijack-This log and FRST reports for your review and consideration for help please.
Thank you.
 hijackthis.log   9.56KB
  3 downloads
 FRST.txt   44.79KB
  10 downloads
 FRST txt file.txt   44.79KB
  4 downloads

Answer:New computer infected Virus, Trojan, Spyware, Malware! Attached logs for review!

Hello TangoRules and Welcome to the BleepingComputer.  
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer... Read more

0 more replies
Relevance 84.87%

Have been plagued by malware & viruses for a few weeks. I have run SAS, Combofix, & Vundofix. When run, they seem to work for about a day before everything returns. Any help would be greatly appreciated.

ComboFix 07-09-14.2 - "mullenms" 2007-10-10 9:28:41.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT -5:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 09:18 84,544 --a------ C:\WINDOWS\system32\kpviybgr.dll
2007-10-10 07:20 80,448 --a------ C:\WINDOWS\system32\cchblohx.dll
2007-10-09 17:03 695,756 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-10-09 17:03 312,416 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-10-09 11:14 707,360 --a------ C:\WINDOWS\vVX1000.exe
2007-10-09 11:14 473,888 --a------ C:\WINDOWS\vVX1000.dll
2007-10-09 11:14 199,456 --a------ C:\WINDOWS\system32\LCCoin13.dll
2007-10-09 11:14 183,072 --a------ C:\WINDOWS\system32\cVX1000.dll
2007-10-09 11:14 109,344 --a------ C:\WINDOWS\VX1000.dll
2007-10-09 11:14 1,963,680 --a------ C:\WINDOWS\system32\drivers\VX1000.sys
2007-10-09 11:14 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2007-10-09 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-10-09 11:12 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-09 11:12 62,744 --a---... Read more

Answer:Help! Malware & Virus problems - logs attached

Combofix continued

----a-r 29,696 2007-09-16 03:02:40 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-09-16 03:02:40 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-09-16 03:02:40 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-w 286,208 2004-08-04 12:00:00 C:\WINDOWS\system32\blackbox.dll
----a-w 159,232 2004-08-04 12:00:00 C:\WINDOWS\system32\cewmdm.dll
----a-w 695,296 2004-08-04 12:00:00 C:\WINDOWS\system32\drmv2clt.dll
----a-w 6,656 2004-08-04 12:00:00 C:\WINDOWS\system32\laprxy.dll
----a-w 103,936 2004-08-04 12:00:00 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 12:00:00 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 12:00:00 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 12:00:00 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 259,072 2004-08-04 12:00:00 C:\WINDOWS\system32\msnetobj.dll
----a-w 52,224 2004-08-04 12:00:00 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 201,728 2004-08-04 12:00:00 C:\WINDOWS\system32\mspmsp.dll
----a-w 356,352 2004-08-04 12:00:00 C:\WINDOWS\system32\msscp.dll
----a-w 245,760 2004-08-04 12:00:00 C:\WINDOWS\system32\mswmdm.dll
----a-w 237,568 2004-08-04 12:00:00 C:\WINDOWS\system32\qasf.dll
----a-w 22,752 2004-11-18 15:42:52 C:\WINDOWS\system32\spupdsvc.exe
----a-w 408,064 2004-08-04 12:00:00 C:\WINDOWS\system32\wmadmod.dll
----a-w 670,720 2004-08-04 12:00:00 C:\WINDOWS\system32\w... Read more

2 more replies
Relevance 84.87%

Hello we are having a issue here and need to find out what is going on. it seems this is moving to other computers on are network. i have attached the logs here. the Mgtools would fail to run half way into the scan i would get a memory error.
 

Answer:Malware - virus Problems - Logs Attached

Malware Removal logs

Hello we are having a issue here and need to find out what is going on. it seems this is moving to other computers on are network. i have attached the logs here. the Mgtools would fail to run half way into the scan i would get a memory error.
 

20 more replies
Relevance 84.46%

My neighbor was having issues with their laptop. I think things are working fine now, but I would like to have the logs checked to make sure.
thanks
 

Answer:scans run, logs attached.

Re run Hitman and have it delete Malware, Malware Remnants and Potentially Unwanted Programs.
Re run TDSSkiller (just a scan) and attach the new log.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
Now select the Start Repairs tab.
The click the Start button.
Create a System Restore point if prompted.
On the next screen, click the Unselect All button to first deselect all repairs.
Now select the following repair options:
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair Proxy Settings
Repair Windows Updates
Set Windows Services To Default Startup

Now on the lower right side check the box to Restart/Shutdown System When Finished
Then make sure the Restart System radio button is enabled.
Shutdown any other programs that you are running now before continuing.
Now click the Start button.
Be patient while the tool repairs the selected items.
It should reboot automatically when finished.

After reboot, check to see if your firewall is working.


Re run Hitman again (just a scan) and attach log.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

L... Read more

3 more replies
Relevance 84.46%

Hi Guys,

I have performed all the scans and attached logs as described in your instructions. The main problems I have (still) are:


Extremely slow machine
Windows restarts continuously if I do not log in immediately when the Windows login screen is displayed

I have TrendMicro Officscan installed, but this has not picked up any unwanted software. I also installed AVG free about a month ago, which did find some malware, but my problems persist.

Thanks in advance for your assistance
 

Answer:All scans done and logs attached

Your logs are clean. As to the issues you speak of, the slowness could be any number of reasons. Have you tried disabling Embassy Suite and seeing how that effects the system. But this and your other concern ( time limit of logging in) need to be discussed in the software forum.

We can get rid of a few empty files. Please use windows explorer to find and delete:
C:\s6g.k
C:\s1l4.ec
C:\s33o
C:\sio.16
C:\s1ss
C:\s12o.8u
C:\s2ag.23
C:\s1j4.k
C:\user.js
C:\tmp.xml

Then run CCleaner.

If you are not having any other malware problems, it is time to do our final steps:
We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


Delete the C:\combofix folder from combofix (if it exists)


Any other miscellaneous tools we may have had you install or download can... Read more

1 more replies
Relevance 84.05%

Hi- I'm a new user, posting for a friend who's been having problems with her computer- I hop you can help. The system was infected with some kind of malware that keeps popping up extra browser windows with nasty adverts when IE or FF is loaded. I tried AVG, Spyware Doctor, Spybot, Adaware, but none found the source of the problem. I downloaded and ran Combofix which seemed to clear a lot of files, and the pop ups have gone for the moment, but the computer is still really slow and I get an error message at start up saying that there is a DLL file which cannot be run (sorry, didn't make a note of which one). Having found this forum, I have downloaded Kapersky scanner, HJT and DSS which have identified some issues but I'm not sufficiently experienced to deal with them without help. I'd really appreciate some assistance and hope someone can help- if any more info is required please ask. I have a HJT logfile if required. Thanks in advance!BenKapersky log: Tuesday, April 29, 2008 7:02:34 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 28/04/2008Kaspersky Anti-Virus database records: 729076Scan SettingsScan using the following antivirus database extendedScan Archives trueScan Mail Bases trueScan Target My ComputerC:\D:\E:\Scan StatisticsTotal number of scanned objects 74321Number of viruses found 6Number of infected objects 8Number of suspi... Read more

Answer:Infected With Monder (?) Virus Plus Malware- Logs Attached- Please Help!

While waiting for help I've been working on this and now have a clean scan from Kapersky, plus no pop-ups appearing, and significantly faster performance. Hopefully it's sorted, but I'd appreciate someone taking a scan over my new logs (posted below) and letting me know if I need to clear anything else. I understand this may get pushed back as it looks like I've bumped it, but I hope I've saved someone time by working on the problem rather than just sitting back and waiting. I appreciate any help that may be given!Logs:Kapersky is clear ("no malware found") so I've not included it.DSS:ComboFix 08-04-29.3 - Louise 2008-04-30 15:21:19.2 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.433 [GMT 1:00]Running from: C:\Documents and Settings\Louise\Desktop\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))).2008-04-30 15:15 . 2008-04-30 15:15 <DIR> d-------- C:\Deckard2008-04-28 19:55 . 2008-04-28 19:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab2008-04-28 19:55 . 2008-04-28 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-04-25 18:25 . 2008-04-25 18:25 <DIR> d-------- C:\Program Files\Trend Micro2008-04-25 16:18 . 2008-04-25 16:18 <... Read more

5 more replies
Relevance 84.05%

Hi,
Im new here and hope someone will be able to help. I've had issues with trojan viruses, which malware bytes removal managed to delete. Initially it wouldnt even open to scan, but I managed to get around this by changing the .exe file name.

Now the scans say that there are no malware found, but I am still having issues, as both Spybot Search and Destory and SuperAntiSpyware won't open. Also in IE lots of webpages that I am looking for, are being automatically redirected to ads etc.

Anyway here are my logs from HijackThis, DDS and GMER and have attached the Attach ARK file.

Cheers

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:22:24 PM, on 29/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PROMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Fi... Read more

Answer:Malware/Spyware/Virus Issues. Need Help. (Logs attached)

Bump.

10 more replies
Relevance 84.05%

My computer is running Windows XP Media Center edition. I have been receiving multiple popups, diverted search queries in IE (such as trying to get to the microsoft windows update site, or other generic searches end up going to a dexknows.com page), and "no connectivity" indicators such as when trying to retrieve an update for AVG anti virus tool.

After researching several other posts, I downloaded and ran the combofix tool. Here is the combofix log file, followed by my Hijack This log taken AFTER running combofix.

ComboFix 08-11-11.01 - Alejandro 2008-11-11 22:09:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.550 [GMT -8:00]
Running from: c:\documents and settings\Alejandro\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alejandro\Application Data\install.dat
c:\documents and settings\Alejandro\Application Data\SpamBlocker
c:\documents and settings\Alejandro\My Documents\My Documents.url
c:\documents and settings\Alejandro\My Documents\My Music\My Music.url
c:\documents and settings\Alejandro\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Alejandro\My Documents\My Videos\My Video.url
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\program files\Applications\myd.ico
c:\program files\Applications\mym.ico
c:\program files\Applications\... Read more

Answer:Malware/Virus fix - combofix and HijackThis logs attached

Bump
 

1 more replies
Relevance 83.64%

Windows XP Machine IE 7
Noticed a few days ago that whenever I was doing google searches I would find my item, click the hyperlink and was supposed to go to the intended website, but instead would hit a variety of Porn, Healthcare, Pharmacy etc website having nothing to do with my search criteria.

I had McAfee installed at the time but found that it had not updated itself in a few days and when I tried to run it for virus scans it wouldnt work. Finally removed the program and tried a number of others: Kasperia, Ad Aware, etc. The same problem exists in all of them.....I install it, I try to start a scan and either it starts scanning and then just disappears from my screen a few seconds later (program stopped and is gone from screen - try to restart and either it crashes instantly or does the same each time) or I cannot even click the scan button (it just doesnt do anything when you press it over and over again).

Have been for last few days reading through website help forums and downloading various programs to ID, fix etc...with little results.

Hijack installs and when I click the .exe file it gives me a popup error saying:

Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item.
I have managed to get Win32kDiag.exe to work with a log.....I currently have Erunt, HijackThis, SysRestorePoint, TFC, MGADiag, and Malware Bytes programs on my desktop.

Maleware is doing same as all other scanners....Either star... Read more

More replies
Relevance 83.23%

XP Home SP3, ran all scans, logs attached. Found Vungo, Virtumonde, etc.
Operating much better but a couple of things happpened after running MSTools. 1) I wa sno longer able to log on as administrator, the password no longer worked, but I have fixed this. 2) what still happens however is that startup goes directly from boot screen to logon screen, the system options screen, the opportunity to select F8 for options no longer appears.
2nd post with additional logs.
 

Answer:Completed scans, logs attached

2nd set of logs
 

8 more replies
Relevance 83.23%

Searches are redirected and PC basically will not run.
 
I know I shouldn't have tried to do anything, but I know you all are swamped so I
Ran RogueKiller which appeared to run fine; deleted nothing with it then attempted to run Combofix and  it tries to do an autoscan but it never completes (waited over an hour); it just locks up.
 
Sorry that I tried that without your help, 
 
Requested Logs follow, 
 
"Attach" report zipped and attached
 
 
Sorry and thanks for any help you could give.  Regards
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ruthann at 12:10:36 on 2013-08-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.382.59 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\... Read more

Answer:Infected with Conduit search virus/malware DDS logs attached

Hello anniedwight I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

3 more replies
Relevance 81.59%

Hi folks.
I posted another thread last night but for a different machine so please treat this one as a separate (though possibly related) issue.

Some time yesterday I got a delivery failure report from a spam email that was sent out to some (if not all) people in my email address book. I use Thunderbird with the WebMail plugin to access a Hotmail account but I'm not sure if the spam went from here or elsewhere.

I've run through the README and would appreciate if someone could take a look at the logs and let me know if I need to do anything further.
During one of the scans (SAS, I believe) McAfee alerted me to the removal of Generic.dx!vje. It popped up several alerts for the same one, and several more I didn't check for detail.

Relatively new machine.
Windows 7 Professional (64 bit)
Intel Xeon E5503 2GHz, 12GB RAM.
OS installed to C: (0.5TB HDD with 373GB Free).
The second HDD (D is the HDD removed from my previous machine (150GB drive with 13.5GB Free).

I don't know if any of that is relevant since I'm not having any speed issues - but it can't hurt to include it.

Logs attached (no RootRepeal log, obviously).

Thanks.
 

Answer:Spam sent from my email address - scans run, logs attached.

Reviewing those logs and will get back to you with a set of instructions soon.
 

2 more replies
Relevance 81.59%

Hello,

My grandfather has a new computer that he has managed to fill with crap by keeping "yes" checked for every download. The start up is terribly slow, programs run slow or dont run at all. I have went through the read and try me first and this has made the computer a little faster, but some of the programs pulled threats that I left on per instructions so would like to see if anything else can be removed. Computer is still a little slow.

Also, Norton Security Scan is loaded on and it will not come off. I have tried to uninstall through control panel and it just gets hung up on "preparing to uninstall please wait" and have tried the Norton Removal tool but it too does not work. Was planning on loading AVG.

Thanks,
 

Answer:Old Man Slow Computer Full Of Junk - Malware. Logs Attached.

MG log attached - couldnt add to first post.
 

9 more replies
Relevance 80.77%

I appreciate anyone that can help me, I have been in safemode for almost a week now. My laptop (Dell E1405) is very quiet, could there be a hardware issue and not software? thanks!

Here are my results and attached logs


1. 3118 RAM
2. CA Anti-virus only
No PC/Anti-virus or Windows Firewall, Wireless Router Firewall only
3. Removed ViewPoint Media Player
Could not remove Java in Safe Mode, newest version (6) is installed
No quarantine folders found on CA Anti-virus
Recycle bin emptied
No Norton installed
CCleaner Ran
4. 32 Bit Vista
Hidden files - could not find/configure in safe mode
Normal Mode Startup was already set
5. Add/remove
Weather Services did not remove in safe mode
6. Disk emulation disabled
7. Downloaded cleaning tools for Vista
Tea Timer disabled
Disabled UAC
Disable AV before running MG Tools

Super Anti Spyware
Cannot install/run in safe mode

MBAM ran and 3 items removed (log attached)
see log in this thread, it got posted there by mistake
http://forums.majorgeeks.com/showthread.php?t=214232

Ran ComboFix (log attached),
see log in this thread, it got posted there by mistake
http://forums.majorgeeks.com/showthread.php?t=214232
first Disabled AV, Anti-spam/spyware, from CA
ComboFix warning saying 'real time AV was enabled' however I could not disable it in safe mode and it showed as 'disabled' when opening AV console


Root Repeal could not run
Showed error on install
FOPS - DeviceIoContr... Read more

Answer:ran all scans, still only to run progs in safe mode, logs/issues attached!!

This thread is closed as a duplicate.

Please stop creating new threads. You already had a thread started. All of your correspondence belongs in the below thread:

http://forums.majorgeeks.com/showthread.php?t=214232
 

1 more replies
Relevance 80.77%

Both my home computer as well as my laptop were comprimised at least by May of 2009 and maybe prior to that. I believe that this was done by someoe who enabled remote access and drooped my firewall.I found some super long log files in C drive that after days of going through, I could make out that major changes had been done on 5/28/09. I have folowed all instructions for the prep guide but both comps will not proceed through GMER. (it locks up after several hours). I recently downloaded process explorer and went through running apps and found that numerous other "shadow" users had been created that redirect commands to these unknown users. I have ran Malwarebytes, spybot, AVG, regestry cleaner, spyware doctor, Avaria, spybot, and regestry booster but after running Process explorer and seeing how intensive this still is.......I really need some help, Please. As I said, GMER on the laptop locks up over and over. The laptop is what I am most worried about so if I could please get some help on fixing it, it would be greatly appreciated. DDS (Ver_10-03-17.01) - NTFSx86 Run by Ronnie Jennings at 22:47:20.47 on Mon 04/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1161 [GMT -5:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir... Read more

Answer:Computer has severe malware, has added user files, logs attached. Please help.

Hello I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy. As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains. If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications. Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and ... Read more

8 more replies
Relevance 79.95%

My computer has malware or some kind of virus.

I have run Malwarebytes (log attached)
Ran Ad-Aware too.

Deleted any defected files...

Then ran ComboFix (Log Attached)

And then Ran HJT...

I would highly appreciate if you could help me remove the virus... thx.

 hijackthis.log   10.4KB
  4 downloads
 Combofix_log.txt   17.31KB
  4 downloads
 mbam_log_2009_02_22__13_43_02_.txt   833bytes
  3 downloads

Answer:Virus on Computer - Kindly HELP -- Logs Attached

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 78.31%

About a month ago a trojan manifesting itself as "Live Security Platinum" started to take over my computer, despite having McAfee running (I should have listened when I heard McAfee is terrible). I got rid of the virus using Malwarebytes, and hoped that would be the end of it.

A few days later, "Live Security Platinum" took over again, and I removed it again with Malwarebytes. For the last month, every day or two I get a message popping up saying that McAfee has removed a trojan, and every now and then I run Malwarebytes, and it often finds something to remove. I have done full scans of my computer with both McAfee and Malwarebytes, but viruses just keep coming back.

Yesterday, my computer was playing random audio files every half hour. Last one sounded like it was a teaser for a corny action movie. I got Avast! and uninstalled my other anit-virus software (following TSF's pre-post instructions). Every few minutes I get a .cn (tikejguk.cn, follewed by some other stuff) trying to do something with svchost.exe in System32.

As of today, I am also getting something going after Windows Installer too, affecting services.exe.

I deleted the one p2p program I had.

I am pasting everything from the "DDS" file in the reply, and I am attaching the "attach" zipped file to this post.

Thank you in advance for helping me clean up this mess!

Answer:Recurring virus trying to access my computer every two minutes. Logs attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 19:52:05 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.12279.9715 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C... Read more

3 more replies
Relevance 77.49%
Answer:computer very slow/infected with virus - hjt, mbam and combofix logs attached

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 75.85%

I started getting popups yesterday, and when I ran a virus scan, it popped up several things. I tried removing them, but that didn't work. (Avast wouldn't move them to chest or delete them, claiming they were being used, etc etc.)

I immediately came here and ran through all the "READ THIS FIRST" procedures. After the 2 programs (I have 64x Win 7, so I couldn't use the other 2), there were a total of 8 files & registry entries they cleaned. I figured that was it.

Last night, Avast ran another scan, and when I got on the computer this morning, it had found another file and my computer was frozen. I had to turn it off with the power button and then turn it back on.

So... I came here again and am posting. Attaching my logs. TIA for any help! *cry*
 

Answer:Malware infection - Scans run & attached

Darnit, forgot to add an attachment. Sorry!
 

9 more replies
Relevance 75.44%

I came back from a vacation a few weeks ago and my computer has slowed down dramatically. My browser is now full of adds and I've also recently noticed that a lot of space on my Solid State hard drive has become occupied. I'm not necessarily sure how this happened. No one should have been using my computer while on vacation and I doubt anyone had access to it.

I've included the logs requested in the READ & RUN ME FIRST Malware Removal Guide. Thanks as always in advance.
 

Answer:Malware Scans and Logs

The only malware showing up in your logs is the PUP's in Hitman. Rerun it and have it delete those items. I suggest you post in the software forum for additional assistance.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

 

3 more replies
Relevance 74.62%

Hi there,

I've already posted a thread in Software - No 'click' sound when navigate browser in window explorer/ internet explorer http://forums.majorgeeks.com/showthread.php?p=1630470&posted=1#post1630470

I thought this is a simple sound setting issue so I make a thread there but I've tried many thing to get it back, still couldn't. Just come across the READ & RUN ME FIRST Malware Removal Guide and I follow it to see whether my issue can be solved. It is not solved yet until now.

I got an advice from plodr that scan logs should be placed here for malware fighters read. Please help reading my logs and advice whether it's a malware problem or sound setting problem.

Please advice me what to do. Need help. Thank you.
 

Answer:Malware scans and logs for checking

Hello, happyfeet




I got an advice from plodr that scan logs should be placed here for malware fighters read.Click to expand...

You haven't attach the requested logs yet.

dr.m
 

4 more replies
Relevance 73.8%

Hi, I was told to do these scans to rule out the possibility while trying to get to the bottom of another problem. I had a problem with the RootRepeal though, was getting a error on opening saying " FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000dc)

However here are the logs I managed to get.

Thanks,

Luke
 

Answer:Malware scans and logs - advised to rule out.

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
 

9 more replies
Relevance 73.39%

Hi guys,

first off, wanna say thanks in advance for the help i got from the very detailed tuts om malware removal...specially here
http://forums.majorgeeks.com/showthread.php?t=139313

OK...so followed all steps and wanted to see if i actually did get rid of all the crud the pc had running !!

Ran all the recommended softwares..and attached 3 logfiles... Combofix / superantispyware / MgTools


Thanks in advance for any assistance

Please advise as to what speps i need to take now
 

Answer:Malware scans completed..attached log files to verfy cleaned

Opps..almost forgot...heres teh mgtools zip also....


thanks guys
 

11 more replies
Relevance 72.57%

I attached the log files for all programs except RootRepeal since it didn't find anything. If this log file is needed I can rerun it. The Combo Fix required a couple restarts of the computer because it found rootkit activity

If you want a description of the problem, here's my version of it. This is my work laptop that I received a little over 1 month ago and it seems like this problem started about 1 week after I got it. Every so often, usually an hour to couple hours in between, it will pop up a window that usually talks about making money from home with Google, and it pops up a second window with other advertisements. The second window is not an internet explorer window, rather the icon on the taskbar is kind of like a square with a blue top and is says: Advertisement
The problem has gotten worse over the weeks and now the computer can freeze up doing common tasks, like internet browsing. Sometimes the minimize/maximize/close button at the very top right of windows screens are not visible, the boxes are look kind of like a colorful static. I dont think I have seen that problem much recently. Yesterday it shut down like 3 times on me, all I was doing common was internet browsing. This is my work computer and it is extremely important to conducting my job so I do not browse into questionable sites. I did download a couple trial versions of syncing programs to auto-backup onto the network drive. I guess maybe I ot something from this, any help is appre... Read more

Answer:All Scans Attached for virus removal, Thanks

I meant to add how I knew it was stilla active. When trying to remember my password to this site, internet explorer crashed on me 3 times when trying to log into my email. Since then the advertisement has come up once. Internet explorer also jsut seem to have a hard time and lock up for 30 seconds or more on any screen where I have netered log in info. Otherwise, everything is fine as usual. I have been working the last couple hours and everything is normal speed unless work involves internet explorer.
Thanks again
 

2 more replies
Relevance 72.16%

I have hijack this and I did the report scan. My computer is running hard (much more CPU usage than usual) and internet explorer goes to different websites when I click links. Supposedly I am geting a blue screen when I restart because Windows is giving me that message when it starts. However, my friend disabled blue screens a long time ago, so it bypasses that. There are some strange file names directly under the C drive; they are song title folders of mine, don't worry. Here are my logs below:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Chief Master at 10:20:54.37 on Thu 09/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2615 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe... Read more

Answer:did scans, here are my logs - What Virus Do I Have ?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 71.75%

I've followed the instructions for malware removal. I am not seeing any problems, but I wasnt really before I started, just virus detection warnings from Symantec AV.
 

Answer:Logs attached malware help

4th log
 

3 more replies
Relevance 71.75%

Hi,

I followed all the steps in your READ & RUN guide but don't think this fixed the problem. Could you help please?

Internet Explorer is extremely slow in loading pages and frequently says it can't open them. Apart from this the computer seems to be running fine. I also run Firefox and this is much faster so I don't think it is my connection.

The tools all ran fine apart from combofix said I was still running Avast and Mcafee Personal Firewal and Virus Scan. I had disabled Avast from its control panel but the programs were still running and when I tried to terminate them from task manager it said "access denied".

The Mcafee products are weird relics. They came with the computer but I uninstalled them when I got it and thought they were gone. I have searched for any file or folder named Mcafee or MPF and can't find any trace of these. I have also searched the registry and used Ccleaner to check what is loading at startup. I have no idea where they are running from and no idea how to disable them.

I had one other error message when running combofix which was "Find String (QGREP) Utility has stopped working". This popped up as combofix was preparing the log.

thankyou!

Ben
 

Answer:Malware? - Logs attached

here is the MGtools log...
 

4 more replies
Relevance 71.75%

here are the 2 logs that you suggested we post. I'm new to this so I hope I'm doing this right. Thanks!

J.W. Hornsby
 

Answer:malware logs attached

Welcome to Majorgeeks!

Hi this would be the guide and logs we suggest that anyone infected with malware run, if it was suggested to run those scans in someone elses thread you read then each case can be unique as generally you dont get infected with one malware but a few, which is why the generic guide below is best to run and gives the malware guys all the info they need to get you started on removals.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.





When you return to make your next post, make sure you attach the following lo... Read more

1 more replies
Relevance 71.75%

Hi,

I've gone through the procedures listed in the thread and have attached the three logs. Performance issues started about 5 days ago. Please help if you can.

Thanks.
 

Answer:Need Help with Malware - Logs attached

Hello thouse,

1. Please open Notepad
Click Start , then Run
Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:




File::
C:\WINDOWS\SYSTEM32\mmbbruet.ini
C:\WINDOWS\SYSTEM32\hrpghxml.ini
C:\WINDOWS\SYSTEM32\phwmkdri.ini
C:\WINDOWS\SYSTEM32\yvpfrxgp.ini
C:\WINDOWS\SYSTEM32\higtsnwj.ini
C:\WINDOWS\SYSTEM32\uymwgdlv.ini
C:\WINDOWS\SYSTEM32\ulfldlck.ini
C:\WINDOWS\SYSTEM32\gloqurur.ini
C:\WINDOWS\SYSTEM32\vkeyxpok.ini
C:\WINDOWS\SYSTEM32\ymjasfpv.ini
C:\WINDOWS\SYSTEM32\eotvacdf.ini
C:\WINDOWS\SYSTEM32\qskvjijl.ini
C:\WINDOWS\warnhp.html

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66BC8AF5-53D6-44A6-9453-3F60D76D1B06}]Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

7. Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then att... Read more

3 more replies
Relevance 71.75%

Hello,
First off I want to say thank you for the extremely helpful forums and downloads!

My computer problems started at the end of April. At first my wallpaper would go blank and it would have a warning box "Warning!Your Computer is infected with Spyware!Help protect your computer and remove Spyware!Click here for more info" and then links sends me to a page prompting me to buy PC-Antispyware.
I would get periodical pop-ups saying "System Integrity Scan Wizard". Plus, multiple porn sites and different advertising pop-ups. I was able to remove those with the help of the forums, but now my computer is painfully slow. Please see my attached logs.
TIA!
 

Answer:Did Malware R&R, Please see logs are attached.

Hi mrslcook!
Welcome to Major Geeks!

In case we're crossing paths, just wanted to ask you for the Combofix log as well. If you weren't able to run it, let me know. It takes awhile for us to look at the logs and set up instructions, so thanks for being patient.

abri
 

5 more replies
Relevance 71.75%

I need help with my computer. It keeps on installaing rogue antiviruses randomly. I have been having this problem for quite sometime. I ran spybot S&D. It said I had this virus called Microsoft.Windows.Redirectedhosts and that it could not remove it. What should I do to fix my computer? I have posted the suggested logs. Thanks for any help![Saving space, attachment deleted by admin]

Answer:I need help with malware. Logs attached.

Hello prettypumpkins and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I'm really sorry for the long delay. We are working day and night and can't keep ahead of the infections.I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.Exit out of MessengerDisable then delete the two files that were put on the desktop.I notice that you are ru... Read more

1 more replies
Relevance 71.75%

Attached are my scanned logs. Thanks for any and all help.
 

Answer:Malware logs attached

Hi there and welcome.

You did not attach the correct log from Malware Bytes.
 

33 more replies
Relevance 71.75%

Hi,

I recently started getting BSoD errors due to an attempt to write to read-only memory. I removed the new hard drive I had bought as that was the only change to the system in terms of hardware [and the BSoD error recommended removing any hardware] but errors persisted.

I then tried to boot in safe mode which worked well and I found some errant .sys file in the system32/drivers folder. I ran through the WinXP cleaning procedure and have attached the log here. Can you let me know if there are any additional actions I should do to secure my system?

Please Note -
- I had to run SAS, MBAM and ComboFix in safe mode as my system would crash (BSoD) less than a minute after boot-up
- RootRepeal did not run both in Safe and Normal modes. It hung in the Initializing state [scanning for hidden/locked files...] and I had to force reboot my computer both times.
 

Answer:Malware Help - Logs attached

I am not seeing much that may be causing your issues, but let's do this:

Use windows explorer to find and delete:
c:\windows\system32\xa.tmp
C:\WINDOWS\system32\smnrl.txt
C:\Documents and Settings\Owner\Local Settings\temp\fb_424.lck
C:\Documents and Settings\Owner\Local Settings\temp\fb_440.lck
C:\WINDOWS\temp\MCE00000
C:\WINDOWS\temp\MCE00001

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip
 

3 more replies
Relevance 71.75%

Hi,
I have gone through all of the steps in the read me first page and run all of the programs listed in the order specified. Attached are the logs.
I noticed my machine running slow and consequently found a few instances of compatibilitycheck running. no idea how i got this but this prompted me to run the scans.

Any help greatly appreciated.
thanks
Andy
 

Answer:malware - logs attached

Re run Hitman and have it remove the small amount it finds.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hlnfd (system32\drivers\hlnfd.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Verifies and fixes application compatibility issues (C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlnfd (system32\drivers\hlnfd.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Verifies and fixes application compatibility issues (C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hlnfd (system32\drivers\hlnfd.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Verifies and fixes application compatibility issues (C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach... Read more

9 more replies
Relevance 71.75%

I'm using a friend's computer for a bit and am having issues with redirects, frequent ads popping up, multiple tabs opening when I click on a box on a site to input information. I went through and deleted/uninstalled the obvious programs, which helped, but went through the malware removal guide to look for anything hidden. Here they are attached. Full disclosure: I REALLY screwed up the Hitman Pro scan. Yes, I know it says not to delete the files it quarantined and identified as malware, but my screen didn't look like the screenshot provided in the instructions on this site. I thought it would be on the next page so I clicked "next", which of course went ahead and deleted those files. I recognize this may mean I may be denied help with this. I am so sorry.

Also, I ran into problems getting Malwarebytes to install and run correctly. As suggested, I changed the name of the exe file to mb.exe. After install the program opened but then this message popped up: "Malwarebytes Anti-Malware has stopped working. A problem has caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." It closes and when I try again to update it or start the scan I get the same message and the program closes. I was instructed to skip this one an go on with the remaining steps.

Here are all the logs I could get.
 

Answer:Possible Malware, Logs Attached

Please provide the log from Hitman Pro. We need this to continue with complete instructions.

But in the meantime, also do the below.

Uninstall Muvic Smartbar


Now please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

 

15 more replies
Relevance 71.75%

I think I am having malware issues - I just ran all the instructions and procedures outlined on this site. I was using comodo free antivirus and it picked up a malware earlier this morning, so I went ahead and ran the tests. Nothing seems to have come up in the logs, but here they are anyway.

I don't know if it is still on my computer or not, but I've read that it can "seem" to disappear and then come right back.

I'm getting "bing" pop-ups and when I do a google search I get this weird box the covers part of my search results that won't go away and that I can't close. It looks like what would normally appear as you are typing into the search box (like suggestions) but just stays there.

Thank you so much!

-Gene
 

Answer:I *think I have Malware; Attached all logs

The other log.

thanks,
 

6 more replies
Relevance 71.75%

Here are the results


DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 18:59:18.29 on Thu 21/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.447.146 [GMT 10:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Super_DVD_Creator_... Read more

Answer:Malware Help/ All logs attached

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

14 more replies
Relevance 71.75%

Hi,

Need some help. Was infected with BProtector and Pihar.c (I think) - did a lot on my own before finding this resource. I ran all of the recommended tools and am attaching my logs.

Help!
 

Answer:Malware - logs attached

Please use this updated HitmanPro log - the first one was ran without Internet access.
 

10 more replies
Relevance 71.34%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 70.93%

I have been having issues lately with firefox stalling and once I kill the process, explorer.exe stops responding and I have to hard reboot.

Here are the logs.
----------------------------

DDS (Ver_09-05-14.01) - NTFSx86
Run by wqer at 17:10:32.23 on Fri 05/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.319 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
E:\Program Files\D4\D4.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
E:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\MANUAL~1\procexp.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RUNDL... Read more

Answer:malware check - logs attached

Hello and welcome to TSF.

Sorry for the delayed response.

If you still need assistance, we would like to see the latest state of your system, as it has been quite a while since you posted. Please post a fresh set of logs requested in our pre-posting process outlined below:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 70.93%

Hi

Im back again with another problem only this time its with my desktop :-o
To be honest I didnt even notice I was infected or didnt notice any strange activity whatsoever.

Originally I opened a thread in the software forum to do with an error constantly showing up in event log but one of the more senior members suggested it was malware, see the thread here >> http://forums.majorgeeks.com/showthread.php?t=240808

Indeed Malwarebytes found and removed 2 file infections. I have KIS 2012 installed in this machine and its never spotted them so I dont know what to make of that :confused

I have included the logs as requested in the "read me"

Thanks and sorry for being a burden.
 

Answer:Malware infection/ Logs attached

Adding 5th log
 

8 more replies
Relevance 70.93%

Hope someone can advise :-
I've just run through the recommended clean-up program-
Ccleaner
SAntiVirus
SpyBot
Malware bytes AntiMalware
Combfix
MGtools

They have reported a problem (see logs) but not been able to remove. I anted to know how serious the problem is and if anyone could recomend a way of removing the issue.

Thanks
Andy
 

Answer:Malware infection (Logs Attached)

Just noticed the "Sticky" re "Smitfraud"

Will download and run this process and report back

Andy
 

13 more replies
Relevance 70.93%

Hi, I have a few different malware on my computer although they may have all come from a single trojan downloader. Spybot is finding Astakiller, Smitfraud-c.toolbar888, and Virtuamonde. It says it fixes them but when I run it again they still show up. I'm attaching the logs from the scans mentioned in the "read this before posting message". I have also attached 2 more logs in a reply to this message. I don't have a panda active scan log because when I connect to the internet a bunch of stuff gets loaded onto my computer and it goes all screwy before I can finish the scan. Hopefully these logs will tell you what you need to know to help me get rid of the very anoying malware on my computer. The internet is basicly unusable on my computer and I have to use a different one just to send this message. Thanks in advance for your help.
 

Answer:Need help removing malware(logs attached)

Other log file attachments

Here are some other logs.
 

9 more replies
Relevance 70.93%

Hello guys,

Thanks for this great forum, I was once helped by it some years ago, and have now got another issue, I think...

The "odd behaviour" I get varies, some of them are:


- freeze but no BSOD

- script errors on google forums

- flash crash messages on some sites

- recent items not showing many recent items

- Firefox or Chrome or others not responding often

I'm on Win7 64 SP1.

Thanks guys!
Mark.
 

Answer:Hi, Possible Malware problem, logs attached

I am not finding any malware in your logs. I suggest you post in the software forum for additional assistance.

Since you are not having any malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.




Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.re... Read more

3 more replies
Relevance 70.93%

Having isues downloading windows update and virus definitions.
logs attached. any help appreciated. thanks
Andy
 

Answer:Possibel Malware - Logs Attached

You do not appear to be having malware problems because your logs are all clean. I recommend that you post in the Software Forum.
 

3 more replies
Relevance 70.93%

Hi Guys

Great site thanks up front for any help.

Problems aren't that major i don't think. I have run all the malware removal stuff and got all the logs sorted and attached as per instructions.

I have only ran the scan for Rougekillers and not 'fixed' anything yet. There were a few issues on there as you will see. I didn't really have any major problems i don't think, i have just followed the advice of a friend to run your protocol.

I think my main problems are

1. I only have about 8 GB of space left on my hardrive (have one coming but went to wrong abode and is list in post somewhere)

2. I was running Spybot search and destroy which i think was slowing things down a little seems to be a bit better since i removed it???

3. I have foolishly managed to download a "Globasearch" addon or whatever it is, a quick search didn't reveal a resolution to this one. I've had stuff like this before but figured i'd follow the instructions of the experts.

So my guess is i run Rougekiller again and fix problems as there aren't any major threats on my system. I hope anyway.

Then go and have a proper look to get rid of the globasearch BS.

Any further direction you can provide from looking at the logs or to help clean my system and remove the globasearch will be gratefully received my knowledge is certainly limited.

Peace

Don
 

Answer:malware thread followed logs attached

Rerun RogueKiller and have it remove these items:

Code:
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : [URL]http://www.globasearch.com/?serie=32[/URL] -> Found
Now Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=32
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry... Read more

9 more replies
Relevance 70.93%

My PC has been running hotter than usual and now I am having trouble typing as the cursor keeps running back into the text. I have attached scan logs.
 

Answer:Possible Malware problem (logs attached)

and one more
 

7 more replies
Relevance 70.93%

I noticed my internet was seriously lagging and when my pen table quit working, I started nosing around. Funny, the pen table works on any other account but mine! I followed the guide and am attaching my logs.

Thanks for your help in advance!

Awe shoot, I didn't run the MGTools. Will run that and add that to the post when it's done. Sorry about that.

SQT / Laura
 

Answer:Need Help with Malware Removal--Logs attached

Here's the MGTools log. Sorry about that. SQT / Laura
 

13 more replies
Relevance 70.93%

Started out with PurityScan. Been two weeks since I started so hard to remember everything I've been able to get rid of. Have run through the preliminary cleanup steps, and on 6C/7 of posting. Additional logs to follow...
 

Answer:Help with malware, followed typ procedure, HJT logs attached

...remaining logs...only noticable problems are the popups leading to various virus products.
 

10 more replies
Relevance 70.93%

I originally posted in the software thread but was told I should try going through the malware removal steps too.

Basically, my computer closes Windows Generic Host whenever I start my computer because some program(s) is attempting to use it improperly. I then get a couple svchost.exe errors that if I hit OK or cancel will cause problems with my computer, but if I just move them out of my way, my computer seems to operate fine.

When the problem first started, I used McAfee. I now use PC Tools firewall and Avast anti-virus.

The first time I started my computer with PC Tools, it asked about several programs that were attempting to use Windows Generic Host and I denied access to all of them - not even knowing if they were harmful or not. But I still get the error messages.

Anyway, that is basics of my problem. Here are my logs
 

Answer:Not sure if I have a malware problem (logs attached)

MGlogs

Thanks!
 

8 more replies
Relevance 70.93%

Hello,

I am having some problems with my computer, which I think is a result of malware. I noticed the problem around a month ago after I had trouble opening programs.

I went through all steps but was unable to install the defogger. I've attached the logs.

Thank you for the help!
 

Answer:Malware Problems - Logs Attached

Hi there.

I am not seeing any malware in those logs. What problems are you experiencing specifically, right now?
 

11 more replies
Relevance 70.93%

Good Afternoon,

I have a user who has experienced highjacking of his browser and progressively slower operation of his system in general. Prior to my proceeding through all steps of the Malware Removal Guide he had run MalwareBytes and found multiple issues. All issues were removed while in Safe Mode and the problem presented itself again. Attached are all of the requested logs. Would you please provide suggestions on how to effectively clean the system.

Thanks,

Nick

View attachment HitmanPro_20131102_1728.log



View attachment mbam-log-2013-11-02 (16-13-23).txt



View attachment MGlogs.zip



View attachment RKreport[0]_S_11022013_161116.txt



View attachment TDSSKiller.3.0.0.16_02.11.2013_16.25.30_log.txt
 

Answer:Malware Suspected Logs Attached

Which browser(s) does this affect please?
 

3 more replies
Relevance 70.93%

Hi there,

I?ve been having problems with my computer recently, I suspect it has some malware or trojans somewhere?

I use Avira Antivir Personal as a scanner and Mozilla as a browser. In the last couple of weeks, I?ve been getting a lot of unwanted pop ups taking me to mobile phone add ons websites and today to a McAfee site. It also crashes unexpectedly, opening Mozilla Crash Reporter. The Windows firewall is turned off every time the machine is rebooted, I don?t know what?s doing this. I can?t defrag any drives either.

The Antivir event log says ?Malware found? a few times, the earliest I can find is on the 7th March. Here is what it says:

Virus or unwanted program 'EXP/ASF.GetCodec.Gen [exploit]'
detected in file 'G:\Documents and Settings\Scott\My Documents\LimeWire\Incomplete\T-3555427-metallica four leaf clover (320k stereo).mp3.
Action performed: Move file to quarantine

So it looks like it?s come from Limewire. But there are numerous others that have been detected since then, like these on the 19th:

The file 'G:\System Volume Information\_restore{6AB4395F-EF9B-437C-84F5-9A17EDE11DC2}\RP411\A0053826.exe'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
The file was moved to '49f21a77.qua'!

and

Virus or unwanted program 'TR/Patched.CK.6 [trojan]'
detected in file 'G:\Documents and Settings\Scott\Local Settings\Temp\tmp49D.tmp.
Action... Read more

Answer:Malware problem - HELP! Logs attached

Welcome to Major Geeks!

You need to attach the correct logs. Please use the below as a guide to help you. You can skip ComboFix this time since you already ran it.


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC... Read more

1 more replies
Relevance 70.93%

Howdy,

Roughly a week ago I began having issues with my computer.

My Avira began noting it was having issues with two files (qeavc.dll & lilese.dll). It also began throwing numerous warnings (40 - 50 at a time) when the machine would first boot up that a malicious file (Medfos.A.2242) had been detected and denied access.

In the last two days, booting up will be perpetually delayed at the "Loading Personal Settings" screen. With a hard restart it will then boot properly and throw the warnings listed above.

I've also noted occasional issues with Google re-directs/hijacks in IE and ran through the appropriate process on the site.

I'm running Windows XP (32-bit).

Any help you can provide would be greatly appreciated!

Logs attached.
 

Answer:Malware Issue - Logs Attached

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 24
Now install the current version of Sun Java from: Sun Java Runtime Environment

Please download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe and select Run as administrator to run it.
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\Documents and Settings\Owner\Application Data\lilese.dll
C:\Documents and Settings\Owner\Application Data\qeavc.dll
C:\Documents and Settings\Owner\Templates\1246605887
C:\ab_1.gif
C:\ComboFix.txt
C:\del_1.gif
C:\dir.bmp
C:\edu.bmp
C:\flk2.gif
C:\hj_1.gif
C:\mov_1.gif
C:\srch_1.gif
C:\srch_ans_1.gif
C:\srch_aud_1.gif
C:\srch_img_1.gif
C:\srch_loc_1.gif
C:\srch_map_1.gif
C:\srch_nws_1.gif
C:\srch_sh_1.gif
C:\srch_stk_1.gif
C:\srch_site_1.gif
C:\srch_vid_1.gif
C:\StubInstaller.exe
C:\trav_1.gif

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{... Read more

14 more replies
Relevance 70.93%

Can anyone help?

Done all the malware removal, but no progress.
The problem is intermittent seizing of the computer, for just a few seconds, perhaps every 30 seconds. This started in the last week. I did a system restore but this did not fix the problem.

Help please!
 

Answer:Malware removal - logs attached

Here are the logs, can anyone help?

Intermittent stalling, about 1-2 secs every 30 secs to 1 minute

Help please!
 

2 more replies
Relevance 70.93%

Attached are the logs from the utilities you requested. Still getting lots of pop-ups. See what you think. TDS killer log won't upload but was clean.
 

Answer:Ran all malware utilities, logs attached

Welcome to Major Geeks!

Run the below procedure to reset Firefox to defaults

Reset Firefox to Defaults


Now uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
glindorus 2013.11.07.204448
Java 7 Update 17
Optimizer Pro v3.2
WiseConvert Toolbar
Now install the current version of Sun Java from: Sun Java Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\Program Files\BetterSurf
C:\Program Files\Conduit
C:\Program Files\Optimizer Pro
C:\Users\Elisa\Desktop\Optimizer Pro.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
C:\Program Files\glindorus
C:\ProgramData\Conduit
C:\Users\Elisa\AppData\Local\Conduit
C:\Users\Elisa\AppData\LocalLow\Conduit
C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\nmsmwynd.default\smartbar
C:\Users\Elisa\AppData\Roaming\Optimizer Pro
C:\Users\Elisa\Desktop\Optimizer Pro.lnk
C:\Windows\Temp\*.*
C:\Users\Elisa\AppDat... Read more

1 more replies
Relevance 70.93%

Chaslang,
You've prompted me to start my own thread and attach my logs. I've done all of your steps. Please help me. Thanks so much.

Love,
ThenameT
 

Answer:Malware Problems...Attached Logs.

ThenameT said:





Chaslang,
You've prompted me to start my own thread and attach my logs. I've done all of your steps. Please help me. Thanks so much.

Love,
ThenameTClick to expand...

Logs

*Edit: I forgot to go into detail about what I've been experiencing. Tons of pop-ups, slower loading pages, etc. Can't really go into any more detail; typical malware infection.
 

4 more replies
Relevance 70.93%

Just finished the malware removal procedures and my computer seems to be having the same problems. I am using google chrome browser and has crashed on me a few times before. It hasnt crashed on me since i started the procedure but the internet is still not at its best. I just moved in with my gf and it is her laptop so i am not quite sure how long the computer has been having this problem. She says maybe a few months but it could be longer. I attached logs from SUPERAntiSpyware, Malwarebytes Anti-Malware, and MGtools. When i tried running combofix my computer crashed and restarted in recovery mode. I started windows normally and skipped this step. Also when i tried running Root Repeal i got an error message: FOPS- Device Io control error!. I also had to skip this step. Everything else ran fine and logs are attached. Any help is greatly appreciated. Thank You.
 

Answer:help with malware removal- logs attached.

I am not seeing much in your system, though I need you to tell me what these are:
C:\ProgramData\aPcIcEn08509
C:\ProgramData\dNpMdAm08509
C:\ProgramData\WqehTRYH.dat

If you don't know, delete them. Also delete this:
C:\Program Files\AVG

Tell me exactly what issues you are having.
 

13 more replies
Relevance 70.93%

Hi

I have noticed a gradual slow down in speed on my PC and last week did some cleaning with info from a FAQ guide from the site to speed up performance. Ran CC cleaner, IOBIT Malwarebytes etc as suggested. I often follow the guides though had not done so for some time if honest.

However, i saw some strange files on my PC which i did not know what they were when doing so, which did not get fixed or deleted.

Some of these were in a few new folders which i think was portuguese for documents & settings, and were spurious file names. There was a lot of bmp images and some .exe files.

I also saw some strange files created which seemed to be control panel extensions, which were created about the same date as the suspicious files.

Yesterday, i received a warning from google that my website had malware on
Code:
http://childjuniorisa.co.uk/
. Not sure if this is connected or not so thoughts really appreciated. The site is wordpress and in the upload folder there were 10-20 php files which should not have been there and also 2 zip files, named satan.zip

Also, there was a bit of javascript that was creating an iframe on the pages of the site. This had been added to the widget sidebar function of wordpress.

I deleted the files, changed passwords and removed the javascript. Whilst the site is still blocked i can not see the dodgy iframe in the source code.

I have this morning followed the xp malware removal process and attached all logs.

I would real... Read more

Answer:Malware on PC and into WP files, logs attached

Rerun Hitmanpro and have it delete what it finds.

Delete these files:
C:\Documents and Settings\All Users\dldo
C:\Documents and Settings\All Users\xGT2o97Y.exe

Delete this folder:
C:\Documents and Settings\All Users\hBJCyUZ9H0GAZsy

Reboot, has it still gone?

Unfortunately we are unable to assist with the removal of malicious code from your website.
 

7 more replies
Relevance 70.93%

Hi all,

I've recently been having some problems with trojan horses and perhaps some other viruses. These were detected by my AVG free but it couldn't get rid of them. The only specific things they were doing were popping up pop-ups that were supposed to look like windows virus alerts to make me click on them (which i didn't), but AVG was popping up frequently warning of viruses.

I've run all of the scans etc. and have attached all the logs. The only problem I had with testing was that I couldn't manage to get rid of AVG fully when running one of them (I think it was Malwarebytes), but i then managed to get rid of it before running the later ones. If you think I should re-run this test then let me know! also, when running superantispyware i think my computer shut down during the first scan, so re-ran it - if it'd be helpful to see the log for the first scan too then let me know.

There's one more log to attach which I'll attach in the next post.

Any help would be really really appreciated!

Also: as i've now uninstalled AVG, is there any free AV software that you'd recomend over AVG to stop this happening again?

Thanks again,
Chris

View attachment SUPERAntiSpyware Scan Log - 08-12-2009 - 01-07-04.log



View attachment mbam-log-2009-08-12 (22-06-08).txt



View attachment ComboFix.txt



View attachment RootrepealLog.txt
 

Answer:Malware problems - logs attached

Final log attached - Thanks again for any help you can give!!
 

5 more replies
Relevance 70.93%

About the problem:

It started when I found out that I couldn't install Java Runtime Environment, after my attempt to re-install when it failed.
I was getting the error: "The installer cannot proceed with the current Internet Connection settings".
Thinking this was a problem with either my settings, I checked that IP and DNS was set to dynamic (which were the way they were supposed to be)

After "googling" the problem, I saw a post which said java's connection goes through IE (or something like that), so I checked that everything there was the way it was supposed to be, which it was not.
the only thing that happens when i run IE, is a ugly white page saying "Internet Explorer cannot display the webpage"
And if I try to go to google.com, i get redirected(?) to "http:///"

Thinking this was a problem with my internet connection, i called my ISP, hoping they could fix the problem.
As I had customer service on the phone, I noticed that Spotify couldn't connect either, and Rainmeter began to fail downloading news etc..

Yesterday, folders started to open up in new windows instead of the same.
I've checked my settings and registry, and everything is the way it's supposed to be.

I'm now pretty sure this is malware..

tl;dr

-"Internet Explorer cannot display the webpage" + Redirected(?) to "http:///" no matter what i write in the URL.
-Can't connect with Spotify
-Fol... Read more

Answer:Malware Removal -- Logs Attached

I am not finding any malware in your logs. I suggest you post in the software forum for further assistance.

Since you are not having any malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
Go back to step 4 of the
READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.
After doing the above, you should work thru the below link
How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0
 

3 more replies
Relevance 70.93%

Hello,

I have a malware infection. It started about two and a half months ago when I noticed that when I would click my mouse, it would double click instead of single clicking. I also noticed I would have trouble selecting files. It caused weird selection problems for me in Sony Vegas as well. Around that time or just a couple weeks later, I noticed that when I would search in Google, I would get redirected when I clicked on a link. I'd get redirected to a site that had nothing to do with what I had clicked on.

I have run all the malware removal programs the sticky said to run, and the first three logs are attached. When I go to Google, the redirect problem isn't as consistent as before, but it still happens. I haven't noticed the file selection problem or the double-click problem happening anymore.

Thanks in advance for your help.
 

Answer:Malware infection--first 3 logs attached

Malware infection--last 2 logs attached

Hello,

I have a malware infection. It started about two and a half months ago when I noticed that when I would click my mouse, it would double click instead of single clicking. I also noticed I would have trouble selecting files. It caused weird selection problems for me in Sony Vegas as well. Around that time or just a couple weeks later, I noticed that when I would search in Google, I would get redirected when I clicked on a link. I'd get redirected to a site that had nothing to do with what I had clicked on.

This is my second post. I have run all the malware removal programs the sticky said to run, and the last two logs are attached. When I go to Google, the redirect problem isn't as consistent as before, but it still happens. I haven't noticed the file selection problem or the double-click problem happening anymore.

Thanks in advance for your help.
 

6 more replies
Relevance 70.93%

I have ran the Run me First and attached the requested logs. Im hardly running any programs on my machine and its using over 4.5GB of memory. When I view processes I dont see anything unusual using too much memory. When i visit performance my memory and cpu usage is over 50% just to run skype, ff and chrome.

Please review the logs and let me know what I should do.

Thanks,
Jesse
 

Answer:Malware Removal (logs attached)

Uninstall Browser Manager

Rerun Hitman and have it delete the following item, under the heading Malware:




C:\$Recycle.Bin\S-1-5-18\$16684981d1919889f005ff579782d1b9\U\[email protected] to expand...

Also have it delete Suspicious files, Malware Remnants and Potentially Unwanted Programs.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 5 detections:


[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2119853154-108281473-1720115173-1000\$16684981d1919889f005ff579782d1b9\n. [x]) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$16684981d1919889f005ff579782d1b9\n. [x]) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$16684981d1919889f005ff579782d1b9\n. [x]) -> FOUND
[V1][SUSP PATH] DSite.job : C:\Users\stoi2m1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] DSite : C:\Users\stoi2m1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND


Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.



Please disable all anti-virus an... Read more

3 more replies
Relevance 70.93%

I have run the Malware removal and cleaning procedure and have attached the logs. Honestly, I don't know if I am having problems but felt I should at least have someone look at the logs. I ran the cleaning procedure because my son was using MS paint and the computer was being unusually slow and then it cleared my desktop background when he closed paint and all I had was a tan desktop background with my icons. The tan background reminded me of the last time I did the cleaning procedure and I got that result after I ran combofix.

I only had two issues when running the programs:
Root Repeal:
It seemed to scan fine but when I clicked save report it said, "could not create file". I had the window for saving it but the window with the name of the file was blank. I entered the name manually and that is what you will see attached.

MGTools:
When it was all finished I had the following message:
"Scanning complete. YOur log file is c:\MGlogs.zip
Hitting any key will close this command prompt window. Press any key to continue. "
I pressed a key and it closed the program. This was not a problem but it did not mention that I would get this message in the directions so I wanted to make sure all was OK.

Thanks in advance for your time and assistance!
 

Answer:Logs attached Re: Malware removal

Log attached Re: Malware removal

I hope I am doing this right. I sent the first four logs in a previous thread and am now attaching the MGTools report.
 

7 more replies
Relevance 70.93%

The main symptom was that it changed a registry value involving exe files, causing the system to ask you to select a program to run the file when it was an exe an should run by itself. I ran all of the steps in the removal guide except for the MGtools, because i could not get it to work. It kept saying that the file was not a valid program or batch file.

here are my logs:
 

Answer:malware infection, logs attached

Are you able to now run exe file? If not, go here:
http://www.dougknox.com/xp/file_assoc.htm --> scroll down to the ninth file fix.

Try renaming C:\MGTools.exe to C:\MGTools.com and see if it will run. (Note: if using Vista, don't double click, use right click and select Run As Administrator).

If not, please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

Please put ComboFix directly on your desktop as we instructed you, not here:
"Running from: E:\ComboFix.exe"

 

11 more replies
Relevance 70.93%

Did the best I could on my own, but stuck!Smitfraud and Virtumonde seemed to be the main culprits, and they were hard to get out,  Malware bytes finally showed a clean scan in Safe Mode.However, when i try to restart in normal mode, my desktop is just blue (all the icons are there though) but I cannot click anywhere or do anything, including cntrl-alt-delete.So I'm stuck.First, the facts:XP home, SP3HP Pavilion, Intel Celeron, 1.70GHz, 1GB RAMI use Avast! anti-virus, the free version.Prior to this problem, I had Spybot S&D, Adaware2008 & Vundofix.I googled this problem and read some other stuff and ran Smitfraudfix, Malaware, Spywareblaster, CCleaner before I came to this site. Then I I followed all the steps on the sticky here, EXCEPT the following:--I can't install the new the Sun Java. It gives that bogus "administrator access" error. --Same with the SUPERAntivirus software. I even downloaded the suggested link from superantivirus.com, suggested for when that error message appears, but it still happens just the same.I looked these up, and apparently it is a common problem but I think the next step in fixing them is attaching the HJT log here...WHen I ran Malwarebytes, the first time it showed LOTS of really ugly things and I just got rid of all of them. (attached, "FIRST")The second time, only 3 were found (attached "SECOND")The third time, all clear (attached, "LAST")I really hope I didn't screw up any re... Read more

Answer:Logs attached, need next step for malware fix

Welcome to CH.Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.Then search for TDSSserv.sysLet me know if you find this or not.If you do find it, right click on it, and select ?Disable?. Do not try to uninstall it.Also if this is found and you disable it.Now reboot..Try going into Normal mode now. If not then use Safe Mode to run HijackThis.----------Open HijackThis and select Do a system scan only.Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {5AAABBC4-A5B8-4BBC-92E7-64A0EDBF8476} - (no file) O2 - BHO: (no name) - {B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - (no file) BHO: (no name) - {F23D9E6C-69E5-4D47-8DAA-F942D83A84CD} - C:\WINDOWS\system32\jkkKbARJ.dll (file missing) O4 - HKLM\..\Run: [brastk] brastk.exe O4 - HKLM\..\Run: [Qrawuv] rundll32.exe \"C:\WINDOWS\oporijeg.dll\",e O4 - HKLM\..\Run: [2db55a04] rundll32.exe \"C:\WINDOWS\system32\lowxetbq.dll\",b O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User \'SYSTEM\') O20 - AppInit_DLLs: zzpsku.dll O20 - Winlogon Notify: yaywvtUN - yaywvtUN.dll (file missing) O20 - Winlogon Notify: __c00328F9 - C:\WINDOWS\ .Important: Close all windows except for HijackThis and then click Fix checked.Exit HijackThis.----------Note: the below instructions were created specifically for this user. If you are not this ... Read more

14 more replies
Relevance 70.93%

First 4 logs
 

Answer:Malware problems - Logs attached

Malware problems - More Logs attached

Last 2 logs (total of 6)
 

6 more replies
Relevance 70.93%

HI,
I was infected with IS2010 and I think I removed it by following the instructions on the site and using Malwarebytes and using the other steps indicated. I reinstalled Malwarebytes as instructed (because I had to do a "go around" to get it installed the first time) and Adware. The first scan with Malware detected 92 infected files which I removed. After reinstalling it properly, I found 4. Adaware was clear. But there still seem to be lingering issues. I am getting error messages on start up still and I can't seem to delete some start up programs or processes that I think may be the culprits. I ran something that told me what my startup process are (I think this is one of the attached files, but I am so confused at this point that I am not sure it is included) but couldn't figure out what to do with the info.
I have gone through all the steps required in creating various logs. Here they are. My apologies if I have messed up in what I am supposed to post. Let me know if I need to redo something. I hope someone might be able to help. Thank you so very much.

Answer:Malware persists? Logs attached

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

11 more replies
Relevance 70.93%

Ran through the READ ME, only issue I had was Root Repeal hung at the Manifest folder, so didn't complete that.

Thanks in advance.
 

Answer:Malware problem - logs attached

Welcome to MajorGeeks, rexnervous.

*You didn't say what malware symptoms you are experiencing.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

2 more replies
Relevance 70.93%

I beseech other members of the tech community for assistance in solving a possible Malware issue. Three log files are attached, and I am describing what I do know below. Before going any farther, though, I want to thank anyone who takes the time to read it.

Description of issues:

1. Web updates of popular malware removal programs do not work. This includes SpyBot, SuperAntiSpyware, AVG Anti-Virus (free edition), and Avast. Either the updates will crash the program or simply will not progress.

2. Windows Update is not accessible. The browser either freezes or closes. Sites with information on them (for example I tried searching for the malicious software removal tool) are inaccessible as well.

3. Other web sites are inaccessible. This includes, for example, bleepingcomputer.com. This is also related to why I don't have a ComboFix log to post - I could not find instructions that were not linked to bleepingcomputer, and the link would not open. Of course, their site could have been down briefly in the time I went there, which I can't rule out before posting this.

4. I will be automatically redirected to commercial sites when I try to visit online scanning web sites. An example is being redirected from Trend Micro's House Call site to a different one that also purports to scan your computer. The site most likely contains spy/malware as well.

5. Some programs (for example, World of Warcraft) will not run. WoW was actually what tipped me... Read more

Answer:Malware issue, logs attached

Combo is right here:
C:\Documents and Settings\Tim\Desktop\cf.exe

I am not seeing any malware. Please run:
ATF Cleaner by Atribune.

Now attach the combo log and tell me what issues you still have.
 

7 more replies
Relevance 70.93%

I followed the steps for the Malware Removal and am attaching the logs for analysis and follow-up.

Any help is greatly appreciated.

I continue to get Virus pop-ups from Norton and my computer continues to get random pop-up messages through IE, although I am running Firefox as my browser.

I did not get a log report from Combofix, as it just froze on the screen for over 25 minutes after it was finished with the scan trying to create a report. I hope that doesnt hinder the help.
 

Answer:Malware Removal - logs attached

Let's see if we can get Combo to work.

First, Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {a7de2dd3-083e-4e09-82b1-54f949e2aa48} - zehigipu.dll (file missing)
O4 - HKLM\..\Run: [abouuo] C:\WINDOWS\system32\abouuo.exe \u
O4 - HKLM\..\Run: [Rfito] rundll32.exe "C:\WINDOWS\omilatoq.dll",Startup
O21 - SSODL: IvYYlS - {704EA8B1-DAE4-021B-0E8D-C33281BD572A} - (no file)Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code... Read more

7 more replies
Relevance 70.93%

I am helping my wife's friend with some malware issues. I have run all of the programs that you suggested and attached the logs. I also tried to download VundoFix but it is not available right now. I think that most of my problems are solved (popups, etc), but I wanted to see if you could take a look at the logs and see if there is anything else malicious that I have missed.

3 logs attached to this post, another will be added to the next.

Thank you very much!

Jennifer
 

Answer:Malware removal help - logs attached

MGTools log attached

Thanks again!

Jennifer
 

8 more replies
Relevance 70.93%

Hi - I've got a million spies and malware-ish things on my browsers. Here's what I've done so far:
 
I've run Spybot once a day for three days. Every day, new malicious items to delete.
I've run Ad-Aware.
I've run scans with Malwarebytes.
I am using Avast as my anti-virus, and have run scans with that as well.
Each of these programs has been updated as recently as last night.
I would appreciate any help you can give. Thanks so much. Logs attached.
Steven
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_30
Run by Steven Simon at 23:58:43 on 2014-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.920 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svch... Read more

Answer:Malware! DDS and Hijack This! logs attached

Good evening. Download OTL by OldTimer from here and save it to your Desktop. Double click the tool to run it. Click the Quick Scan button and allow it to do it's thing. Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt It should also save copies in the same location as OTL. I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another. The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

8 more replies
Relevance 70.93%

I have completed the 'Read and Run me' and have attached logs.

I run Windows XP, Pro, 2nd service pack (I do not seem to be able to get 3rd service pack despite being prompted to)

I believe initial problem may have started when old AV software became outdated in Sep this year. First I noticed was inability to link to many search results from google. System probably began to slow... Unbeknownst to me I was also blocked from receiving Windows updates, I do not know when from but prob Sep... I think read and run me may have remedied this now however and note that whilst running read and run me, windows was often downloading updates, although I tried to run stages between downloads.

I was also blocked from receiving most AV online downloads - error message was to effect that I did not have an internet connection (I did) - I could only get Trend Micro, so that is what I currently have (90 day free trial)

To my shame I installed Winiguard when directed there approx 2 weeks ago and things got worse! I now have the 2 pop ups although their frequency may have lessened but prior to running read and run me I had already 'uninstalled' it and removed certain related files and Registry entries.

please help. thanks.
 

Answer:Malware, Winiguard & Ors?, logs attached

4th attachment
 

3 more replies
Relevance 70.93%

Hello,

Computer having issues with start up/shut down, slow performance and poor wifi connectivity (unrelated?).

Any help is greatly appreciated.

Thanks in advance,
 

Answer:Malware present logs attached

You do have a little junkware to cleanup and we will do that, but most of your slow startup issues are just due to all the stuff you are loading at boot up that you do not need. We will fix some of this too even though not a malware problem.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=184C0015C56E5AF0&affID=121441&tsp=4923
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Madman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Pro... Read more

5 more replies
Relevance 70.93%

Hi. I have gathered the logs as stated the Read & Run Me First thread. The logs are attached. The problem that I am having is that I clicked on a link to update flash player and McAfee detected and quarantined a pwszbot-fml! trojan. I don't think McAfee completely removed it though. So I found your site and as stated before ran the logs. I would appreciate any help you can give me. Thanks
 

Answer:Malware Removal Help - Logs Attached

Welcome to Major Geeks!


Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\Users\Mike\AppData\Local\fiolgor.dll
C:\Windows\System32\drivers\etc\hosts.txt
C:\Users\Mike\AppData\Local\Temp\392043679.bat
C:\Users\Mike\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Mike\AppData\LocalLow\AskToolbar
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
C:\Program Files (x86)\Ask.com
C:\windows\system32\drivers\etc\hosts
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-3140580449-818011052-2382065171-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154... Read more

5 more replies
Relevance 70.93%

Hi, Guys. I started having a problem with my laptop computer about 3 weeks ago. I was not doing anything in particular and don't recall downloading anything other than an Adobe file occasionally. I suddenly had a small window popping up. It was constantly blinking. The IE page behind it was blinking also. Across the top I was able to see something like the words Windows Program Developer Tools. I think the name of the IE page preceded those words. In the body of the page were some tabs across the page, such as HTML. I constantly tried closing it to no avail. I couldn't close or minimize any page without clicking for several minutes. I couldn't open any links by clicking. I had to right click and open everything as a new page. I tried rebooting. shutting down completely. I checked all the connections. Everytime I logged onto IE, the page would pop up. I googled the name and learned it is a legitimate program in Windows. Finally, after a few days, I minimized it, and it stayed minimized. When I closed IE, it disappeared and I haven't seen it since. However, the webpages on IE still constantly blink, and I have all the other problems as well.

In the meantime, I have OpenOffice Word Processor, and that is not working properly. In my email and in my word processor, I can't drag my mouse over a selection of words to copy them. If I can select them at all, I have to start at one point, hold the shift key and go to the end point and place the curser there... Read more

Answer:Malware Removal Done, Logs Attached

I am not finding much in the way of malware in your logs. However, you have too many AV programs installed:
You had AVG and still have:
COMODO Internet Security
Norton Internet Security 2006 (Symantec Corporation)

Use windows explorer to find and delete:
C:\Documents and Settings\Elaine\Templates\kqxjax25212syk721811b172n8n71yg66c

Tell me what issues are remaining after removing all but one AV program.
 

13 more replies
Relevance 70.93%

Thank you for your help
i fixed with spybot 295
there were 303 in total
8 unfixable
 

Answer:Malware problem/ all logs attached

here are the other logs
i will be on tommorow morning to check the thread i have been working on this for 11 hrs cause the computer is so messed up lol
 

7 more replies
Relevance 70.93%

I have a possible malware infection that I cannot find. Recently, I have been experiencing the following problems:
IE randomly dying
XP hanging and requiring a power cycle (sometimes at the welcome screen)
tmproxy also frequently dying

I have tried multiple AV and other scanning tools (Trend Micro, VirtumunoBeGone, SpyBot, SAS, FixVundo, Trojan Remover, etc), and a couple of them found and removed Vundo and Winfixer and Dropper, but I am still having the same problems I am not sure that I have gotten everything, so I am now appealing to others for their help. I went through all the steps and have attached the requested logs. Please help. Thanks!
 

Answer:Possible malware infection. Logs attached.

Download The Avenger by Swandog469, and save it to your Desktop.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Extract+ avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:




Drivers to delete:
tmvsthfss
tmvsthfud

Files to delete:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\tmvsthfss.bin
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\tmvsthfud.bin
C:\WINDOWS\temp\rg4sfay
C:\WINDOWS\temp\ydf8dkClick to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip
 

16 more replies
Relevance 70.93%

Attached are the logs.

Thank you incredibly so much for your help!
 

Answer:Malware Infection - Logs Attached

Attached are the MG logs.
 

6 more replies
Relevance 70.93%

My son rcently added the ares P2P software and afterward started having adjsted backgrounds and un able to get to the internet.   We had AVG 7 free addition AV up and running,  did some research and found that its no longer really supported so was looking for a suite application and installed the http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/.  It initially found the trojan.fakealert                                              c:\windows\system32\sbwltbxa.exetrohan.Vxgame.CWS-hijacker                         c:\windows\system32\ahtn.htm                                                                          c:\windows\system32\warning.gifit quarentined them but the next scan found the same thing.   So I followed the advice and attached the logs.So i was hoping someone could help me with this as the software i installed with directions found so many other things wrong or potentially harmful,  also could someone suggest a good anti virus/ malware firewall suite that is a reliable suite.Thanks in advanceDan    [attachment deleted by admin]

More replies
Relevance 70.93%

Hello TSF,
Thanks in advance for checking out my thread. There is some sort of malware infection on my laptop. Received it a few days ago. I saw a previous thread with a similar attack (hxxp://www.techsupportforum.com/forums/f284/antivirus-software-alert-444545.html) but it went dead because the guy didn't respond. Anyway, it has many popups appear and won't allow me to use any internet browsers, task manager, etc. I did the steps outlined in the Sticky, although wasn't able to execute the programs normally, had to use Safe Mode...does that matter? Anyway, notes on the problem, then logs follow...

Various boxes/messages that appear...

-Security Warning
Application cannot be executed. The file [any currently running process].exe is infected. Do you want to activate your antivirus software now?

-Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar.
DETAILS
Attack from 100.9.11.65, port 38075
Attacked port: 55169
Threat: BankerFox.A
Do you want to block this attack?

-Windows Security Alert
Application cannot be executed. The file [any currently running process].exe is infected. Do you want to activate your antivirus software now?

-Windows Security Center
Virus Protection - Out of Date

-Internet Explorer
porno.org

-Spyware Alert!
Vulnerabilities found
Your computer is infected by spyware - 34 s... Read more

Answer:Malware problem, logs attached

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

P2P - I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at TSF are complete.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------... Read more

6 more replies
Relevance 70.93%

Hi, here are the logs of the malware removal process.

the problem that i had, was that unexpectedly my firefox browser, it shutted down at certain times.

thanks for your help.
 

Answer:malware removal, logs attached

the last log
 

6 more replies
Relevance 70.93%

I'm new to posting to this forum, but I've been reading it for quite some time. I'd really appreciate it if someone could help me with this. I'm getting those darn toolbar popups that are driving me crazy!!!ThanksDave~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.1Scan saved at 8:32:22 PM, on 10/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\syst... Read more

Answer:Malware Infection - Logs Attached

Here is the SmitFraudFix Log as well...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SmitFraudFix v2.117

Scan done at 20:41:29.96, Tue 10/31/2006
Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

???????????????????????? C:\
???????????????????????? C:\WINDOWS
???????????????????????? C:\WINDOWS\system
???????????????????????? C:\WINDOWS\Web
???????????????????????? C:\WINDOWS\system32
???????????????????????? C:\Documents and Settings\Dave
???????????????????????? C:\Documents and Settings\Dave\Application Data
???????????????????????? Start Menu
???????????????????????? C:\DOCUME~1\Dave\FAVORI~1
???????????????????????? Desktop
???????????????????????? C:\Program Files

C:\Program Files\VideoKeyCodec\ FOUND !
C:\Program Files\VirusBursters\ FOUND !

???????????????????????? Corrupted keys
???????????????????????? Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


???????????????????????? Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!&#... Read more

3 more replies
Relevance 70.93%

Hi All,

Just another sucker that bought a used computer and forgot to update Java Runtime. I got what I thought was a Vundo virus: tons of pop-ups, blocked websites, inaccessible regedit, etc. I went through the entire clean-up process as per Majorgeeks instructions and I have attached the logs. Everything seems to be fine now, but I want to make sure everything's kosher. Thanks for everything, this site is a golden kernel of corn hidden in a mass of online crap.

Apocrita
 

Answer:Vundo malware. Need help - attached logs

Here's the other log file.

Apocrita
 

2 more replies
Relevance 70.93%

Someone here downloaded a file yesterday and it installed Yahoo toolbar and 7Zip, and maybe other things. Internet Explorer is not working. I'm trying to reinstall it. I've been to the Malware Removal page and downloaded and run per instructions there, MGtools, HitmanPro, tdsskiller, Roguekiller, and Malwarebytes would not run. It kept getting error messages when trying to install.

Please have someone look at these log files and advise me what to do. The log file from tdsskiller was from when I ran it this morning. I think it found and killed something at that time. When I ran it again it didn't find anything.

Thanks,

Jim
 

Answer:Suspect malware logs attached

I am not finding any malware in your logs. We can clean out some junk, but you may need to post in the software forum for additional assistance.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

 

3 more replies
Relevance 70.93%

I started out with BSOD problems and posted a thread (http://forums.majorgeeks.com/showthread.php?t=182186) which helped me resolve those issues, or so I thought. Then this morning AVG started spitting out all sorts of trojan warnings. (I don't know if these two events are related, but wanted to include the info in case it helps....)

I also was using COMODO but have had problems getting it configured so that I can access all the computers on the network - I need to for work purposes get to others on the network...

As I was going through the malware removal process, when it came to ComboFix I couldn't get AVG to shut down. I even disabled it in MSCONFIG and rebooted and it was still there. (COmboFix was giving me warning and it was showing up in the Task Manager. So I uninstalled COMODO and AVG, ran the final scans. I've reinstalled AVG, and moved to Online Armor for my firewall.

Attached are the logs. Please let me know if you see anything I need to do next.

Because there was malware found in the different scans, I've toggled my System Restore.
 

Answer:Malware procedures followed Logs attached

Here are the rest of the logs. I've also attached the log from Spybot in case anything in there helps.

It seems like a lot of infections but all of the same general kind.

Thanks!

UPDATE:

I'm trying to reinstall AVG, and I get the following error:

Local machine: installation failed
Installation:
Error: Action failed for file avgtdix.sys: starting service....
Error 0x80070014

Not sure what this means. I'll reboot and try again.
 

12 more replies
Relevance 70.93%

I have been having some issues with my desktop for a while now. It has been running super slow, especially the past couple of weeks. It takes forever to open up anything at all, whether it is a browser or just windows explorer.

Also, I have been hearing random static in my speakers for the past couple of years. I've checked everything to do with my speakers and I cannot find a reason for it. I didn't think it had anything to do with a virus until I happened upon another person's thread in another forum stating they had found a severe Rootkit virus, or whatever, that they thought caused the crackling sound. Figured it couldn't hurt to mention it.

I just want to clean out my computer and make it run faster. I tend to have multiple things open at once, so barely being able to open a browser is frustrating. I know a little bit about computers but not a whole lot. Any help is appreciated. Oh, also, the first time I ran RogueKiller I got a blue screen of death. It completed without any issues the second time. Here are my computer specs:

Dell XPS ONE
Processor: Intel Core Duo CPU E4500 @ 2.20GHz
Memory: 2 GB
Windows Vista 34-bit
 

Answer:Suspected malware...attached logs. Please help!

Hi Chrissyade,

You are indeed infected with malware.

First, can you please zip this file and attach it to your next post for analysis?


C:\Users\Cat\AppData\Local\rwm.exe

__

Next, reopen RogueKiller and run another Scan.
When the scan is finished, press the Delete button.
Attach the latest RogueKiller (delete) log for review.

__

From Programs and Features (via Control Panel), please uninstall the below:


AVG PC Tuneup 2011
Driver Detective
Java(TM) 6 Update 37
Java(TM) SE Runtime Environment 6
Search Protect by conduit

__


Please download and run AVG Remover

__

Now, download and run AdwCleaner.
When the program opens, press the Delete button and reboot when requested.
Attach the log from AdwCleaner that appears after the reboot.
The log can be found in the root of your C:\ drive (C:\AdwCleaner[S?].txt )

__

Please download Junkware Removal Tool to your desktop.

Please save the work in your browsers before proceeding.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Double-click JRT.exe to run (Vista/7 right-click and select Run as Administrator)
Press any to key to begin scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Please attach JRT.txt to your next message. (How to attach)

 

7 more replies