Computer Support Forum

Help with malware removal- have run malware removal instructions

Question: Help with malware removal- have run malware removal instructions

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

Relevance 100%
Preferred Solution: Help with malware removal- have run malware removal instructions

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.

18 more replies
Relevance 84.68%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 84.68%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 83.81%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 79.46%

Yesterday my computer was attacked. I had a black screen with red letters stating "Warning! Your're in danger? Your computer is infected with spyware. Also my one of my icons in the lower right tray kept poping up saying "warning your computer is infected". Then I had popup window keep coming up in the middle of my screen that said "Security monitor warning system detected a potential hazard TrasanSPM/LX". I put my computer in safe mode and ran AVG 8 and Spybot but kept getting the same. I then went through all of steps that you have posted and it seemed to have worked, although I do have one file in add/delete directory that will not delete (My Way Search Assiststant). Also, when I was following your steps, SAS would not complete the scan so I ran MBAM first and then came back to SAS and it scanned okay the second time. I would really appreciate it if you would look through my attached files to insure that all problems have been elimated. Thank You!
 

Answer:Followed Malware Removal Instructions

Welcome to Major Geeks!

You did not attach the requested log from MGtools. We need this to finish your cleanup.
 

5 more replies
Relevance 79.46%

Hi,

I've found the online Malware Removal document to be very helpful... however there are times when I've been at client sites where a PRINTED version of the entire document would be **very** useful. Is it possible to get a complete PDF of this, including the various pages accessed by links within the document? Thanks.
 

Answer:Malware Removal Instructions

Welcome to Major Geeks!

Sorry but no we do not make it available in PDF format. The instructions are constantly changing to keep pace with malware. The tools and links in the READ ME also change over time for the same reason. There are many many links reference in the READ ME, and it would be a ton or work to actually get all of the webpages into PDF form and by the time we did, they would be out of date. In addition, we really have no need for this since the current online copy is always what we want people to use.
 

1 more replies
Relevance 79.46%

Hi Majorgeeks,
I made the Malware Removal/Cleaning Procedure on my computer. All came clean except for RogueKiller which find 4 issues in the registry. Can I delete them? Will this make my computer clean?
Please find attached the 5 requested logs.
Thanks a lot for your help!
Best,
indis07
 

Answer:Help - Malware Removal after following instructions

I am not finding any malware in your logs. What issues are you having?
 

3 more replies
Relevance 78.59%

Hi,

On this particular machine, I'm running Windows 2000, SP4, with all the latest updates.

Occasionally, while browsing major news sites and reputable online stores, I'll get a short period of IE6 windows automatically opening up that contain unwanted ads. These are not the type of ads that the sites I'm browsing would want to be associated with.

I'd like to get rid of this distraction and make reasonably certain that this machine is generally clean of malware.

The only questionably sane installation I did recently was to try the MaxPCSecure's free Spyware Detector scan. I've since uninstalled that program.

The latest freeware versions of Spybot and Ad-Aware don't pick up anything unusual in this regard.

What's the link on this site to the most current generic malware removal instructions that would apply to Windows 2000? I'm thinking that I could first run through such a set of instructions to see if that would eliminate the pop-up malware.

Thanks
 

Answer:Most Current Malware Removal Instructions?

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
Note:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
 

3 more replies
Relevance 78.59%

Hi! I followed the instructions to delete malware on my computer by installing Adware, Search and Destroy, CCleaner, etc. I have attached the two logs summaries. Can you take a look at them and let me know what to do. Before find this website and the instructions, I would delete them with Windows Defender or Norton Antivirus and they would reappear after a while. Any suggestions?? Thanks again for your help!!
 

Answer:Results after following Malware removal instructions

Welcome to Majorgeeks!

You did not say what it is that you were deleting and what was returning???

Also you forgot to do step 7 of the Read & Run Me. But based on your Panda log it would appear you need to run one of the other sticky threads first before attaching a HijackThis log. Run this: SpywareQuake Removal Procedure
 

1 more replies
Relevance 78.59%

Hello,
I picked up some malware on my desktop. How, I'm not sure, as it was behaving normally, then I unplugged it to move it, tried it out in its new location (without internet access), and when I returned it to its old spot (with internet access) and started it again it was very slow, and pop-ups appeared.

I followed the instructions. Two notes:

*TDSS asked permission to reboot so it could scan more completely. I scanned it without reboot first, then with reboot.

*When I downloaded MG Tools.exe I got a message I could not save it in C drive so I saved it on my desktop and ran it from there. The zipped log appeared in the MG Tools folder and its name is not exactly the same (it's MGlogsR instead of MGlogs) as in the instructions. Now I find I can drag the exe file into my C drive (I'd wrongly assumed I would not be able to do that after downloading).

After following all the Read Me First instructions yesterday, the desktop is running at its usual speed now, but I just encountered another unusual pop-up (a shaking box warning about Java--not legit) so I don't believe my system is totally clean yet. A check of the logs would be much appreciated--Hitman Pro found several Trojans which I ignored per the instructions.

Thank you for your help,
AddyDog
 

Answer:Malware removal help - Read Me First instructions have been followed

Hello, AddyDog

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\laddison\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O20 - AppInit_DLLs: c:\progra~3\perfor~1\perfor~1.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

After clicking Fix, exit HJT.

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
Ask Toolbar
Java 7 Update 67
Shoppi... Read more

6 more replies
Relevance 78.59%

i am running a removal on a family member's comp.

they may have gotten a rather bad one.

occasionally it does not allow OS boot
they booted this morning and their ICQ may have tried(and partially succeeded) in nuking another comp

i followed instructions in read & run, logs are attached

i need to know if anything in the logs are dangerous and need to be removed.
 

Answer:malware removal Read Me First instructions have been followed

and their ICQ may have tried(and partially succeeded) in nuking another compClick to expand...

A chat program almost nuked the machine???

Reviewing the logs now...
 

7 more replies
Relevance 77.72%

Welcome to Tech Support Forum

Virus/Trojan/Spyware Removal Help (formerly Hijackthis Log Help)

* DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk * It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

=============================

How Soon Can I Expect Help?

=============================


Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.

If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will... Read more

Answer:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

2 more replies
Relevance 77.72%

I believe I still have root kit or something else. I can't connect to wireless and If it helps the big problems began when I downloaded a media codecs file and AVG from CNET website. Neither file worked at all and C:\$AVG file keeps returning no matter how many times I delete it. Also After I downloaded AVG and was trying to run it my comodo firewall went nuts and was allowing everything. And I keep blue screening when I start sorting through files.

I followed the instructions to, "The NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help" And here are the Logs...



.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:53:39 on 2011-06-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.493 [GMT -6:00]
.
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report =============== ... Read more

Answer:RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Hi,

Please do the following:
Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

2 more replies
Relevance 77.72%

Hello,

Sorry for the length of this post, but I try to describe in detail what I've done. I have used the instructions in the "READ & RUN ME FIRST. Malware Removal Guide".

The reason I have done this is, because Avast On access scanner periodically alerted me to trojans in the temporary internet folder for the past two weeks. I instruct Avast to delete these files but the messages always come back a short while later. Two days ago it started alerting me of blocking access to a malicious site (the url for this site is garbled and ends in .cn). This message would pop up every 5 to 10 seconds. So I attempted to remove the malware on the pc with the help of the instructions of this forum yesterday night.

I am not sure where the trojan/malware originated from, as I am not the only user of this computer (my parents also use it). Around the time that the problems started, I visited a reputable (or so I thought) job site (engineeringcareers.co.za) - upon visiting Avast alerted me to a trojan attempting to download and gave me the option to block the connection to the site, so I did so.

Now, on to how I followed the instructions in your guide and the problems that I encountered:

I followed all the instructions to the letter, up to and including the Malwarebytes' Anti-Malware. Super antispyware had to be renamed to SAS.exe to run, as the explorer window crashed if I tried to run it normally. After MBAB finished, I could not connect to the interne... Read more

Answer:following malware removal instructions - MGTools not working

Hello again,

Here are the combofix and rootrepeal logs I intended to post. I wanted to post them directly after my earlier post, but real life interfered in the time between posting and my post showing up in the forum. This will probably be seen as a bump, but oh well - so far it looks like my problems are sorted out, so far Avast has not given me any more alerts to trojans/rootkits.

Thanks again,

Z.
 

8 more replies
Relevance 77.72%

HELLO. I NEED TO GET HELP WITH PC ISSUES. ATTACHED ARE ALL THE LOGS THAT WERE SPECIFIED IN THE INSTRUCTIONS. I DO HAVE ACCESS TO A BOOT DISK/INSTALL DISK FOR MY SYSTEM. PLEASE HELP!!!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by jason.bartram at 8:17:30.33 on Thu 03/25/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1551 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jason.bartram\Local Settings\Temporary Internet Files\Content.IE5\7KAKFFY0\dds[1].pif

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Li... Read more

Answer:HELP! RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help (HELP)

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs. What issues are you experiencing?

------------------------------------------------------

4 more replies
Relevance 77.72%

Just wanted to let people know what happened to me, what I did to recover and to thank MajorGeeks for their helpful instructions.

Prior experience removing spyware: successfully cleared numerous people's computers a couple years ago using tips offered on MajorGeeks.com. Since moving I hadn't had a single problem in nearly 2 years.

What happened: I heard at work that Flash had a recent exploit and I should patch it. I searched on Google for "flash exploit patch" or something very close to that. I clicked one of the links that sounded promising. The website I clicked was a trap! Despite the barricade of (badly non-updated) anti-spyware I have installed I got infected badly. Antivirus XP 2008, Blue eff-with-you background and screensaver, redirecting browser pages, the whole works.

My initial ill-advised attempt to fix it: I updated Adware (sp?) from Lavasoft and ran it. It found all kinds of problems and "fixed" them. And it would work. For about 5 minutes. Then the BS would just re-install itself and take over again. I figured, we'll just go ahead and restart in safe mode and clean up everything. EEEEEET. That was only temporary too.

How MajorGeeks helped: I ran home to mommy (MajorGeeks forum). CCleanered myself, Updated Java and got rid of the old versions, followed all the instructions. This SEEMED to work. It definitely got rid of everything except the browser redirection. I kept hesitating about posting the logs, but if I had... Read more

Answer:Malware instructions followed 100%, removal not initially 100% (details).

Welcome to Major Geeks!

We are happy to hear it helped you.


Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


If you are not having any other malware problems, it is time to do our final steps:
You can uninstall SUPERAntiSpyware now.
We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed Com... Read more

1 more replies
Relevance 77.72%

Hello,I recently got infected with Malware Defense. I went to the following link:http://www.bleepingcomputer.com/virus-remo...malware-defenseFollowed the instructions, and it did stop all of the popups. Unfortunately, I cannot install any antivirus or run antimalware software. I double click the icons but nothing comes up. Also, my internet explorer window will randomly close for no reason. I ran DrWeb CureIt in safe mode but it didn't identify or fix anything.Do you have any suggestions?Thanks for your time

Answer:Had Malware Defense, followed removal instructions, still have issues

Okay, as I follow-up, I followed removal instructions again and ran Malwarebyte's Anti Malware. It had 5 objects infected. Upon restart my computer locked up when I clicked run for the MBAM prompt. Here is the log:

Malwarebytes' Anti-Malware 1.43
Database version: 3502
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/6/2010 7:16:12 PM
mbam-log-2010-01-06 (19-16-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184387
Time elapsed: 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTbrsbpfukie.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTbrsbpfukie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\P... Read more

1 more replies
Relevance 77.72%

Over at the Software forum (see my thread "suddenly lost an application; plus, can't download anything" at http://forums.majorgeeks.com/showthread.php?t=286066), Administrator DavidGP recommended I follow the instructions in the Malware Removal Guide and then start a new thread here in the Malware Forum.

But I have to ask three questions before I can follow those instructions. I'm sorry if I'm posting these questions in the wrong forum, but I asked the first two of these questions over at the Software forum, but didn't get a response.

A little background: My brother's computer runs Windows 7 Professional with Service Pack 1, and Mozilla Firefox 29.0.1. His current security software is StopZilla AVM 2013 (product version: 6.0.0.0, file version 6.0.3.61), and of course Windows Defender and Windows Firewall.

Question 1:

Both StopZilla and Windows Defender run real-time protection, but somehow don't collide with each other.

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?

(Incidentally, full scans done by both StopZilla and Defender found no threat.)

Question 2:

Step 4 of MajorGeeks' Malware Removal Guide says to disable any disk emulation software.

I don't know anything about disk emulation software, but I can tell you this:

My brother was running the now mysteriously disappeared prog... Read more

Answer:questions before following instructions in the Malware Removal Guide

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?Click to expand...

I wouldn't actually ever recommend anyone use Stopzilla. There are FAR more superior products out there.





Is VirtualBox disk emulation software? If so, I can disable it with DeFogger.Click to expand...

Yes you should be able to.





Someone told me they thought it might not be a good idea to disable disk emulation software before running diagnostic software because the malware might be on an emulated drive. Any comments on this?Click to expand...

You should always disable disk emulation softwares before beginning our procedures, this link explains why: http://www.bleepingcomputer.com/for...lation-when-receiving-malware-removal-advice/
 

1 more replies
Relevance 76.85%

Here is the issue I was having prior to the "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

Here are the issues i am having after "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

2) I am having trouble opening file folders. I get an error message the windows has stopped working and then it searches for a solution and shuts down. I cannot even open up the file folder.

3) When I right click a file or folder, a windows installer window appears and attempts to either download something or install something. It seems to have something to do with Adobe.

I have no clue what all these logs mean. I just followed the steps and retrieved these logs.


View attachment combofix log.txt



View attachment 140457



View attachment defogger_disable.log



View attachment hijackthis.log



View attachment mbam-log-2010-07-02 (03-36-52).txt

[/ATTACH]
 

Answer:Malware Removal Instructions Complete... Problems still exist

View attachment MGlogs.zip



View attachment RRlog.txt
 

11 more replies
Relevance 75.4%

This is what I came up with:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Intel (administrator) on INTEL-PC (01-09-2015 12:30:20)
Running from C:\Users\Intel\Desktop
Loaded Profiles: Intel (Available Profiles: Intel)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Akamai Technologies, Inc.) C:\Users\Intel\AppData\Local\Akamai\netsess... Read more

Answer:Followed the UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 12:29 - 2015-01-02 14:57 - 00000000 ____D C:\Windows\system32\vbox
2015-09-01 12:15 - 2014-08-25 11:37 - 01996509 _____ C:\Windows\WindowsUpdate.log
2015-09-01 12:11 - 2015-07-31 16:24 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-09-01 12:11 - 2015-06-17 09:07 - 00036937 _____ C:\Windows\setupact.log
2015-09-01 12:11 - 2012-12-05 19:32 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Skype
2015-09-01 12:10 - 2014-08-25 14:00 - 01129030 _____ C:\Windows\PFRO.log
2015-09-01 12:10 - 2012-11-18 23:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-01 12:10 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 12:10 - 2009-07-14 07:33 - 00433760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-01 12:09 - 2009-07-14 07:34 - 00030848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 12:09 - 2009-07-14 07:34 - 00030848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 12:08 - 2012-10-15 19:50 - 00000000 ____D C:\Users\Intel\AppData\Local\Deployment
2015-09-01 12:08 - 2012-10-15 19:50 - 00000000 ____D C:\Program Files\Google
2015-09-01 12:01 - 2012-10-15 14:01 - 00116056 _____ C:\Users\Intel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-01 12:00 - 2012-11-04 16:24 - 00000000 ____D C:\User... Read more

3 more replies
Relevance 75.4%

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below and create new topic HERE

NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the bad entries and remove them. Thanks to all the members who have kept this progress going.

These steps are NOT meant to be a ONE-STOP-FIX-ALL.
If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.
They only serve to help you produce some logs, so we can see if your system needs further attention and cleaning.
Please make sure to complete ALL the steps in this thread, in the order that they are listed BEFORE you post the requested log files.
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.
Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.
Do NOT perform a System Restore while we are cleaning, as this can reinfect the system.
Please stay with your thread. We usually mark your thread inactive after five days, to help maintain the list of active topics... Read more

Answer:UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

Instructions have been shortened and updated for future convenience towards users as well as helpers.
Credits to originator, Blind Dragon, and a few others, namely - kimsland, xxdanielxx, CCT, and Bobbye for their input.
 

2 more replies
Relevance 105.37%

Apple has finally accepted that there is a malware problem affecting many of its customers and plans to stop it with an upcoming system update.

The problems began earlier this month with a black hat search engine optimization campaign launched by scareware distributors on Google Images.

Such campaigns are common and one can pretty much expect to find rogue links among the top search results for all hot topics at any given time.

However, this time it was different because the cyber crooks also targeted Mac OS X users via a piece of scareware called Mac Defender that was specifically designed for Apple's platform.

Scareware, or rogueware, are terms that refer to fake applications that trick victims into paying for licenses in order to fix fictitious problems on their computer, usually malware infections.

Ironically, for a user base that largely doesn't trust antivirus programs and believes that Macs are malware-free, a lot of people ended up installing Mac Defender.

By extrapolating from tech support call figures related to this issue, ZDNet recently estimated that between 60,000 and 125,000 Mac users were affected by this piece of scareware.

What's worse, Apple apparently prevented its tech support operators from telling users how to remove the malicious program on their own.

However, after the issue got significant press coverage Apple published a knowledge base article of its own, which includes manual removal instructions.

The company makes some mist... Read more

Answer:Apple Late to Anti-Malware Party, Issues Alert and Removal Instructions

Good to see that they are taking actions, since malwares are now quite more appearance in Mac.
 

1 more replies
Relevance 104.14%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed http://www.bleepingcomputer.com/virus-remo...-security-suite this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 100.45%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 95.53%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 95.12%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 93.89%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 92.25%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 92.25%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 92.25%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 91.43%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 91.43%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 91.43%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 91.43%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 91.43%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 91.43%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 91.43%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 91.43%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 90.2%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 90.2%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 90.2%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 90.2%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 90.2%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 88.97%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 88.56%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 88.56%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 88.56%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 88.56%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 88.56%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 85.69%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 84.05%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 84.05%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 82.82%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 82%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 80.77%

Hello. I've already run the steps in the "READ & RUN ME FIRST" guide and pop-ups have temporarily stopped, but I would like you to view my scan and HiJack This logs to make sure everything has been deleted. This post contains my bdscan, activescan, and counterspy scan logs. I will post a reply with the getrunkey, shownew, and hijack this logs. Thanks.
 

Answer:Please help with Malware removal

Here are the GetRunKey, ShowNew, and HiJack This logs. Thanks again.
 

13 more replies
Relevance 80.77%
Question: malware removal

please help me remove these viruses from my computer

Answer:malware removal

Hello bosslady.. You didn't say which ones... so lets look for them.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your ... Read more

1 more replies
Relevance 80.77%
Question: Malware Removal

I am having trouble getting my virus sc ans to come up clean. Many different scanners give different result so ill let the attachments speak for themselves. I have experienced only one pop-up but im trying to eliminate this problem before it becomes one.
 

Answer:Malware Removal

more attachments...
 

9 more replies
Relevance 80.77%
Question: malware removal

I have read and reread the read this before posting section and copied the files as requested. My problem is being  redirected to sites that are different from the ones I have clicked on. I had microsoft security essentialsand maleware-bytes on my windows xp laptop.  any help is greatly appreciated .[recovering disk space - old attachment deleted by admin]

Answer:malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there)R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O23 - Service: Microsoft Office Diagnostics Service (odser... Read more

10 more replies
Relevance 80.77%
Question: Malware Removal

A pop up was clicked on on my computer. After that, I had the "Online Stability" pop-ups continuously kept popping up even when I was off line. I ran a virus scan but came up with nothing. I am putting my HiJackThis log at the bottom of this message. I also ran a SmitFraudFix and ComboFix Log. Any help would be great, thank you!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:50:09, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis_v2.0.0.0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-42... Read more

More replies
Relevance 80.77%

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.If you have resolved this issue please let us know.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:48 AM, on 2/1/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\DAP\DAP.exeC:\Program Files\NaturalPoint\SmartNAV\SmartNAV.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Clavier+\Clavier.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exeC:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files\Snocap\Download Manager�... Read more

Answer:Need Help Malware Removal

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Relevance 80.77%

I wrote yesterday but did not provide all of the necessary information. I had a problem several weeks ago with 2010 Internet Security pop-ups. Got them removed using numerous anti-spyware software, but now when I turn on computer I get a pop-up saying that Windows is closing the following program, "Generic Host Process for Win32 Services". I mininize and go on. Then a pop-up says that NT Authority/System is shutting down the computer in 60 seconds because DCOM Server Process Services has failed. I stop this by going to run and typing in shutdown -a. The computer then works but slowly and when using search engines are re-directed to random sites. I have run numerous anti-spyware programs but nothing seems to work. Let me know if there is additional information you need to help me.DDS (Ver_09-12-01.01) - NTFSx86 Run by Scott at 9:43:50.40 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.61 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support... Read more

Answer:Malware Removal etc

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

4 more replies
Relevance 80.77%
Question: malware removal

Hi,

I recently noticed that my AVG was not performing automatically performing scans or notifying me that a site was safe to go to. i'm not sure how long this has been going on. I downloaded a video player (which i never have done in the past) that was suggested to me by a site that i was trying to watch a movie on. something in my gut told me that it wasn't right so i tried to perform a scan using AVG and i received "this program is blocked by group policy, for more information contact your system administrator". i'm not sure if the virus came from the video player that i downloaded or not. i still have windows 7 home premium disk that i bought and installed years ago (not sure if it will still work or not) if that is what you guys are referring to when asking in the instructions if i have access to a windows install disk or a boot CD. i'm rally not that computer savvy on the technical side. i followed all the steps for the NEW INSTRUCTIONS- read this before posting for malware removal help blog. i really hope you guys can help me.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by dede at 16:57:06 on 2014-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1644 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553B... Read more

Answer:malware removal

Hello and Welcome to TSF.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.
If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your un... Read more

19 more replies
Relevance 80.77%
Question: Malware removal

When running malwarebytes anti-malware program . My pc freezes during the scan. I also tried running it in safe mode and it froze.. Please help
 

Answer:Malware removal

Welcome to Major Geeks!

What problems were you having to begin with that are prompting you to run Malwarebytes?
Did you try shutting down all protection software?

For us to properly checkout your PC for malware and why you may be having problems, we would need you to work thru the below.


READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 80.77%
Question: Malware Removal

Situation: Desperate - out of options

Problem: ZLOB-X.a (I think)

Symptoms: Single continuous "Critical System Warning" pop-up and rapidly slowing browser (IE).

What I have done:

Gone through the generic Malware removal process to the best of my ability.

1) Can only log onto "Safe mode w/networking"
2) CCleaner, Spybot S&D, CounterSpy found nothing (No option to safe a log in CounterSpy presented itself)
3) Ran Bitdefender - could not do so in safe mode - no log option presented itself).

4) Could not download Pandascan.

All I have is the Pop-up in IE.....almost every click of the mouse. Does not make a file in temp files or IE History.


Can anyone help?

:cry
 

Answer:Malware Removal

You need to attach the logs from:
ShowNew
GetRunKeys
HJT
 

17 more replies
Relevance 80.77%

I joined this forum to seek help with a HijackThis log that log was generated by a freeware program called Advanced System Care. I followed all of the instructions in your forum for posting such logs to best of my abilities. It looks to me as if those instructions had me creating new logs using the tools suggested by this forum and I have attached those logs as instructed. I have not attched the Advanced System Care log.

The Advanced System Care program cleaned up a lot of stuff on my computer which helped a lot. Some problems remain though: My computer still sometimes begins to run very slowly and this condition is temporarily helped by simply restarting my computer. Occasionally the computer essentially locks up and any effort to open email or start Internet Explorer only gest an error message saying that "insufficient resources exist to do that operation" The only solution when that happens is to unplug the processor and restart the computer. The normal restart process doe not work in those cases.

thanks in advance for your help. Here is my DDS report:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Compaq_Owner at 17:30:44.79 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.56 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k ne... Read more

Answer:Malware removal help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

15 more replies
Relevance 80.77%

Hi

I have followed the steps in malware removal. In summary of work done

In Safe mode with networking,

1. I run Ccleaner to remove the cookies and temp files
2. I run Spybot and managed the clean the spyware
3. I run AVG anti spyware and managed the clean some spyware

In normal boot mode,

4. i proceeded to run Panda Active Scan thru internet. At the same time as running the Panda Active Scan , I accessed certain sites and then the Panda scan found some spyware which are in cookie format
5. I managed to get the "runkeys.txt" and "newfiles.txt" and will attach here
6. I turned off system restore on all drives
7. Since Panda detected the spyware, I went on to repeat steps 1 to 3. This time , there is no spyware anymore

My question is why is it that each time i accessed certain legitimate sites, i get spyware in cookies. Is there a way to prevent it ?
It seems that only when i run ccleaner , then only i can clear the spyware cookies

I am attaching the HJT and "runkeys.txt" and "newfiles.txt" and Activescan results

Thanks


[U]Below is the list of spyware that i managed to clear[/U]

Incident Status Location ... Read more

Answer:Help in Malware removal

Were are the logs for AVG AntiSpyware and BitDefender Online Scan. BitDefender should have been run before Panda ActiveScan.





alvinhky said:





6. I turned off system restore on all drivesClick to expand...

You were not supposed to do this until your system was declared malware free.





alvinhky said:





7. Since Panda detected the spyware......


My question is why is it that each time i accessed certain legitimate sites, i get spyware in cookies. Is there a way to prevent it ?
It seems that only when i run ccleaner , then only i can clear the spyware cookiesClick to expand...

Cookies are not spyware nor are they problems. Ignore scan reports from any tool about cookies being problems. See step 11 of this: How to Protect yourself from malware!


Did you have Spy Catcher installed and then uninstall it? It looks like it and it also looks like it did not uninstall properly which we will try to fix below.


First run this Disable/Remove Windows Messenger to remove Windows Messenger.


Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03


Now run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file miss... Read more

1 more replies
Relevance 80.77%
Question: Malware Removal

To get rid of most of your malware problems, I highly recommend using a free program called Malwarebytes (www.malwarebytes.org). You will probably have to download it to a flashdrive on another PC to install it if your problems are serious.

Additionally, some of these evil trojans won't even allow a malware removal program to load and/or start. I usually rename the "MBAM.exe" file to "Fred.exe" and it has always worked.. Update the program after installation and have it run a full scan. After it finds a few errors, you may need to stop the scan and fix those problems, then start a new scan until all errors are gone.

Note that this program in its "free" state only removes malware, it does not protect. If you want protection, you can buy it for $24.95.

Hope this helps.
 

More replies
Relevance 80.77%
Question: Malware removal

First of all, thanks for all the great resources available here. I completed everything on the Read Me First thread but my CPU is still having issues. It freezes up regularly and moves very slowly. It takes 1-2minutes for a program to start after I double click the icon and sometimes the programs don't start up at all. I can't pinpoint when the problems started, but the CPU is slowly getting worse. There has been some improvements since running the Read Me First stuff.

Thanks in advance for any additional help that you may be able to offer.

Cheers,
Aman
 

Answer:Malware removal

Last Log

...here is the last log.
 

4 more replies
Relevance 80.77%

Hello!
I could really use some help with removing a virus I've got on my computerf. I hear audio ads playing in the background even with nothing running, and there is often a ghost iexplorer.exe process running in my task manager. Furthermore, search engines redirect me to random sights and internet randomly restarts(not sure if that's strictly related though). Thank you for any help you can get me. Here are the logs from dds, and I'll also attach the other part. And yeah, I know I need to update ESET but I want to get rid of this virus first.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Alex at 20:29:17 on 2011-11-03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2370 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32�... Read more

Answer:Need help with malware removal

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

17 more replies
Relevance 80.77%
Question: Malware Removal

Having random pop ups during internet usage, .sys files showing up in my c drive and desktop and they are partially transparent. Also they are .db and .ini files. Lagging, at some times extreme slow down and loading sign on the mouse. I ran all the procedures for removal and attached logs.

Thank you in advanced.
 

Answer:Malware Removal

Welcome to Major Geeks!

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
Norton Internet Security


Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Services
APNMCP
NIS

:Files
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\Norton Internet Security
C:\Program Files (x86)\PassShow
C:\Program Files (x86)\Conduit
C:\ProgramData\Conduit
C:\Users\James\AppData\Local\Conduit
C:\Users\James\AppData\Local\Conduit
C:\Users\James\AppData\LocalLow\Conduit
C:\Users\James\AppData\Local\GreatArcadeHits
C:\Users\James\AppData\Roaming\Uhizduom\beebhyo.exe
C:\Users\James\AppData\Roaming\Eznyare\datio.exe
C:\Users\James\AppData\Roaming\Elpyza\hezueq.exe
C:\Users\James\AppData\Roaming\Uhizduom
C:\Users\James\AppData\Roaming\Eznyare
C:\Users\James\AppData\Roaming\Elpyza
C:\Windows\TEMP\*.*
C:\Users\James\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b... Read more

16 more replies
Relevance 80.77%
Question: Malware Removal

My computer is infected with MyStart Incredibar. How do I get this darn thing off? Snooping on previous threads, I downloaded OTL and ran the search fireman4it suggested to LaurFack. Please find the attached OTL file.

Answer:Malware Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461709 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 80.77%
Question: Malware Removal

I ran the "Run these first" and around an hour later the malware poped up again. By the way I didn't get the malware this time its my buddies and I told him I knew how to remove it. The process that keeps pooping up is Spyguard or something like that, I know way to remember the virus. OK I ran everything again including "Avast" seems to be ok. Take a look at my logs and see if I got rid of it all.
Thank You For Your Time

Carmello
 

Answer:Malware Removal

You are way out of date with your version of SUPERAntiSpyware.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this new log.
You did not attach your logs from Malwarebytes. Was it out of date too? Please attach the below log
Code:

"C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Jan 8 2009 1101 "mbam-log-2009-01-08 (00-25-28).txt"
Also put your PC into normal startup mode with MSconfig as we requested in step 1 of the READ & RUN ME and then attach a new log from MGtools.
 

5 more replies
Relevance 80.77%

hello any help would be great. thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:38 PM, on 4/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_P... Read more

More replies
Relevance 80.77%
Question: malware removal

i applied your steps for malware removal, my computer has been infected for a month. i ran the programs and it unhid my files. i am attaching the logs to see if anything further needs to be done.
 

Answer:malware removal

Welcome to MajorGeeks!

You need to attach (See: HOW TO: Attach Items To Your Post ) these other requested logs created while running the READ & RUN ME FIRST. Malware Removal Guide .
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
C:\MGlogs.zip

Other Notes:
You should attach all of your logs to one message after you have completed all scans.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

 

1 more replies
Relevance 80.77%
Question: malware removal

I need help! I don't have a job (laid off in January) so I can't afford to pay for software to help remove can I do it with out paying?

Thanks,
Dawndage
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dawn Wood at 15:57:43.70 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.697 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\In... Read more

Answer:malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 80.77%
Question: Malware removal

Hello everyone.

I downloaded a certain peer to peer program that was supposed to be safe a few days ago, and it seems to have arrived with a few...interesting side things. First of all it installed a thing called Eurogrand casino on my computer without telling me about it. Second, I also now have something called Mirofinu in the task manager, and I also had one starting with Holmes which had a lot of numbers in it. Both tasks I ended, but I thought it would be best to post a log for someone with the time and will to help a newb out.

I tried runing that ComboFix thing, but it just appeared to be loading for a moment before nothing else happened....Ahh well, in any case, here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:46, on 20.5.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Lavasoft\Ad-Aw... Read more

Answer:Malware removal

7 more replies
Relevance 80.77%

Hi there! yesterday afternoon my computer got infected with something that spread through messenger. This guy sent me a file, and when i opened it, it opened conversation windows to everyone i knew and sent the same message. At the same time, it installed lots of crap like Prefetch, MC-58-12-0000080.exe, Freeprod, 180search assistent, Elitebar etc.. I've tried to remove it, but i cant seem to work that out totally..and most of the files come back each time I reboot!! I also uninstalled Msn Messenger 'cause it started sending the same **** when I tried to start it again some hours later. I saw the thread posted by Fnocky, but the files aren't the same. I know you guys know a lot more about it than I do..
So, here's my HJT log, hope you can tell me exactly what to eliminate this.

thanxxx
Logfile of HijackThis v1.99.1
Scan saved at 15:12:26, on 05-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
... Read more

Answer:Help Me !! MalWare removal

16 more replies
Relevance 80.77%

Hi!
A couple of days ago my PC got infected by something I got through a link I received through MSN Messenger. Once I opened it, it opened conversation windows to all my online contacts and sent them the same link. Stuff like 180searchassistant were instaled. It's similar to the problem showed on the following thread, once it was through the user who wrote it that i got the link:
http://forums.techguy.org/t378043.html
Next is my HiJackThis log. I hope u can help me solve this.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 17:34:02, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\poker3.exe
C:\Programas\ISTsvc\istsvc.exe
C:\WINDOWS\byekpx.exe
C:\Documents and Settings\Luis Teles Carvalhal\Internet Optimizer\optimize.exe
C:\Programas\BullsEye Network\bin\bargains.exe
C:\WINDO... Read more

Answer:Help In Malware Removal!

6 more replies
Relevance 80.77%

My computer became infected with a fake antivirus which I removed with MBAM. I think it is still infected with something not detected by the scanner due to slow performance, google redirect, and avg alerts.Thanks in advance for the help. Here are the logsDDS (Ver_10-12-12.02) - NTFSx86 Run by Nate at 15:19:45.82 on Thu 12/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.936 [GMT -6:00]AV: AVG Anti-Virus Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\avgagent.exesvchost.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9&#... Read more

Answer:need help with malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

21 more replies
Relevance 80.77%
Question: malware removal

A friend wanted me to check out their computer. Internet explorer did not work. I got it fixed however I noticed a hitchhiker named tuvaro had taken over her search engine. I ran malwarebytes and found she had quit a few hitchhikers -over 1000. cleared them with malwarebytes, so I thought. However tuvaro still hanging in there. So i ran another program called spyhunter. it found the same adware programs and more. My question is are we being fooled into thinking the free version of malwarebytes cleans anything or is there another reason I am still seeing these unwanted adware programs.
 

Answer:malware removal

11 more replies
Relevance 80.77%
Question: Malware removal

I scanned my pc and found out that it is infected with allure.My microsoft security essential asked me to download windows defender in other to remove it.After running windows defender offline,it didnt find any viruses but as soon as i go into regular mode,the virus shows up on MSE.what other options do i have?
 

More replies
Relevance 80.77%
Question: Malware Removal

Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.
 

Answer:Malware Removal

Jag5050 said:



Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.Click to expand...

This doesn't work in every case because sometimes your restore points holds the infection. The best way to remove it is to never get it. The best way to never get it is to surf safely, keep windows up-to-date, have an updated antivirus and firewall installed.

How to Protect yourself from malware!
 

1 more replies
Relevance 80.77%

this is the scan info from GMER which i was told to do in the thread "buying online safe?" And no i dont have a windows disc or boot cd. ive had a slow computer for almost a 6 mon. and couldnt buy anything online because of the risks. But now im following these steps to eliminate these problems once and for all



DDS (Ver_09-12-01.01) - NTFSx86
Run by Wilfredo Portales at 19:56:01.40 on Wed 12/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.452 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Progr... Read more

Answer:malware removal help

Hello -

Some of the slowness may stem from too many security products installed.


As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, Spyware Doctor with AntiVirus and AVG. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallOf the two, I would uninstall Spyware Doctor with AntiVirus.

For now, also uninstall STOPZilla, as it can be a drain on resources.

-----------------------------------------------------------------------

As mentioned in our preposting topic:

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p ... Read more

19 more replies
Relevance 80.77%
Question: Malware removal

Hi,

Each time I try to get onto Google, I get redirected to a page that says "Welcome to nginx!". I've read all of the information on your site and gone through the preparation steps. Here is the DDS log. Thanks so much for your help getting rid of this. I appreciate any help you can give me.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tre at 15:37:08 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3893 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM�... Read more

Answer:Malware removal

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

36 more replies
Relevance 80.77%
Question: malware removal

Can someone help me remove total security?

Answer:malware removal

Hello sketchballWelcome to Welcome to BleepingComputer =====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be che... Read more

1 more replies
Relevance 80.77%
Question: Malware removal

Hello,I have had this malware that i've not been able to remove. I've used malwarebytes and successfully removed everything but cannot seem to remove one file even after malwarebytes restarts. I've read on this forum about combofix, is that something i should try?Thanks,TowkneeREdit: Moved topic from Vista to the more appropriate forum. Please do not use ComboFix unless directed to do so by a Malware Removal team member and when your topic is in the proper forum for those sorts of logs. ~ Animal

Answer:Malware removal

Hello, not yet and not on your own.What is the malware? Post the MBAM log please.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

3 more replies
Relevance 80.77%
Question: malware removal

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Patti at 12:13:43.57 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.118 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patti\Local Settings\Temporary Internet Files\Content.IE5\BC8MRW7A\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: {08FAB88D-D0B1-4CC9-B806-08B5A42B2B8E} - No File
BHO: NCO 2.0 IE BHO: {602adb... Read more

Answer:malware removal

Hello pattat11 and welcome to Bleeping Computer forum, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java™ 6 Update 11
Java™ 6 Update 3 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.****************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click... Read more

62 more replies
Relevance 80.77%

Malware has taken over my computer. I can no longer have access because it has taken over as administrator. It also plays audio of US Army promos. Pleas help! Here are the logs:Deckard's System Scanner v20071014.68Run by Owner on 2008-07-05 14:18:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-07-05 19:18:45 UTC - RP740 - Deckard's System Scanner Restore Point52: 2008-07-04 23:06:21 UTC - RP739 - Last known good configuration51: 2008-07-04 23:06:13 UTC - RP738 - System Checkpoint50: 2008-07-04 23:06:13 UTC - RP737 - Removed Creative System Information49: 2008-07-04 23:06:13 UTC - RP736 - Removed Creative Zen Touch-- First Restore Point -- 1: 2008-07-04 23:05:56 UTC - RP688 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 1.74 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-05 14:25:46Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32&... Read more

Answer:Help Me With Malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

2 more replies
Relevance 80.77%

Hi there! I friend at work brought in his son's laptop and asked me to take a look / run some scans... said it was sluggish and acting "weird", ie:

"It won't shutdown correctly sometimes, and won't connect to the internet sometimes...lots of querks."

That's all I know, but it looks like a few things showed up on a couple of the scans. Any assistance at cleaning necessary items would be appreciated. Logs are attached...

Also...noticed the RogueKiller created an "RK Quarantine" folder on the desktop. Maybe that's standard behavior...but thought I would mention it in case it's not.

TIA...don't know what I would do without my majorgeeks!

Diane
 

Answer:Possible Malware...help with removal

Rerun Hitman and have it delete this item:
C:\Users\Clayton\Downloads\setup.exe

Otherwise, I am not finding any malware in your logs. I suggest you post in the software forum for additional assistance. You might want to include answers to these questions:

A slow computer is not always due to malware:

Please explain what operations are slow! For example answer the below:

* Is boot up slow?
* Is shutdown slow?
* Is browsing/surfing slow?
* Is downloading slow?
* Is running any application?
* Is it also slow in safe boot mode?
* Also are any process showing in Task Manager to be using a lot of CPU time?
* Anything else slow?

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ &
RUN ME.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall,
don't worry about it. Just move on to the next step.
If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking
on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if
running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove ... Read more

3 more replies
Relevance 80.77%
Question: Malware removal

i got this virus last night. i was browsing on chrome and my AVG anti-virus thing popped up and said it blocked my access to a malicious site, but since it was chrome and not firefox with noscript, i worried that the damage had already been done. i tried a sweep with MBAM and it gave me some problems. when i rebooted i could suddenly not use my browsers anymore so i followed the instructions in the read-me thread.

i had to grab the superantispyware portable version because the other wouldnt load. this means unfortunately i dont have a log for that scan. it did find a trojan, though i cant remember what exactly unfortunately.

after that scan finished and it rebooted my PC, i was getting a bunch of error messages on startup that the system couldnt identify .exe files. i had a fix for that and run it but now, even after going through the whole read me post, i get the same error messages and must run the fix every time i start my computer.

i did get a bunch of errors when combofix was trying to write logs. it said somethings in an HIV folder couldnt be accessed or something. and when i ran mgtools, the hijack part told me something about not being able to access the "hosts" thing and gave me some instructions on how to do it manually or something but i wasnt sure what to do about that since i didnt see it in the read me.

here are the logs. the only lingering problem i've noticed is the .exe thing every start up.

thanks in advance. never using chrom... Read more

Answer:Malware removal

Please go here and scroll down to the exe file fix:
http://www.dougknox.com/xp/file_assoc.htm

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-21-3517542941-223606305-1753810289-1005\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
O23 - Service: QZQCTACVOHC - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\QZQCTACVOHC.exe (file missing)Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a ... Read more

8 more replies
Relevance 80.77%

I was able to rename mbam.exe and remove infections for a second time. I also deleted the folder listed in gmer log. Maybe that is how it returned.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 20:20:17
Windows 6.1.7600
Running: gmer.exe
---- Files - GMER 1.0.15 ----

File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_1.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_3.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_4.VOB 1029593088 bytes

---- EOF - GMER 1.0.15 ----
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by brittainps at 19:21:53 on 2012-02-... Read more

Answer:malware removal log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies