Computer Support Forum

Malware problem not fixed with Malware Removal instructions

Question: Malware problem not fixed with Malware Removal instructions

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.

Relevance 100%
Preferred Solution: Malware problem not fixed with Malware Removal instructions

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:

Files to delete:
C:\WINDOWS\system32\ctfmon .exe

Folders to delete:
C:\WINDOWS\system32\to9Click to expand...

Now click the 'Done' button.
Click on the traffic light icon and OK the prompt.
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt
Now after reboot, run Windows Explorer and locate the below file.

When you find the file, right click on it and select rename. Change the name back to: ctfmon.exe

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\ file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

9 more replies
Relevance 91.02%


I've found the online Malware Removal document to be very helpful... however there are times when I've been at client sites where a PRINTED version of the entire document would be **very** useful. Is it possible to get a complete PDF of this, including the various pages accessed by links within the document? Thanks.

Answer:Malware Removal Instructions

Welcome to Major Geeks!

Sorry but no we do not make it available in PDF format. The instructions are constantly changing to keep pace with malware. The tools and links in the READ ME also change over time for the same reason. There are many many links reference in the READ ME, and it would be a ton or work to actually get all of the webpages into PDF form and by the time we did, they would be out of date. In addition, we really have no need for this since the current online copy is always what we want people to use.

1 more replies
Relevance 91.02%

Hi Majorgeeks,
I made the Malware Removal/Cleaning Procedure on my computer. All came clean except for RogueKiller which find 4 issues in the registry. Can I delete them? Will this make my computer clean?
Please find attached the 5 requested logs.
Thanks a lot for your help!

Answer:Help - Malware Removal after following instructions

I am not finding any malware in your logs. What issues are you having?

3 more replies
Relevance 91.02%

Yesterday my computer was attacked. I had a black screen with red letters stating "Warning! Your're in danger? Your computer is infected with spyware. Also my one of my icons in the lower right tray kept poping up saying "warning your computer is infected". Then I had popup window keep coming up in the middle of my screen that said "Security monitor warning system detected a potential hazard TrasanSPM/LX". I put my computer in safe mode and ran AVG 8 and Spybot but kept getting the same. I then went through all of steps that you have posted and it seemed to have worked, although I do have one file in add/delete directory that will not delete (My Way Search Assiststant). Also, when I was following your steps, SAS would not complete the scan so I ran MBAM first and then came back to SAS and it scanned okay the second time. I would really appreciate it if you would look through my attached files to insure that all problems have been elimated. Thank You!

Answer:Followed Malware Removal Instructions

Welcome to Major Geeks!

You did not attach the requested log from MGtools. We need this to finish your cleanup.

5 more replies
Relevance 90.2%


On this particular machine, I'm running Windows 2000, SP4, with all the latest updates.

Occasionally, while browsing major news sites and reputable online stores, I'll get a short period of IE6 windows automatically opening up that contain unwanted ads. These are not the type of ads that the sites I'm browsing would want to be associated with.

I'd like to get rid of this distraction and make reasonably certain that this machine is generally clean of malware.

The only questionably sane installation I did recently was to try the MaxPCSecure's free Spyware Detector scan. I've since uninstalled that program.

The latest freeware versions of Spybot and Ad-Aware don't pick up anything unusual in this regard.

What's the link on this site to the most current generic malware removal instructions that would apply to Windows 2000? I'm thinking that I could first run through such a set of instructions to see if that would eliminate the pop-up malware.


Answer:Most Current Malware Removal Instructions?

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

3 more replies
Relevance 90.2%

i am running a removal on a family member's comp.

they may have gotten a rather bad one.

occasionally it does not allow OS boot
they booted this morning and their ICQ may have tried(and partially succeeded) in nuking another comp

i followed instructions in read & run, logs are attached

i need to know if anything in the logs are dangerous and need to be removed.

Answer:malware removal Read Me First instructions have been followed

and their ICQ may have tried(and partially succeeded) in nuking another compClick to expand...

A chat program almost nuked the machine???

Reviewing the logs now...

7 more replies
Relevance 90.2%

Hi! I followed the instructions to delete malware on my computer by installing Adware, Search and Destroy, CCleaner, etc. I have attached the two logs summaries. Can you take a look at them and let me know what to do. Before find this website and the instructions, I would delete them with Windows Defender or Norton Antivirus and they would reappear after a while. Any suggestions?? Thanks again for your help!!

Answer:Results after following Malware removal instructions

Welcome to Majorgeeks!

You did not say what it is that you were deleting and what was returning???

Also you forgot to do step 7 of the Read & Run Me. But based on your Panda log it would appear you need to run one of the other sticky threads first before attaching a HijackThis log. Run this: SpywareQuake Removal Procedure

1 more replies
Relevance 90.2%

I picked up some malware on my desktop. How, I'm not sure, as it was behaving normally, then I unplugged it to move it, tried it out in its new location (without internet access), and when I returned it to its old spot (with internet access) and started it again it was very slow, and pop-ups appeared.

I followed the instructions. Two notes:

*TDSS asked permission to reboot so it could scan more completely. I scanned it without reboot first, then with reboot.

*When I downloaded MG Tools.exe I got a message I could not save it in C drive so I saved it on my desktop and ran it from there. The zipped log appeared in the MG Tools folder and its name is not exactly the same (it's MGlogsR instead of MGlogs) as in the instructions. Now I find I can drag the exe file into my C drive (I'd wrongly assumed I would not be able to do that after downloading).

After following all the Read Me First instructions yesterday, the desktop is running at its usual speed now, but I just encountered another unusual pop-up (a shaking box warning about Java--not legit) so I don't believe my system is totally clean yet. A check of the logs would be much appreciated--Hitman Pro found several Trojans which I ignored per the instructions.

Thank you for your help,

Answer:Malware removal help - Read Me First instructions have been followed

Hello, AddyDog

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\laddison\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O20 - AppInit_DLLs: c:\progra~3\perfor~1\perfor~1.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

After clicking Fix, exit HJT.

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
Ask Toolbar
Java 7 Update 67
Shoppi... Read more

6 more replies
Relevance 89.79%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:

....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

Save it to your Desktop

Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and - normally it is C:\ . Please tell me any problems you still have.

18 more replies
Relevance 89.38%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.

16 more replies
Relevance 89.38%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!

mike sieber said:

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 88.97%

I believe I still have root kit or something else. I can't connect to wireless and If it helps the big problems began when I downloaded a media codecs file and AVG from CNET website. Neither file worked at all and C:\$AVG file keeps returning no matter how many times I delete it. Also After I downloaded AVG and was trying to run it my comodo firewall went nuts and was allowing everything. And I keep blue screening when I start sorting through files.

I followed the instructions to, "The NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help" And here are the Logs...

DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:53:39 on 2011-06-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.493 [GMT -6:00]
FW: COMODO Firewall *Disabled*
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
============== Pseudo HJT Report =============== ... Read more

Answer:RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help


Please do the following:
Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

2 more replies
Relevance 88.97%

Over at the Software forum (see my thread "suddenly lost an application; plus, can't download anything" at, Administrator DavidGP recommended I follow the instructions in the Malware Removal Guide and then start a new thread here in the Malware Forum.

But I have to ask three questions before I can follow those instructions. I'm sorry if I'm posting these questions in the wrong forum, but I asked the first two of these questions over at the Software forum, but didn't get a response.

A little background: My brother's computer runs Windows 7 Professional with Service Pack 1, and Mozilla Firefox 29.0.1. His current security software is StopZilla AVM 2013 (product version:, file version, and of course Windows Defender and Windows Firewall.

Question 1:

Both StopZilla and Windows Defender run real-time protection, but somehow don't collide with each other.

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?

(Incidentally, full scans done by both StopZilla and Defender found no threat.)

Question 2:

Step 4 of MajorGeeks' Malware Removal Guide says to disable any disk emulation software.

I don't know anything about disk emulation software, but I can tell you this:

My brother was running the now mysteriously disappeared prog... Read more

Answer:questions before following instructions in the Malware Removal Guide

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?Click to expand...

I wouldn't actually ever recommend anyone use Stopzilla. There are FAR more superior products out there.

Is VirtualBox disk emulation software? If so, I can disable it with DeFogger.Click to expand...

Yes you should be able to.

Someone told me they thought it might not be a good idea to disable disk emulation software before running diagnostic software because the malware might be on an emulated drive. Any comments on this?Click to expand...

You should always disable disk emulation softwares before beginning our procedures, this link explains why:

1 more replies
Relevance 88.97%

Welcome to Tech Support Forum

Virus/Trojan/Spyware Removal Help (formerly Hijackthis Log Help)

* DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk * It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.


How Soon Can I Expect Help?


Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.

If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will... Read more

Answer:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

2 more replies
Relevance 88.97%

Just wanted to let people know what happened to me, what I did to recover and to thank MajorGeeks for their helpful instructions.

Prior experience removing spyware: successfully cleared numerous people's computers a couple years ago using tips offered on Since moving I hadn't had a single problem in nearly 2 years.

What happened: I heard at work that Flash had a recent exploit and I should patch it. I searched on Google for "flash exploit patch" or something very close to that. I clicked one of the links that sounded promising. The website I clicked was a trap! Despite the barricade of (badly non-updated) anti-spyware I have installed I got infected badly. Antivirus XP 2008, Blue eff-with-you background and screensaver, redirecting browser pages, the whole works.

My initial ill-advised attempt to fix it: I updated Adware (sp?) from Lavasoft and ran it. It found all kinds of problems and "fixed" them. And it would work. For about 5 minutes. Then the BS would just re-install itself and take over again. I figured, we'll just go ahead and restart in safe mode and clean up everything. EEEEEET. That was only temporary too.

How MajorGeeks helped: I ran home to mommy (MajorGeeks forum). CCleanered myself, Updated Java and got rid of the old versions, followed all the instructions. This SEEMED to work. It definitely got rid of everything except the browser redirection. I kept hesitating about posting the logs, but if I had... Read more

Answer:Malware instructions followed 100%, removal not initially 100% (details).

Welcome to Major Geeks!

We are happy to hear it helped you.

Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.



"HideStartupScripts"=-Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:
You can uninstall SUPERAntiSpyware now.
We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed Com... Read more

1 more replies
Relevance 88.97%

Hello,I recently got infected with Malware Defense. I went to the following link: the instructions, and it did stop all of the popups. Unfortunately, I cannot install any antivirus or run antimalware software. I double click the icons but nothing comes up. Also, my internet explorer window will randomly close for no reason. I ran DrWeb CureIt in safe mode but it didn't identify or fix anything.Do you have any suggestions?Thanks for your time

Answer:Had Malware Defense, followed removal instructions, still have issues

Okay, as I follow-up, I followed removal instructions again and ran Malwarebyte's Anti Malware. It had 5 objects infected. Upon restart my computer locked up when I clicked run for the MBAM prompt. Here is the log:

Malwarebytes' Anti-Malware 1.43
Database version: 3502
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/6/2010 7:16:12 PM
mbam-log-2010-01-06 (19-16-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184387
Time elapsed: 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTbrsbpfukie.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTbrsbpfukie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\P... Read more

1 more replies
Relevance 88.97%


DDS (Ver_10-03-17.01) - NTFSx86
Run by jason.bartram at 8:17:30.33 on Thu 03/25/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1551 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jason.bartram\Local Settings\Temporary Internet Files\Content.IE5\7KAKFFY0\dds[1].pif

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://
BHO: Adobe PDF Reader Li... Read more

Answer:HELP! RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help (HELP)

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


I see no sign of infection in your logs. What issues are you experiencing?


4 more replies
Relevance 88.97%


Sorry for the length of this post, but I try to describe in detail what I've done. I have used the instructions in the "READ & RUN ME FIRST. Malware Removal Guide".

The reason I have done this is, because Avast On access scanner periodically alerted me to trojans in the temporary internet folder for the past two weeks. I instruct Avast to delete these files but the messages always come back a short while later. Two days ago it started alerting me of blocking access to a malicious site (the url for this site is garbled and ends in .cn). This message would pop up every 5 to 10 seconds. So I attempted to remove the malware on the pc with the help of the instructions of this forum yesterday night.

I am not sure where the trojan/malware originated from, as I am not the only user of this computer (my parents also use it). Around the time that the problems started, I visited a reputable (or so I thought) job site ( - upon visiting Avast alerted me to a trojan attempting to download and gave me the option to block the connection to the site, so I did so.

Now, on to how I followed the instructions in your guide and the problems that I encountered:

I followed all the instructions to the letter, up to and including the Malwarebytes' Anti-Malware. Super antispyware had to be renamed to SAS.exe to run, as the explorer window crashed if I tried to run it normally. After MBAB finished, I could not connect to the interne... Read more

Answer:following malware removal instructions - MGTools not working

Hello again,

Here are the combofix and rootrepeal logs I intended to post. I wanted to post them directly after my earlier post, but real life interfered in the time between posting and my post showing up in the forum. This will probably be seen as a bump, but oh well - so far it looks like my problems are sorted out, so far Avast has not given me any more alerts to trojans/rootkits.

Thanks again,


8 more replies
Relevance 88.15%

Here is the issue I was having prior to the "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

Here are the issues i am having after "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

2) I am having trouble opening file folders. I get an error message the windows has stopped working and then it searches for a solution and shuts down. I cannot even open up the file folder.

3) When I right click a file or folder, a windows installer window appears and attempts to either download something or install something. It seems to have something to do with Adobe.

I have no clue what all these logs mean. I just followed the steps and retrieved these logs.

View attachment combofix log.txt

View attachment 140457

View attachment defogger_disable.log

View attachment hijackthis.log

View attachment mbam-log-2010-07-02 (03-36-52).txt


Answer:Malware Removal Instructions Complete... Problems still exist

View attachment

View attachment RRlog.txt

11 more replies
Relevance 87.33%

I started having problems with my computer after downloading some video software through a torrent site. I uninstalled the software, but my computer was already infected. It happened about 2 months ago. I have been using the Windows XP malware removal guide, and it has worked, but always came back to the same thing. My resolution is at it's lowest and cannot bring it back to normal. Also the computer freezes in the middle of a task. Please help! I will include all the logs from the malware removal programs. Thanks. Page 1

Answer:Ran all malware removal software, still not fixed

Supra7boost said:

I started having problems with my computer after downloading some video software through a torrent site. I uninstalled the software, but my computer was already infected. It happened about 2 months ago. I have been using the Windows XP malware removal guide, and it has worked, but always came back to the same thing. My resolution is at it's lowest and cannot bring it back to normal. Also the computer freezes in the middle of a task. Please help! I will include all the logs from the malware removal programs. Thanks. Page 1Click to expand...

Here is the also. Thanks again!

8 more replies
Relevance 86.1%

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below and create new topic HERE

NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the bad entries and remove them. Thanks to all the members who have kept this progress going.

These steps are NOT meant to be a ONE-STOP-FIX-ALL.
If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.
They only serve to help you produce some logs, so we can see if your system needs further attention and cleaning.
Please make sure to complete ALL the steps in this thread, in the order that they are listed BEFORE you post the requested log files.
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.
Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.
Do NOT perform a System Restore while we are cleaning, as this can reinfect the system.
Please stay with your thread. We usually mark your thread inactive after five days, to help maintain the list of active topics... Read more

Answer:UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

Instructions have been shortened and updated for future convenience towards users as well as helpers.
Credits to originator, Blind Dragon, and a few others, namely - kimsland, xxdanielxx, CCT, and Bobbye for their input.

2 more replies
Relevance 86.1%

This is what I came up with:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Intel (administrator) on INTEL-PC (01-09-2015 12:30:20)
Running from C:\Users\Intel\Desktop
Loaded Profiles: Intel (Available Profiles: Intel)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Akamai Technologies, Inc.) C:\Users\Intel\AppData\Local\Akamai\netsess... Read more

Answer:Followed the UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 12:29 - 2015-01-02 14:57 - 00000000 ____D C:\Windows\system32\vbox
2015-09-01 12:15 - 2014-08-25 11:37 - 01996509 _____ C:\Windows\WindowsUpdate.log
2015-09-01 12:11 - 2015-07-31 16:24 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-09-01 12:11 - 2015-06-17 09:07 - 00036937 _____ C:\Windows\setupact.log
2015-09-01 12:11 - 2012-12-05 19:32 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Skype
2015-09-01 12:10 - 2014-08-25 14:00 - 01129030 _____ C:\Windows\PFRO.log
2015-09-01 12:10 - 2012-11-18 23:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-01 12:10 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 12:10 - 2009-07-14 07:33 - 00433760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-01 12:09 - 2009-07-14 07:34 - 00030848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 12:09 - 2009-07-14 07:34 - 00030848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 12:08 - 2012-10-15 19:50 - 00000000 ____D C:\Users\Intel\AppData\Local\Deployment
2015-09-01 12:08 - 2012-10-15 19:50 - 00000000 ____D C:\Program Files\Google
2015-09-01 12:01 - 2012-10-15 14:01 - 00116056 _____ C:\Users\Intel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-01 12:00 - 2012-11-04 16:24 - 00000000 ____D C:\User... Read more

3 more replies
Relevance 85.69%

vista sp1 32bit

I've been having a real hard time trying to fix the google redirection virus. I've tried many solutions such as running malware my antivirus, spybot, hijack this the problems get fixed and then when i restart my laptop the same problem starts all over again.

I noticed that this problem only started after i installed a proxy server, uninstalled it as i didn't require it so maybe it's got something to do with proxy

I've even thought of backing my system and running backup again and maybe this will fix the problem.

any help/advice will be appreciated. thanks

Answer:google redirection virus tried malware/ removal just can't get it fixed

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Please install RootRepealGo HERE, and download to your Desktop. Tutorial with images ,if needed >> [email protected]@KUnzip that to your Desktop and then click RootRepeal.exe to open the scanner. *Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...* Click on the FILES tab, then click the Scan button.* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.* When the scan has completed, a list of files will be generated in the RootRepeal window.* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighNote 2: If RootRepeal cannot complet... Read more

21 more replies
Relevance 85.28%

Apple has finally accepted that there is a malware problem affecting many of its customers and plans to stop it with an upcoming system update.

The problems began earlier this month with a black hat search engine optimization campaign launched by scareware distributors on Google Images.

Such campaigns are common and one can pretty much expect to find rogue links among the top search results for all hot topics at any given time.

However, this time it was different because the cyber crooks also targeted Mac OS X users via a piece of scareware called Mac Defender that was specifically designed for Apple's platform.

Scareware, or rogueware, are terms that refer to fake applications that trick victims into paying for licenses in order to fix fictitious problems on their computer, usually malware infections.

Ironically, for a user base that largely doesn't trust antivirus programs and believes that Macs are malware-free, a lot of people ended up installing Mac Defender.

By extrapolating from tech support call figures related to this issue, ZDNet recently estimated that between 60,000 and 125,000 Mac users were affected by this piece of scareware.

What's worse, Apple apparently prevented its tech support operators from telling users how to remove the malicious program on their own.

However, after the issue got significant press coverage Apple published a knowledge base article of its own, which includes manual removal instructions.

The company makes some mist... Read more

Answer:Apple Late to Anti-Malware Party, Issues Alert and Removal Instructions

Good to see that they are taking actions, since malwares are now quite more appearance in Mac.

1 more replies
Relevance 84.46%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 80.36%


I've followed the directions for malware postings (mixed success). DDS.txt is shown below. Attach.txt is zipped and attached. When I ran GMER the first time, the scan crashed... it seemed like it had written too many lines and ran out of memory? I recall many entries with values that began with "ZW", but that's about it.

When I try to re-run it after restarting my computer, I get the following error:

LoadDriver("C:\DOCUM~1\erhardt|LOCALS~1\Temp\leaotqpm.sys") error 0xC0000061: Access is denied

Then the first 8 boxes on the right in GMER are greyed out, and I can only check/uncheck Services, Registry, Files, and ADS.

Anyway, maybe this info can be a start for you guys. Let me know what else I should do. I appreciate this help greatly.


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by erhardt at 18:54:33.68 on ??? 2009-03-30
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.86.1033.18.503.200 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erhardt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =... Read more

Answer:Malware problem, I've followed initial instructions

There's an update since my initial post. I'm currently running GMER again, maybe it will work. Here is the text file so far, about 1 minute into the scan. It contains many entries already.

1 more replies
Relevance 77.9%

I used the networking forum here to try to fix this problem, but unfortunately it still seems to persist. The thread is here, with an explanation of the problem and what has been tried so far:

Here is my HiJackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:44 AM, on 5/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C... Read more

Answer:Malware/Networking Problem That Can't Seem to be Fixed

16 more replies
Relevance 77.9%

I got some malware - i'm pretty sure that's what it is, anyway. Just to describe what happened at first, I got a couple popups saying that I had a virus which then opened a fake menu of windows defender encouraging me to go to a link that I assume had more malicious software on it. At this time it also created something in the quicklaunch tray that made one of those fade-in fade-out popups that described a vrius that i didn't take down the name of because I assumed it to be fake. There was a short description of what the virus supposedly did written in kind of bad Engrish. I downloaded spybot at this point (before consulting this site) and hoped i would be able to run its on-boot feature to clear the malware before it loaded like i did when I had a similar problem on a different computer. It didn't get that far, because the computer just wouldn't boot up in normal mode.

I then booted in safe mode and started googling this problem on another computer and found this site. I followed steps one through five without issue (java is still uninstalled.) I am running Vista, so I clicked that link and began to follow the steps there.

I didn't pay too much attention to what I was supposed to be doing and I ran malwarebytes' anti-malware first. It failed to load, so I tried to run spybot since it was already installed. It also failed to load, so I began reading more closely and tried renaming MBAM with success. I then tried to run two co... Read more

Answer:Malware problem that is kind of fixed?

After restarting my system, I was able to access the SAS log. I am also no longer experiencing the periodic freezes, but I am not stressing my computer very hard.

I have NOT messed with any DNS settings as is apparently potentially necessary with this type of trojan and i have NOT toggled the system restore, since I am kind of a wimp and am scared to do it without making sure it's necessary.

8 more replies
Relevance 77.9%

Windows xp sp3. Something stopped all anti virus/spam/malware from loading. Click on a link or from the all programs list and I get 'insufficient privlidges cannot open' message.

Followed all the steps. Ran CCleaner. Uninstalled all Java. Tried to reinstall and always got error message 25099. Went to Java help and nothing worked to reinstall Java. Couldn't stop Teatimer since I can't open Spywareblaster. Emptied antivirus quarentine files - PCTools compte purchased version. Set to view all files and folders. Msconfig to start normal. Downloaded all programs to desktop and MGTools to C:

Ran Superantispyware. It found and removed 110 items. Continued on per instructions. Didn't save log to desktop at that time since I could get out later.

Couldn't get Malwarebytes to open and scan beyond 3 seconds, then it shut itself off.

At this point, SuperAntispyware Icon was blanked out (and later couldn't ever open it agin, so there's no log file available, unless you can show me where to find it somewhere on My Computer.)

Combofix ran ok and I have that log.

RootRepeal ran ok and I have that log.

MGTools ran ok and I have that log.

Still can't open any Spywareblaster, Malwarebytes or Superantispyware. PCTools will open and run a complete scan, but it finds nothing in results.

Attaching the logs. Thianks for looking. Bill

Answer:Malware Fix Complete and Problem Not Fixed

Welcome to MajorGeeks!

Please attach the SASlog that was saved in this directory when you ran it.

"C:\Documents and Settings\Bandjoey\Application Data\\SUPERAntiSpyware\Logs\"
supera~1.log Sep 5 2009 7680 "SUPERAntiSpyware Scan Log - 09-05-2009 - 01-27-34.log"Click to expand...

I will then begin reviewing your logs.


3 more replies
Relevance 77.9%


Can anyone help me to resolve a remaining issue after a moderator helped me with the malware that was paralyzing my PC's IE8? After he helped me to correct and remove the virus/malware issue, IE8 has web pages that say that cookies are not enabled.....YET , they are enabled and I am unable to log into eBay and other sites that require a secure login.

Thanks for your help!


Answer:IE8 After "MyBleepingComputer" Fixed Malware Problem

This may be possible that your security software (anti-spyware, firewall or anti-virus) is blocking cookies. Have you checked options about cookies in them?

9 more replies
Relevance 77.08%

2 days ago I noticed about every 10 minutes a blank browser window would pop open, so I did a scan. I ran everything under the sun, Malwarebytes, hitman pro, rkill, and JRT did the clean, etc and nothing is being detected now, and the blank window keeps popping up. I know you arent supposed to, but I even thought of doing system restore, but I have it turned off. I can usually clean this by myself, but I cant figure this one out. It has to be buried, and in the registry somewhere. I am about ready to do a clean install of windows 7 and say heck with it. Thanks in advance for the help.
I dont have the any logs after cleaning.. Here is what I was infected with ( A blank window popped up again, as I was writing this)
Malwarebytes Anti-Malware
Scan Date: 9/19/2014
Scan Time: 2:07:14 AM
Logfile: malwarebytes infection detection.txt
Administrator: Yes
Malware Database: v2014.09.19.02
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Deborah Lane
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314444
Time Elapsed: 10 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Ke... Read more

Answer:Infected by several PUP Malware. Scanned and fixed but still have a problem

Please run the following programme.  AutorunsPlease download Autoruns and save the file to your Desktop.Right-Click Autoruns.exe and select  Run as administrator to run the programme.Click Agree to End User Licence Agreement (EULA).Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop. Close Autoruns.Upload the log (Autoruns Log.arn) to my channel, here.

36 more replies
Relevance 75.44%

Logfile of HijackThis v1.99.1Scan saved at 10:53:11 PM, on 5/15/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)I heard about this website from a friend who got a lot of help here, so I'm hoping you can do the same for me. I had a big problem with malware, and following the helpful steps on this site, I have fixed most of them.However, even after running all the suggested anti-spyware programs, and installing a firewall, I still seem to have a persistent problem with a flashing alert in my taskbar--a yellow triangle with an exclamition point in it-- that pops up phony alert bubbles, that say "System Performance Monitor: Warning" every couple seconds. Clicking on it takes me to Also, I get phony anti-spyware popups every so often that try to download files to my computer. Any help would be really, really, apreciated. Thankyou in advance. TheShreddingFred.Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Secur... Read more

Answer:Big Malware Problem, Fixed Most Of It, Persistent Phony Alerts And Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum TheShreddingFred Before we can provide you with any further assistance,you first need to go here and install Service Pack 1; will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system. As your machine stands right now it's exremely vulnerable to infection. You need to get these updates installed first before we can proceed or we?ll both be wasting our time.Note:Do not install Service pack 2.If you install SP 2 on an infected machine it will cause serious problems within the operating system. When you've done that,post a new Hijackthis log into your next reply.

3 more replies
Relevance 75.44%

Hi Folks

I'd suggest for the next few days at least to use a different EMAIL client than outlook until the whole sorry mess of the current worldwide malware thing has been fixed.

1) APPLY all the security patches (should always be a given anyway).

2) Set your email to IMAP rather than POP3 so it doesn't get stored on Local folders -- in any case IMAP is a good idea as you can access email from other devices such as phones, tablets, other computers etc and you can connect to Ms Exchange servers too.

3) Thunderbird is robust and fairly "Outlook like" so people shouldn't have too much trouble using it. If you have set to IMAP then once this scare is over and you go back to Outlook the email will still be in the same folders.

4) If you can run it on a Linux system (Host or VM) then you are extra protected from this malware even if you open a dubious email link as the executable can't run on a Linux machine (currently -- who knows what these scumbags will get up to in the future).

5) Again treat any email you don't know about or are even slightly suspicious of with the same care as a Hand grenade with the pin removed !!!

(BTW Thunderbird can handle multiple accounts on different servers and has calendar stuff too so it shouldn't be a real problem to use it for a while -- and of course it's FREE).

Cheers -- and SAFE emailing.


Answer:A Good Email client while the global malware problem is being fixed

Whatever e-mail provider you use ditch any from unknown sources, and NEVER click on links without establishing it is bona fide, even if purportedly from a known person Company or Enterprise.

6 more replies
Relevance 72.98%


I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:

5 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me

2 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.

More replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.

6 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 72.16%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.

Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 72.16%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 72.16%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.

More replies
Relevance 72.16%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.

4 more replies
Relevance 72.16%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!


Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!

2 more replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%


Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?


Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.

but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...

2 more replies
Relevance 70.52%

Hi all, 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
I have a strong suspect this is a malware!!!
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...

More replies
Relevance 70.52%

Hi there

I have followed the "Read & Run Me" First instructions then the SpySheriff Removal instructions but I seem to still have a host of horrors including SpySheriff. The only step I haven't done is disable System Restore as I'm not yet free of pests. I'm afraid I am totally clueless but reading previous threads and seeing what you've asked for I've posted the Smitfile, Panda and Bitdefender files along with the HJT log.

Windows XP SP2

Thanks for your help


Edit by chaslang: 4 Inline logs attached.

Answer:Still got malware after following instructions

Welcome to MGs!

You have not followed the instructions in the READ ME properly. No logs should be post inline. All logs must be attachments to your Messages. Also you did not post a useful BitDefender log of problems. All you posted was a log summary. Follow the directions in step 6 and you will have a proper file to attach to your message.

What are your remaining issues with SpySheriff?

How old is your version of Spy Sweeper and is it a paid version?

6 more replies
Relevance 70.11%

I have a clients computer with a particularly nasty problem.

It originated as a pro av scam program that was received.

My client is a franchise business and they are required to use I.E. so please do not simply tell me to switch to FF...

As on other threads,, you run a search in google yahoo etc.. and the links redirected to random sites that are irrelevant.

Installed HJT.. when it ran, it immediatly shut down and could no longer access the program unless installed into a different folder and it would start but immediatly crash..... not good... no log created

Installed and updated MBAM... started it tunning, It started to scan, It showed 5 keys were infected then shut down... no log created. Tried running again but was informed that it could not be started to run then shut down.

Installed Superantispyware and updated... Ran the program in safemode and it shut down part way through scan,... no log created.

Are we getting the picture yet?

uninstalled and then re-installed the programs.

using msconfig... restarted in diagnostic mode.

Ran MBAM... it discovered and removed a bunch of stuff... don't have log here

superantispyware ran clean.

So I think GREAT... we got things back under control.

ran MBAM once again just to make certain after a restart in diagnostics mode, and it came clean. I was so happy.

Set it back to normal startup and went to IE... did a google search, and sure enough, it was redirected to some irrelevant random sit... Read more

More replies
Relevance 70.11%

got the same problem...and can't get rid of it..please, let me know if you figure this out!

Answer:Malware Removal Problem

Please post all pertinent details...system manufacturer and model, identification of the malware item, steps you have taken thus far, etc.


1 more replies
Relevance 70.11%

We're using our computer mostly for web browsing. A week ago we started having problems when viewing video clips (eg Youtube) - It pauses to buffer every other second. Also, opening web pages with many graphic elements takes a long time. When scanning with Avast I got about 20 items (eg Bravix) that I moved to the chest and then emptied the chest. I then followed the Malware Removal Guide (Before I could press "scan" in Root Repeal I had to close a the dialog "Error - Invalid PE image found"), but it was still running slow when coming to doing those things. I ran SuperAntiSpyware again to check and "Dware.Vundo/Variant-MSFake" was the result. I got rid of that one but the machine is still slow.

Would be very very grateful if someone could give me some tip what to do. Have attached a few logs (unfortunately in Swedish but I guess you know what it's supposed to say in those cases the words aren't very similar).

Thanks a lot and Happy Holidays // Dave Hanner, Sweden

Answer:Malware Removal Problem

I am currently reviewing your logs and will get back to you with a set of instructions when I make my next post.

14 more replies
Relevance 70.11%

Hi all can i just start by saying thankyou for helping me remove that annoying "vista security 2010" virus which i recieved a couple of days ago and rid with the helpful posts on this site!I have a problem now though that malwarebytes shows me as a rootkit.agent, in this folder: c:\windows\system32\drivers\uzgelx.sys. The problem is that it says it has found it and removed it but everytime i reboot it is still present? I have tried deleting in safe mode but it wont and deleting normally it just says "cannot read from source file or disk". I have disabled emulators and reinstalled malwarebytes, tried searchbot s & d, super anti spyware, and hijack this but to be honest i havent got a clue as it wont go away?here is the malware bytes log:Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 4043Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1890428/04/2010 09:19:57mbam-log-2010-04-28 (09-19-57).txtScan type: Quick scanObjects scanned: 106620Time elapsed: 19 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious... Read more

Answer:malware removal problem

Do you still require help?This topic will be closed if there are no response within 5 days.Thanks and we apologize for the delay/overlooking your topic.

3 more replies
Relevance 70.11%


So I got a problem with hyperlinked text all over my internet links.

Now usually I can deal with these usually, however it's hard to pinpot what malware this is as
1.) There is nothing in extensions
2.) Nothing in Control Panel Programs to uninstall
3.) I run scan with Anti Malware Bytes and it didn't delete/find it

The links usually are directed via click.blueseek and if that helps maybe, dunno.

Any clues? Any other info I can give you to help in anyway?

Kind Regards.

(P.S. Oh irony, the title I created for this topic just got spammed with hyperlink ^^ )

P.S 2. Here's the box that comes up when I get navigate into one of these links:
Screenshot by Lightshot

Answer:Malware Removal Problem

Try running ADW Cleaner
AdwCleaner Download

5 more replies
Relevance 70.11%

My computer has been sending e-mails on its own and I have been having problems opening downloaded programs. I assumed this is a virus or malware problem. PCTools antivirus finds no virus. I have been trying to use the malware removal quide on your website. I got to the section for Windows XP and downloaded the programs. I could not get Super anti-spyware to run even using the portable version loaded into a flash drive from a laptop. Then Malwarebytes would not run either. It tried to update and I got an error message that the data file could not be attached to the version I had. I also get a message that the file could not be saved because the digital signature could not be verified. I get this message on a lot of downloads. Is this a virus or a problem with my Windows program?

Answer:malware removal problem

If one step does not work them move onto the next. Before I make any further suggestions, answer this:

Were you able to run the below?



19 more replies
Relevance 70.11%

Last night I had the Malware Defense software pop up on my computer. I ran through some steps I found in a forum here. I used Malwarebytes removal software successfully. This did not solve the problem. I then headed over to CNet and downloaded 3 or 4 of their top Malware removal tools and ran them, still nothing. I am having to run all of these solutions in Safe Mode because nothing will load in regular mode. Any suggestions? I don't know if running the software in Safe Mode is negating it from working or what. Any suggestions would be great. I would really prefer to not have to wipe my computer. Thanks.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

More replies
Relevance 70.11%

Good morning all, NOOb here. Glad to have found this forum. Here is a MBAM log which I recently ran. Any thoughts? MBAM had trouble removing them and I got an error.
Malwarebytes' Anti-Malware 1.24
Database version: 1056
Windows 5.1.2600 Service Pack 2

8:40:08 PM 8/15/2008
mbam-log-8-15-2008 (20-39-58).txt

Scan type: Quick Scan
Objects scanned: 44070
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NTBOOT (Backdoor.Bot) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system\DRIVER (Trojan.Agent) -> No action taken.
C:\WINDOWS\system\DRIVER\DAP (Trojan.Agent) -> No action taken.
... Read more

Answer:Malware Removal Problem

Welcome to Major Geeks!

Please do not post any inline logs like you just did with MBAM. Also make sure you fix what the scanners find. You log shows you took no action.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.


1 more replies
Relevance 70.11%

After removing some nasty virus/malware from my system I have had a big problem, namely all my network connections have disappeared and all my network devices have stopped working. In device manager my ethernet card, wireless adapter and a load of miniports (don't know what they are) all have the yellow ! mark next to them and I can't even switch on my wireless adapter by pushing the button. I have tried to reinstall the drivers but to no avail. I have also tried to install a USB wireless adapter but this would not work either. Any ideas would be very much appreciated as I cannot access the internet whatsoever and this has been a long running problem.

Thanks in advance,


More replies
Relevance 69.7%

Hi there

I've followed the excellent Major Geeks instructions for scanning/removing malware (see attached logs) as best i can. All scans have shown (and in most cases fixed) malware. The spontaneous pop-ups have stopped but Panda Activescan detected 3 spyware problems which it did not fix, and i keep getting alerts (from WinPatrol) that suspicious-looking programmes are trying to get onto my start-up list. Concerned that i've knocked the head off (as it were) but left the roots! More details below in case of use:

- System info: Compaq Armada E500 (old i know!) Intel Pentium III at 600MHz; 512 Megabytes RAM; Windows 2000 SP4 rev. 5.0.2195

- Completed all the preliminary housekeeping (deleted what looked suspicious and it let me delete)

- One attempt to run all the spyware tools in safe mode was thwarted since due to the poor screen resolution i couldn't click the Fix button on Counterspy (stoopid i know). It found only one piece of spyware (Virtual Bouncer). I then re-ran Counterspy in normal boot mode and removed this. I then went back into safe mode and re-ran all the scans from the top (CCleaner onwards), including CWShredder and Kill2Me.

- Then completed online scan with BitDefender in safe mode with networking, but couldn't load Panda Activescan, so rebooted in normal mode, downloaded and installed latest Java, and then ran Panda Activescan. It deleted 4 viruses and detected 3 spyware but did not fix them. (slightly concerned that the pa... Read more

Answer:Unfixed malware despite following instructions


i'd really appreciate any help.

6 more replies
Relevance 69.7%

Ok so I keep getting random popups which i never get, i am very secure. But something slipped through somehow. Now I get the popups only in fire fox, i used to get them on Iexplorer as well, but the problem is now I cant open Iexplorer it just kinda waits then nothing happens, but when I look at the processes there is a few Iexplorers open but they do not show up. I have run spyware doctor, registry mechanic, ccleaner, AVG Anti virus, spybot search and destroy, adware and a few others, you get the point. I still get these stupid popups and nothing detects anyhting. Will someone please tell me what to do? Do you want a hijackthis log?

thank you very much!

Answer:Followed Instructions, I Have Some Kind Of Malware.

i am guessing it takes a few days for a responce its busy. But just to speed things up is there a program i should try or a log i should post?

7 more replies
Relevance 69.7%


No matter what I have done do I have not been able to remove malware, trojans, etc.Originally E2Give and Qoologic were in there as well as others. I may have cleaned some, but trojans continue to infect the computer on start-up. I don't know if it is significant, but IE would not shut down when rebooting between safe mode and normal. It says explorer.exe, not responding etc...

I have an Intel Pentium 4a 2800mhz on a Dell Desktop 4600i.Operating system is XP.512 MG Memory, 80GB Disk Drive. I have Anti Vir as an anti virus program. I have Followed the READ AND RUN ME 1st directions to the letter including running all recommended Downloading Tools in safe mode(CC, Adaware, Spybot) with the exception of Windows Defender/Malicious Software Removal Tool which would not run. In their place, I used Counter Spy. I also ran Bit Defender and Panda Scan. Their logs are attached along with the Hijack This scan.

I am truly at the end of my rope and have spent countless hours to this point. Please help. Thanks

Answer:Can't get rid of malware after following READ/RUN instructions. Help!

Welcome to Majorgeeks!

Please run CounterSpy again and this time let it fix what it found. You told it to Ignore the malware last time. Then attach the new log.

Also you did not attach your Panda ActiveScan log. Please attach it.

You were supposed to uninstall Viewpoint Manager in step 0. Please uninstall it now!

Also uninstall Mercora

You said you did not run Windows Defender but I do see it installed. Try running it in normal boot mode. Let me know if it runs that way.

Is the below a paid version or a free trial version?
C:\Program Files\CA\eTrust Internet Security Suite

Now let's fix some of your problems!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BSz] C:\documents and settings\lou\local settings\temp\BSz.exe
O4 - HKLM\..\Run: [vH] C:\windows\temp\vH.exe
O4 - HKLM\..\Run: [jnNZM] C:\documents and settings\lou\local settings\temp\jnNZM.exe
O4 - HKLM\..\Run: [dDpyKDP] C:\documents and settings\lou\local settings\t... Read more

12 more replies
Relevance 69.7%

After I followed the instructions at to remove Aztec Media's Settings Manager malware, most of the problems were removed, but subsequent scans keep finding new stuff from the Aztec malware (e.g. Linkey, Settings Manager, etc) so it's clear there's still a program from Aztec which is still inserting more malware into my machine. Far worse, at least three of my software - Internet Explorer, Open Office, and Monodevelop - are still unusable because I can't access them while they're running. The icon is listed on the bar at the bottom of the Windows desktop and I can see from the thumbnail view that the programs are functioning, but when I click on the icon to access the program it just highlights the last window rather than bringing up the correct window for the software I'm trying to access. Sometimes when I run these programs, a message from Malwarebytes will pop up and warn that a PUP has attempted to run, but when I have it scan the software itself it can't find any infection.

Does anyone know what I need to do to finally get rid of this thing? Some of the affected software is crucial for my daily work and record-keeping.

I couldn't run the scan recommended by this forum because the webpage was down.

Answer:Still malware problems after following instructions


They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

23 more replies
Relevance 69.7%

I have run the Run and Read Me First instructions and included the logs.

This problem started about two days ago. My boyfriend was using my computer and from what he told me, he clicked on an advertisement from and caused a flood of malware to come in my computer. When I got there, I disconnected the internet, deleted temp files, cookies, and the history and ran the two programs that I have on my computer, SpySweeper and Spyware Doctor (free version). The two reports brought back over 150 infections including multiple trojans, rootkits, and other assorted adware. I printed out the reports and put my computer into safemode and attempted to delete the files. However when I tried to delete the files, they reappeared the next time I opened the window. When I tried to delete the registry keys, I got a message saying there was an error deleting the key. When I tried to use Add/Remove programs, it would shut down the control panel and reopen the desktop folder.

After that I came to this site for help. I ran the Run and Read Me First instructions. When I completed that, my computer seemed to run a lot better, no popups (which I had been getting even when disconnected from the internet), no slightly obscene advertisements plastered on my desktop, and it ran a lot faster. However, I reran SUPER Anti Spyware and it brought back that I still had 14 infections including a Trojan and Rootkit.

I will include the last report in the next post.

So, I want to know ... Read more

Answer:Still have malware after running instructions

I would also like to add that after running SAS for the first time, my computer would not boot properly and I had to return it to last good start up or whatever that is called.

Also, now I was typing that post while letting SAS run, and when it restarted to fix the problems, it won't restart past the blue screen that says "HP Invent" in the middle and has the F-key options at the bottom, but it won't let me press any of the keys either.

23 more replies
Relevance 69.7%

I right click on the logs and select send to, but zip is not there. This is my old thread to start:
I am using a Fujitsu laptop running XP Prof with 2 gb ram, dual processor and have totally cleaned up some adware and fake trojans with AVG, Malwarebytes, Super anti spyware, spybot and rkill. Everything seems fine now except every once in a while, I get an audio clip that sounds like a commercial on tv that only lasts a few seconds. I can't seem to find the source. I am also getting a bunch of script errors. I went to the advanced settings and disabled script debugging and notifications, but they still come in. What am I missing? Thanks.

I cannot attach the ark file. also, it generated another txt file called catchme

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by shicks at 14:37:57 on 2011-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.774 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\Explorer.E... Read more

Answer:[SOLVED] malware help as per your instructions

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this ... Read more

8 more replies
Relevance 69.7%

Hello, I followed the instructions of my original post (which follows this) but the topic was closed, here is my posted Highjackthis log, smitfiles.txt, Ewido Log. Yes I now my user name was different, I was an idiot and never wrote down the original sign in info and I deleted the conformation email, so I created a second account. Thanks for your help.Is there anything else I need to do? (besides write things down?)Current Highjack log:Logfile of HijackThis v1.99.1Scan saved at 6:06:29 PM, on 12/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Documents and Settings\Administrator\Desktop\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\pfosz.dll/sp.html#37049%resultposition.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\pfosz.dll/sp.html#37049%resultposition.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet E... Read more

Answer:Followed Malware Slayers Instructions, Following Up


It looks like you used my instructions.
Unfortunately, every system is different and infected files are different as well, that explains why this didn't fix it in your case.

Can you please post a new hijackthislog made in Normal mode (because I see previous log made in safe mode)

Then I'll take a look.

7 more replies
Relevance 69.29%

First let me thank all of you guys for having this site online in the first place. I can't tell you how much I appreciate any help at this point.

I'm using a Dell Inspiron 6000 laptop running Windows XP Media Center Edition Version 2002 SP2.

Initially my problem was: When I connected to the Internet sometimes another window would open with a completely unrelated site. After running Norton, Windows Defender and a-squared I started looking for help online and found this site.

I found the malware removal guide and followed all the instructions. However I got a little confused when I was following the instructions and ran the CounterSpy scan before I was suppossed to. Stupid I know but I thought you should know. Other than that I followed all instructions from that point on including running CounterSpy scan when I was supposed to.

I am attaching all the logs requested.

At this point I still get the pop-ups and now I'm also getting messages poping up on my taskbar. "Security Alert: Spyware Found" There are a few different messages telling me to click on the baloon to download antispyware. I have not clicked on the baloon. I've got enough problems already. I also notice anti-spyware ads on websites that should not have them so I've also avoided clicking on those ads.

Again thank you to anyone who helps. I really appreciate it.

Answer:Serious Malware Problem after removal guide

Here are the other files.
I tried to upload Counterspy2.txt which is from my second scan (the one I ran at the correct time) however I keep getting a message upload of counterspy2.txt failed.

11 more replies
Relevance 69.29%

Hello, and thanks for taking the time to help.

I satarted off in the drivers forum, as my wife's laptop's wireless has died, and the helper there thought there may have been a malware problem.

I've been running through the process - Superantispyware found a couple of things, and Malwarebytes also found a few. I got as far as running Combofix, but whe Combofix restarted the machine it hung on the login screen. I left it for half an hour but it wasn't doing anything so I turned it off - no other keys were having any effect. When it restarted Combofix continued and produced a log.

When I then went to run rootrepeal, i got an error: "illegal operation attempted on registry key that has been marked for deletion". Norton Internet Security also gets this error if a scan is attempted and also says "Norton Internet Security has encountered an internal scanning error. 0x8000405.

Attempting to run MG Tools also produces this error.

I'd be really grateful for your advice.

Answer:Problem with malware removal process

Please attach the logs that you have. SAS, MBAM, ComboFix.

35 more replies
Relevance 69.29%

May I begin by saying I have made progress and been helped however indirectly by the posts here on your fine forum. I respect and appreciate your help in solving my and other users' problems. Thank you very much!

I am in Kenya and have been trying to solve some of the malware problems at a computer lab at a college. Much of the software has been corrupted or infected with whatever and I am beginning by working on this machine. After reinstalling a copy of windows given to me by the school, I have noticed that the task manager and regedit have been "disabled by administrator".

I have followed the full process listed at the Windows XP Cleaning Procedure topic and have also tried to use Spybot to no avail and have used Ad-Aware to some minor success.

After renaming a copy of regedit.exe I was able to gain partial access to the task manager - that is, it closes right after it opens - and regedit.exe - same problem.

I have run all of the malware detection and deletion programs multiple times and keep getting detected problems, which I (theoretically) delete, to find that more are to come next time I run SAS or Ad-Aware or Malwarebytes. I have posted the logs requested plus the log of Ad-Aware, AVP, and exehelper in an attempt to find some benevolent soul on majorgeeks to help.

I will try to answer back in a timely manner, but I may not be able to due to network outages that happen here every other day. Sorry about that, you can't ask much for rur... Read more

Answer:Malware problem after removal procedure - Win XP SP1

And the other logs I did not include:

Thank you once more!

4 more replies
Relevance 69.29%

OK, my first post so bear with me. I recently was hit with the malware I've seen which produced (among other things) these entries

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\server.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\server.exe",) Good: (userinit.exe) -> Quarantined and deleted successfully.
my Biggest problem is I did something stupid and tried to delete this from my registry, I now cannot log on. It shows my username but when I click on it it just logs me off and gets caught in a loop, asking me to log on. Is there any way to repair the registry with this problem and if not what can I do to fix the problem?

Answer:Registry problem/malware removal

Are you able to start in Safe Mode?How to start Windows in Safe Mode

4 more replies
Relevance 69.29%

Hi all...long time user and reader of the Tech Support Guy forums!

First of all, I don't think I got it all, because both Trend Micro and System Mechanic seem to remove the same virus/spyware files over and over(yes it says they clean and remove them). Not sure which was the main one, but it hid Task Manager and other items. I had to use sys mech to shut it down and then trend micro removed it.

Now when I open apps I get a Data execution error preventing rundll32 from running which prevents me from running anything from bf2142 to opening the security center. How can i fix this error. Lots of others have similar probs with rundll32, but none were solved for my prob.

I am using Vista HP and other relevant specs are in my sig.

Answer:Rundll32 problem after malware removal

Hi all,

So i got no responses to my query for help so I figure my post might not be easy to understand so I will try again.

I am having trouble with rundll32 and cannot open various programs after I supposedly removed the culprit. Is this related to the virus? Or is it left over from deleting files that had the virus/worm/spyware attached to it?

Here is a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:15:39 AM, on 6/7/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\... Read more

3 more replies
Relevance 69.29%

I've been having trouble with my internet explorer over the past few weeks. The first problem is that when I go to any website, certain words are highlighted and link to a sponsored ad pop-up. The first attached picture (proof1) is an screenshot from a website I went to.

The second problem is more annoying. When I go to a website, the page will load like normal but then a few seconds after it loads, it goes to a "page not found" thing with a bunch of links at the bottom (picture attached, proof2). It even does it to websites I been to a million times before. I think it's some kind of adware that I can't get ride of.

I've run Hijack This, CWS Shredder, SpySubtract, KazaaBeGone (this problem didn't start until long after I got rid of Kazaa though), Webroot SpySweeper and Trend Micro Antivirus. Any help would be fantastic because the "page not found" thing is really starting to bug me.

Answer:Adware/MAlware removal will not get rid of problem

Welcome to Majorgeeks! Yes you have a malware issue.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat[/B]
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

1 more replies
Relevance 69.29%

I'd like to ask for help please.
I have caught a couple of viruses or malwares and tried to get rid of them but then windows and anti-virus software updates got blocked and I realised it was more complicated than I thought.
That?s when I found a thread and followed most of the steps.
Unfortunately I got stuck and don?t know how to create CFScript nor how to get rid of a virus which was found by kaspersky online scanner.
Please find the reports below.

1. mbam-log-2010-09-14 (12-30-38).txt - Malwarebytes before running Combo Box
2. CF log.txt - after running ComboFix
3. mbam-log-2010-09-15 (14-06-01).txt - Malwarebytes after running Combo Box
4. Kaspersky Report
5. Jotti report, scanned C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP54\A0012952.sys from Kaspersky Report

Could you please advise me what to do next?

Many Thanks,

Answer:Problem with Virus / Malware removal

BUMP, please

1 more replies
Relevance 69.29%

I got the XP Defender Pro malware on my computer. I was able to get it off thanks to your "READ & RUN ME FIRST. Malware Removal Guide" (Which is awesome by the way), but I've hit a snag.

I ran SUPERAntiSpyware but after the reboot, I get this problem. When ever I try and open a program or anything for that matter the "Open With" window pops up. I have to then manually find the program I want to open and then open it. That wouldn't be so bad but some programs just won't open i.e. any of the antimalware programs you recommend, Windows firewall, anything in the Control Panel. I can't get the logs for SAS because I can't open it and I can't get any type of fire wall up. Also, I tried to rename the SAS install file to reinstall it but I just keep getting redirected to the "Open With" window.

Any help would be much appreciated!

Answer:Post Malware Removal Problem

I can't get the logs for SAS because I can't open itClick to expand...

The log will be retrievable at:

For XP:

C:\Documents and Settings\your username\Application Data\\SUPERAntiSpyware\Logs\SUPERAntiSpywareClick to expand...

For vista:

C:\Users\insert your user account name\AppData\Roaming\\SUPERAntiSpyware\LogsClick to expand...

Try this exe file fix:

Scroll down to the 9th fix in the list:

Then try to continue on with other steps in the R&R and attach the requested logs.

1 more replies
Relevance 69.29%
Answer:MoneyPak Malware Removal Problem

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://do... Read more

16 more replies
Relevance 69.29%

I read all about the removal tools and what to do, and I am still confused. I have Norton 360 Antivirus 3.0 and I have 2 viruses in quarantine.(Trojan . Byte and Blood Hound. Exploit 193. When I go to a History of scans, I see the items under quarantine, but there's no option of deleting. I went like this:1. Opened Norton 2, Clicked on task, 3. See monthly report 4. click Under Viruses and spyware (they are under Resolved security risk) Security History. 5 Highlight quarantined item. 6. I also view quarantined item in the box of Security history, On the right side I have 3 choices:
1.More Details, 2.add to quarantine. 3. Clear entries. More details has these:Restore, remove from history, and submit to Symantec. That's all. CLEAR Entries-only clears entry from the view, i t doesn' t really delete the item, I think
Here's the scan of Norton:
Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
2/6/2010 7:08 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.06.021,,Tracking Cookie,Cookie,File Based,Fully removed,
2/1/2010 10:21 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.033,,Tracking Cookie,Cookie,File Based,Fully removed,
2/1/2010 4:28 PM,High,Trojan.ByteVerify detected by Vir... Read more

Answer:Still have problem after reading about Malware removal.

Moved to software forum.

4 more replies
Relevance 69.29%

mrs. unblock was having problems with her xp sp2 machine, so i followed the basic instructions for majorgeeks malware removal (ccleaner, spybot, etc.) and eventually found the culprit was the virtumonde/winfixer thing. i used the removal tool and it is gone.


however, mrs. unblock cannot now login to gmail, at least through the normal interface. when she tries, or, she gets a blank page and an endless series of "?auth=<randomnumbersandletters>" in the address bar.

in the gmail community someone posted a link to the raw html interface, and she CAN login to that. but that has limited functionality, so this is not a complete fix.

i'm not familiar enough with all the tools, so i can't be sure what exactly it's objecting to.

any thoughts?


on edit: she's using interner explorer v6. please don't bother pushing firefox or any other browser, we all know ie is the worst, but it took 5 years just to get her off aol....

Answer:problem with gmail AFTER malware removal

i fixed it!

i went into the ie privacy settings, overrode the handling of sites in the "internet zone" to "always allow session cookies".

i hope this isn't dangerous, but it works....

1 more replies
Relevance 69.29%

I've got Bifrose Backdoor trojan?!. My Spyware Doctor keeps picking it up, I quarantine & delete it, then it comes back next time I reboot.

I've run everything in the 'malware removal' thread (which I have saved as it's been used many times successfully!) & still it's returning!

Any idea's anyone?

Cheers in advance, appreciated.

PS-here's the HijackThis log:

Answer:Ran the malware removal steps, still got a problem...

Welcome to, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

5 more replies
Relevance 69.29%

After installing Malware Removal, I rebooted into 'Safe Mode', as recommended, to ran the program. When I clicked on the 'Start Scan' button a window popped up with the following message: Title of box 'Malware Removal'. The message was 'Error opening parent key'. At the bottom was a hot button with 'OK' on it.

After I click 'OK', a box appears titled "Malware Removal Tool - June 2005' with an inner box titled 'System Scan' with the following information: 'Scanning Complete. WinTools and Specialgoods/ were not detected on your system.' At the bottom is a hot button with 'Done' on it.

Could the error message indicate I'm not getting a thorough scan and maybe a false conclusion? Or should I pay no heed to the error message?



Answer:Problem with the new freeware Malware Removal

OK, forget I asked. I went ahead and uninstalled it. Sorry to be any bother.



1 more replies
Relevance 69.29%

I am having problems with my laptop. It originally had a rogue virus, unknown of the name, as far as i know it was know as the "system tool" virus and i thought i removed it and now i believe some pieces are left over and are still causing problems. I scanned with mbam and some PUP.Dealio's came up, try to remove them but they still appeared after a system restart and did not get rid of them. I have tried running RKUnhooker LE, and TDSSKiller. TDS. did not come up with anything, and RKUnhooker LE is not allowing me to run it, and error, Error loading driver, NTSTATUS code: 0xc0000368, appears with an "OK" button and then closes. I have tried running both programs in safe and normal and as admin.

Answer:Malware and Virus Removal problem

I have since removed the viruses however my laptop is now blue screening when I activate the network or plug in a hard line into the laptop.

1 more replies
Relevance 69.29%

Hi! A friend of mine gave me your link to your Malware removal guide. I followed it thoughrouly, but Antivir still pops me a window saying I have a TR/Rootkit gen thingy. I've been scanning my computer for the last week and cannot seem to eradicate the problem.

This all started when I downloaded the latest update of Antivir, it kept popping messages about Trojans et Rootkits. I scanned with my antivirus and anti-malware softwares with partial success. Today, I followed your procedure, but it's still there. Also, I had an Autorite NT/System message that started popping up within the last days with a one minute countdown after wich it rebooted my system. Don't know if this is gone since it appears only once in a while. *sigh*

As asked on your guide, I will post my logs in 2 seperate posts.

I think I should also let you know that I am not too bad with computers, but I am far from being an expert. I hope you can help me, otherwise, I guess I will have to format the whole thing.

Many thanx in advance!!!!!

Answer:Malware problem - followed your removal guide

Hi again! Here is the rest of the last log. (Hope i did it correctly!)

Thanx again!!

9 more replies
Relevance 69.29%

Hi folks
my first post here-please allow for the fact that I am not very computer literate!! I hope you can help me

I am running windows xp 32 bit. Problems first started when AVG free kept prompting me to upgrade to AVG 2011. I did this last week but ever since couldn't get on the internet at all or it took hours to load.

My son needed internet for his homework so I uninstalled AVG from my computer, internet was then working fine. Unfortunately, my son managed to download some trojans. One said keylogger, another backdoor and some others.

Anyway, I panicked and tried reinstalling AVG but it didn't appear to work. I had SuperAntispyware installed and that forund 3 trojans. I tried installing Avast, internet wouldn't work so uninstalled that & then tried Macafee trial and same thing.

I found your malware READ & RUN ME FIRST malware removal on here and have followed it to the letter. All was good until I tried running COMBOFIX. An error message appeared saying AVG was installed on my computer and I had to remove it first. I couldn't find any traces of it in msconfig startup and there is nothing in add/remove programmes but when I did a search for files & folders on my computer using the term AVG, 401 files & folders were found.

How on earth can I get rid of these so I can continue with the cleanup?

I am assuming that simply deleting them to recycle bin is not going to work?

I currently have no anti virus progamme instal... Read more

Answer:Problem encountered during malware removal re AVG

Please attach the logs from running the Read and Run First instructions so we can see what is happening in your system.

17 more replies
Relevance 69.29%

I recently became infected with a version of the av soft virus, which I removed with Malwarebytes... and I thought everything would be fine.
Now, I'm having several problems... I can't access most programs, Itunes tries to reinstall but then says the operation cannot be performed.
I can't open any download link in IE, it says there is a .exe error, and the page could not be found. Other problems include not being able to print at all from the internet, and not being able to open/view any .pdf, or video. The internet is extremely slow, compared to before....
I honestly have no idea where to start, or what to do... any ideas?

Answer:Problem with Vista after malware removal

Probably still infected. We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies
Relevance 69.29%

Yet Another... I have run Adaware, Avast and have got nowhere.

Tech Support Guy System Info Utility version
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 6126 Mb
Graphics Card: NVIDIA GeForce GT 330M , 1024 Mb
Hard Drives: C: Total - 600688 MB, Free - 447847 MB; F: Total - 238472 MB, Free - 144348 MB;
Motherboard: Sony Corporation, VAIO, N/A, C6051SMB
Antivirus: Microsoft Security Essentials, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:46 AM, on 19/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Gyronix\GyroQ\GyroQ.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\\InstStub.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.... Read more

Answer:yet another Tazinga Malware Removal Problem


Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

1 more replies
Relevance 69.29%

Hi - I got infected with the fake spyware bug Windows Protection Suite. I uninstalled it using Malwarebytes programme but now my machine won't start up. Anyone else had this problem?? (Windows start up fix doesn't work). Ian

Answer:Start up problem after Malware removal

Welcome to BC
Could you please be a little more specific by what you mean "my machine won't start up"

3 more replies
Relevance 69.29%

Hi guys,

I have a big problem which has really been bugging me for 2 weeks now:mad .
I have searched all over the web but found no solution :tired .
As you may see i am new to this forum so please dont be harsh / strict :-o .

Just before i describe my problem i will list my laptop specs:
Acer Aspire 5820T
Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
4GB Ram (3.80GB usable)
64Bit Operating system

+ My OS (Operating System) , Windows 7 Home Premium

Ok so here's my problem:

Before 2 weeks my computer was fine but one day i got a problem which caused me to get Bsod and heavily decreased my speed. It also heavily decreased my startup and shut down speed. My startup speed was usually 15 secs and shutdown speed like 25 but now my startup speed is 4mins + and shutdown speed the same:confused .

So what i did was restore my computer to default factory settings with Acer eRecovery Management. Once i booted up again i still recognised the slow speeds like before; i also recognised that eRecovery only deleted all the files on my "C" drive so i went on my "D" drive and deleted everything and started eRecovery Management again.

Again i recognised the same problem so now i downloaded malware bytes and it blocks many ip's using the process svchost.exe i have only seen 2 ip's which it has blocked: "" and "" the first one is using port : 53075 but i didn't see the second ones port.
... Read more

Answer:Malware / Virus removal problem please help....


35 more replies
Relevance 69.29%

I am doing a malware removal prep b/c suspicious behavior (two (only) administrator accounts have lost their administration privileges and won't reset. I am following your prep guide and got as far as running dds.scr successfully. However, when I try to run gmer I get this error: "C:\Windows\system32\config\system: The system cannot find the file specified." Also the top 8 gmer scan options are grayed out. I captured a screenshot of this. What should I do about gmer? Thanks for your help.Further background:This is my 14-yr old's cpu. I still use an XP system and have used its MMC to troubleshoot & fix problems. I'm fumbling with Windows 7 and finding fixes are not obvious. Of course, having been locked out of my administrator privileges there isn't much it will let me do. Let me show you the disappearance of my administrator privileges. Best Buy set up this "Manager" account up when we bought the computer (was display model) and I've used it to install software, set up my son's user account, etc.I am attaching 3 JPGS from Control Panel User accounts:1) "User acct labeled as administrator.jpg" This image shows that the "Manager" account is labeled "Administrator".2) "User acct however is set as standard.jpg" This image shows the account actually only has standard provileges.3) "Setting User acct as administrator grayed out.jpg" This image shows I am not allowed to... Read more

Answer:Malware Removal Prep Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

28 more replies
Relevance 69.29%

Hello there,

I have run into some trouble while removing malware from a pc. I ran all of the normal scans that I run, deleted the culprit results. I wasn't able to update any of the antimalware/virus programs via the interface because of some problem with connectivity that I believe is due the the malware. To remedy this I thought that I would reboot in safe mode with networking and monitor my network's packets receiving/sending. When I went to do this I noticed that it wouldn't let me start in safe mode of any kind. Normal boot mode starts fine. I have done some research and have read many posts regarding the deletion of safeboot registry keys being due to some malware. I've tried several programs, AVZ, that have options for restoring deleted safeboot registry keys, but upon restart I have the same problem and cannot start in safe mode. Any help would be greatly appreciated. I've been at this myself for days and I have exhausted my knowledge. I am counting on the knowledge of the community. Thanks again.

Answer:Problem during malware/virus removal

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

3 more replies
Relevance 69.29%

Apologies in Advance, I am not very technically proficient,
Netbook began acting up yesterday.
Error messages popping up all over the place and Start Menu pretty much cleared, when I go to Open all users, and look at desktop everything is blank, when I ask to show hidden files I can see everything shaded out but cannot work them.
Ran Microsoft Security Essentials, it quarantined some things,
Tried AVG patch for viruses identified, didn't work.
Tried to run Malware from Netbook, nothing happenend,
Tried to load Malware from USB, didn't work
Tried everything suggested on Microsoft Support website
loaded Eset it quarantined different items.

I have now completed the requested steps and below is the DSS log,

Please help I have spent hours and hours trying to fix this and no longer have a clue what I am doing

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Fiona McVeigh at 21:09:52 on 2012-01-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.259 [GMT 0:00]
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: McAfee Personal Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WI... Read more

Answer:Malware Removal Problem not a clue what I am doing

Hello, I am jimi and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.


I see that you have both Microsoft Security Essentials and ESET Smart Security on your netbook. Running more than one antivirus can cause conflicts and provides less protection than one. Please can you decide which one you would like to keep and uninstall the other.


Please download ComboFix from here

* IMPORTANT- Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sti... Read more

19 more replies
Relevance 69.29%

I was referred to this forum after extensive help on "Am I infected ...". My problem is when shutting down Windows XP by clicking START, click SHUT DOWN, the mouse pointer changes to an hour glass and time will pass (several minutes) and then without warning or prompting my PC shuts down. What was normal before the infection removal process, was START, SHUT DOWN, text box with;cancel, restart, shut down and after choosing shut down a blue windows screen comes up with message stating Windows is shutting down and then it turned off PC all in about a minute or so. I have tried looking into the Registry, but that advice lead me to KEYS I didn't have. Any suggestions???

Answer:Problem shutting down XP after malware removal

It's possible a driver could have gotten corrupted from the malware removal

4 more replies